Server/mail/naming setup theory
Bill Mullen
moon at lunarhub.com
Wed Apr 14 00:51:02 EDT 2004
On Tue, 13 Apr 2004, Derek Doucette wrote:
> OK, I'll see if I can give you some more info...I haven't had a chance
> to try anything though as the Bruins are about to go into double
> overtime...:)
You must be a happy camper right about now, then ... ;)
> On Tue, 2004-04-13 at 19:06, bscott at ntisys.com wrote:
> > On Tue, 13 Apr 2004, at 2:03pm, derek at derek.homeunix.org wrote:
> > > I ... found out that my mail was blocked from here and I could not
> > > hit the web page. This turned out to be due to dns issues.
> >
> > Could you explain this in a little more detail, please? What were
> > the DNS issues?
> From work if I try to hit my web page by going to
> http://derek.homeunix.org, it times out, the new domain that I recently
> registered www.deucedaily.org, hits zoneedit, and is forwarded to
> ww2.deucedaily.org:8080. Accessing the page this way, or by IP works.
> Mailing to aol accounts bounces back with error: server refused mail
> service. By emailing from my aol account to derek at derek.homeunix.org, I
> get a timeout, which is the same as not being able to hit my site, (ok,
> I can't hide it anymore, I'm working for AOL). If I email from my aol
> account to derek at deucedaily.org, it gets through. This is all leading
> me to be a dns setup on the aol servers issue.
Note that http://derek.homeunix.org:8080 also works properly. I suspect
that AOL's SMTP servers will not let you mail to an address in a domain
which does not contain an MX record; you might be able to correct this by
creating an MX record for the derek.homeunix.org domain, pointing to the A
record for that domain (if dyndns.org allows you to define MX records).
> > Trying to host email on a dynamic IP address will lead to problems.
> > The principles behind SMTP assume a well-connected, stationary host.
> > There's nothing that says you cannot have a dynamic MX, but things
> > just don't work as well. So some problems are to be expected.
>
> I have had the same IP since I've been here, even though it is
> considered dynamic, I'll cross that bridge when I get to it.
Do you have some sort of automatic update set up for either your dyndns
and/or your ZoneEdit A record address, should your IP address change? If
you do, that makes weathering an IP address change much easier. As I said
in my earlier post, there are several ways to do this, and knowing what
your run for a firewall system/device will tell us which one is optimum.
> > Some operators have configured their mail exchangers to reject mail
> > coming from dynamic IP addresses. They use blacklists of netblocks
> > known to be used by dynamic providers (such as Adelphia). You will be
> > unable to exchange mail with these systems. AOL falls into this
> > category.
>
> This could be, but like I said, I can get mail from aol account to
> deucedaily.org account, its just the derek.homeunix.org ones that fail.
What you may find is that you cannot mail from your home system *to* AOL
addresses (if not now, then possibly in the near future). AOL blocks SMTP
from addresses that appear on a blocklist of ranges assigned by ISPs to
their dial-up and residential broandband customers; if Adelphia's address
ranges are not on it already, they probably will be soon.
This is easily handled in Postfix, by specifying your ISP's SMTP server as
a either a relay host (wherein all of your outbound mail is handed off to
their server for delivery), or as an alternate transport for a specific
list of domains (so your mail normally goes out via direct SMTP, but is
diverted to your ISP's server when going to a blocked domain).
As long as you can successfully send mail through your ISP's SMTP server
when the "From:" address on that mail is other than the one your ISP gave
you, either method will work. The former method is the preferable one, for
a number of reasons - not the least of which is that ISPs are generally
more concerned about direct *outbound* SMTP from their customers (that's
what spammers and virus-compromised Wintendo boxes spew), and they don't
as a rule pay as much attention to inbound SMTP, as long as the volume
remains reasonable. It pays to stay under their radar. ;)
When you relay through them, from their end it appears pretty much the
same as when you send from a mail client (though you can spot Postfix in
the headers), so they really don't have much to complain about. To enable
that in Postix's main.cf, set $relayhost accordingly:
relayhost = smtp.adelphia.net # (or whatever)
I can walk you through the other way if you want, but I'll skip it now.
> > Some operators have configured their mail exchangers to do reverse
> > DNS lookups. This means they take the address your own MX is
> > connecting from, and do a reverse DNS lookup on it. If they do not
> > get a response, they refuse your mail. Your current address
> > (68.235.175.211 as I write this) does reverse properly, but if that
> > does not always occur, you may lose mail.
>
> This is what the problem is I believe, so I think I want to change the
> configuration of postfix to accept mail going to derek at deucedaily.org.
This is a factor in mail outbound from your system, not inbound, and when
you set your ISP's server as the relay host, it ceases to be a problem.
--
Bill Mullen moon at lunarhub.com MA, USA RLU #270075 MDK 8.1 & 9.0
"In communities where men build ships for their own sons to fish or
fight from, quality is never a problem." -- J. A. Dever
More information about the gnhlug-discuss
mailing list