-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Sat, 2016-04-02 at 09:58 +1000, Ted Cooper wrote:
> Is this another one of those fun DNSSEC issues? I'm not particularly
> good at reading these, but it looks like the PTR lookup is denied
> existence at 136.in-addr.arpa.
>
There are multiple domains involved, they may be forwarding messages, in
which case spf won't be enough.
And, there are multiple signals involved, so getting authed would get past
those rules, but may hit other ones.
Note, that if you are forwarding, you can still run a spam filter and then
dkim
Hmm, I thought the new server went out with the updated error messages.
Ah, the change missed the release cut-off, so it'll be fixed next week.
That error message is not correct, it means the mail we're seeing isn't
authenticated and something else about the connection or message is
suspicious.
I'm getting a ton of MXtoolbox.com alerts for my domain; DNS servers offline,
SPF record missing, etc. As far as I can tell, everything is fine.
Does anyone else use mxtoolbox.com who is also getting false alerts today?
Eric Henson
IT Operations Solutions Architect
PFSweb
Forgot to mention that. The server only uses ipv4. No ipv6.
Pascal
On Apr 1, 2016 23:42, "Mark Milhollan" wrote:
> On Fri, 1 Apr 2016, Pascal Herbert wrote:
>
> >Google is currently rejecting mails from some of our servers with:
> >The IP address sending this message does
Always best with such questions if you just come right out and say what the IP
is and what you think the rDNS is.
Because sooner or later, we’re gonna require that in order to help you.
So putting it in the original post is … a really good idea, IMHO.
Aloha,
Michael.
--
Michael J Wise |
http://blogs.technet.com/b/exchange/archive/2015/07/27/exchange-tls-amp-ssl-best-practices.aspx
Exchange 2003 is out of support.
Exchange 2007 support ends 4/11/2017.
Exchange 2010 and later best practice is to disable RC4 and SSLv3.
I’d say it may be best to leave RC4 enabled until 4/11/2017,
RC4 is a conundrum, it is about the only cypher you can negotiate with old
MS-Exchange, so if you disable it, then the email will go in clear text.
Which one is better? Clear text or RC4? Or too bad for old mail servers?
PFS or Elliptic ciphers are asymmetric in implementation, so you need to
MDN are ugly and look like garbage to the receiver ;) How many times I had
to fight back the urge of people to send back a real email instead of a
reject code...
Also on postfix the RFC5322.From: set in the templates does not contain an
email address with a domain name, which you need to fix,
Hi,
This might be slightly off-topic for this group, but I hope this post is
still relevant here. I am finishing updating a revision to RFC 3798
(Message Disposition Notification), currently specified in
draft-ietf-appsawg-mdn-3798bis-06.txt.
If you have experience using (generating,
Brandon,
Thank you for your efforts.
Kirk
From: Brandon Long [mailto:bl...@google.com]
Sent: Thursday, March 31, 2016 9:10 PM
To: Franck Martin
Cc: Kirk MacDonald ; mailop@mailop.org
Subject: Re: [mailop] Gmail red open padlock composing
Whoops, I fully intended to audit the available ciphers; clearly I missed doing
that. Should be OK now.
Tragically, PFS is not (yet) supported on the TLS mechanism I am making use of.
I hope to be able to change that in the somewhat near future.
-Original Message-
From: Tim Bray
On 31/03/16 17:38, Kirk MacDonald wrote:
> With thanks to Google for pushing the cause, I implemented STARTTLS
> functionality on my org’s MX (as well as outbound SMTP with
> opportunistic STARTTLS).
Firstly - well done for doing it. Everybody should be enabling TLS.
Did you test the install?
Hi Maarten,
Thanks. Now I see them too. They used to be direct bounces. These are the
reporting mta’s() since 29-3:
dsnReportingMTA count(*)
dns;BAY004-MC2F3.hotmail.com1
dns;COL004-MC6F33.hotmail.com 215
Met vriendelijke groet,
David Hofstee
Deliverability
14 matches
Mail list logo