Re: Question re: DNS, outsourced anti-spam provider as outbound relay
On 8/13/2013 12:16 PM, Charles Marcus wrote: Hi everyone, This question is about what are best practices with respect to DNS - including reverse DNS - when my mail server is hosted locally, and we use an outsourced anti-spam service for inbound filtering, as well as relaying all outbound mail through them. I have had a recent complaint from someone who claims that their Outlook is classifying all of our emails with big scary warnings that they are 'phishing attempts'. Does anyone see any problem with this email, as far as DNS/reverse DNS goes? All the DNS hostnames/IPs appear to match. I see nothing whatsoever to complain about. You don't appear to have SPF nor DKIM configured. While in no way required, those do give some assurance that the mail is not forged, and may help. Or may not help, since you don't really know why outlook is complaining. Maybe offending messages have HTML content that outlook is confused about? -- Noel Jones
Re: Question re: DNS, outsourced anti-spam provider as outbound relay
Am 13.08.2013 19:16, schrieb Charles Marcus: Hi everyone, This question is about what are best practices with respect to DNS - including reverse DNS - when my mail server is hosted locally, and we use an outsourced anti-spam service for inbound filtering, as well as relaying all outbound mail through them. if such setup is done good ,it should work fine I have had a recent complaint from someone who claims that their Outlook be aware Outlook has its own Antispam stuff, feeded by microsoft is classifying all of our emails with big scary warnings that they are 'phishing attempts'. Does anyone see any problem with this email, as far as DNS/reverse DNS goes? Thanks, you should contact that outlook people on what antispam rule by what antispam solution your mails was classified, cause all the way long mail went there could be antispam, it must not have any relation to dns -- Best regards, */Charles/* Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
Re: Question re: DNS, outsourced anti-spam provider as outbound relay
On 2013-08-13 1:41 PM, Noel Jones njo...@megan.vbhcs.org wrote: Does anyone see any problem with this email, as far as DNS/reverse DNS goes? All the DNS hostnames/IPs appear to match. I see nothing whatsoever to complain about. Thanks Noel. You don't appear to have SPF nor DKIM configured. While in no way required, those do give some assurance that the mail is not forged, and may help. Or may not help, since you don't really know why outlook is complaining. Hmmm... so this would need to be done by our anti-spam provider (since they are our mx *and* outbound relay), correct? Thanks again, -- Best regards, */Charles /*
Re: Question re: DNS, outsourced anti-spam provider as outbound relay
On 8/13/2013 1:02 PM, Charles Marcus wrote: You don't appear to have SPF nor DKIM configured. While in no way required, those do give some assurance that the mail is not forged, and may help. Or may not help, since you don't really know why outlook is complaining. Hmmm... so this would need to be done by our anti-spam provider (since they are our mx *and* outbound relay), correct? You should be able to add these without involving your provider. Note: SPF is somewhat controversial, and discussion of its merits is a banned topic here. See archives/google for details. SPF is a special DNS record that you add to your own dns, specifying which servers may send mail purporting to be from your domain. This requires no modifications to the mail servers themselves. (Validating SPF on incoming mail is a separate issue; your anti-spam provider probably already does this for you.) https://en.wikipedia.org/wiki/Sender_Policy_Framework http://www.openspf.org/ DKIM is a crytographic header added to outgoing mail, proving the mail is from your domain and hasn't been altered. This can be added by your local server before it goes to the provider, or the provider may have a system in place to do this for you. This may require some modifications to your server config. https://en.wikipedia.org/wiki/Dkim http://opendkim.org/ of if you already use amavisd-new: http://www.ijs.si/software/amavisd/amavisd-new-docs.html#dkim -- Noel Jones
Re: Question re: DNS, outsourced anti-spam provider as outbound relay
On Aug 13, 2013, at 20:02, Charles Marcus cmar...@media-brokers.com wrote: On 2013-08-13 1:41 PM, Noel Jones njo...@megan.vbhcs.org wrote: Does anyone see any problem with this email, as far as DNS/reverse DNS goes? All the DNS hostnames/IPs appear to match. I see nothing whatsoever to complain about. Thanks Noel. You don't appear to have SPF nor DKIM configured. While in no way required, those do give some assurance that the mail is not forged, and may help. Or may not help, since you don't really know why outlook is complaining. Hmmm... so this would need to be done by our anti-spam provider (since they are our mx *and* outbound relay), correct? Before you make changes on your side, check in with the recipient and make sure that there is no overly zealous filter involved on their side. It might be flagging it for reasons that have nothing to do with your configuration, for example because someone clicked the wrong button at some point. We operate in a similar way, as both inbound and outbound relay for our clients, and these types of complaints are pretty much always caused by something that is out of whack at the receiving end. HTH, Joni
