Server/mail/naming setup theory

Bill Mullen moon at lunarhub.com
Wed Apr 14 00:51:02 EDT 2004


On Tue, 13 Apr 2004, Derek Doucette wrote:

> OK, I'll see if I can give you some more info...I haven't had a chance
> to try anything though as the Bruins are about to go into double
> overtime...:)

You must be a happy camper right about now, then ... ;)

> On Tue, 2004-04-13 at 19:06, bscott at ntisys.com wrote:
> > On Tue, 13 Apr 2004, at 2:03pm, derek at derek.homeunix.org wrote:
> > > I ... found out that my mail was blocked from here and I could not
> > > hit the web page. This turned out to be due to dns issues.
> > 
> >   Could you explain this in a little more detail, please?  What were
> > the DNS issues?
> From work if I try to hit my web page by going to
> http://derek.homeunix.org, it times out, the new domain that I recently
> registered www.deucedaily.org, hits zoneedit, and is forwarded to
> ww2.deucedaily.org:8080.  Accessing the page this way, or by IP works.  
> Mailing to aol accounts bounces back with error: server refused mail
> service.  By emailing from my aol account to derek at derek.homeunix.org, I
> get a timeout, which is the same as not being able to hit my site, (ok,
> I can't hide it anymore, I'm working for AOL).  If I email from my aol
> account to derek at deucedaily.org, it gets through.  This is all leading
> me to be a dns setup on the aol servers issue.

Note that http://derek.homeunix.org:8080 also works properly. I suspect 
that AOL's SMTP servers will not let you mail to an address in a domain 
which does not contain an MX record; you might be able to correct this by 
creating an MX record for the derek.homeunix.org domain, pointing to the A 
record for that domain (if dyndns.org allows you to define MX records).

> >   Trying to host email on a dynamic IP address will lead to problems.  
> > The principles behind SMTP assume a well-connected, stationary host.  
> > There's nothing that says you cannot have a dynamic MX, but things
> > just don't work as well.  So some problems are to be expected.
> 
> I have had the same IP since I've been here, even though it is
> considered dynamic, I'll cross that bridge when I get to it.

Do you have some sort of automatic update set up for either your dyndns
and/or your ZoneEdit A record address, should your IP address change? If
you do, that makes weathering an IP address change much easier. As I said
in my earlier post, there are several ways to do this, and knowing what
your run for a firewall system/device will tell us which one is optimum.

> >   Some operators have configured their mail exchangers to reject mail
> > coming from dynamic IP addresses.  They use blacklists of netblocks
> > known to be used by dynamic providers (such as Adelphia).  You will be
> > unable to exchange mail with these systems.  AOL falls into this
> > category.
> 
> This could be, but like I said, I can get mail from aol account to
> deucedaily.org account, its just the derek.homeunix.org ones that fail.

What you may find is that you cannot mail from your home system *to* AOL
addresses (if not now, then possibly in the near future). AOL blocks SMTP
from addresses that appear on a blocklist of ranges assigned by ISPs to 
their dial-up and residential broandband customers; if Adelphia's address 
ranges are not on it already, they probably will be soon.

This is easily handled in Postfix, by specifying your ISP's SMTP server as
a either a relay host (wherein all of your outbound mail is handed off to
their server for delivery), or as an alternate transport for a specific
list of domains (so your mail normally goes out via direct SMTP, but is 
diverted to your ISP's server when going to a blocked domain).

As long as you can successfully send mail through your ISP's SMTP server
when the "From:" address on that mail is other than the one your ISP gave
you, either method will work. The former method is the preferable one, for
a number of reasons - not the least of which is that ISPs are generally
more concerned about direct *outbound* SMTP from their customers (that's
what spammers and virus-compromised Wintendo boxes spew), and they don't
as a rule pay as much attention to inbound SMTP, as long as the volume
remains reasonable.  It pays to stay under their radar. ;)

When you relay through them, from their end it appears pretty much the 
same as when you send from a mail client (though you can spot Postfix in 
the headers), so they really don't have much to complain about. To enable 
that in Postix's main.cf, set $relayhost accordingly:

relayhost = smtp.adelphia.net     # (or whatever)

I can walk you through the other way if you want, but I'll skip it now.

> >   Some operators have configured their mail exchangers to do reverse
> > DNS lookups.  This means they take the address your own MX is
> > connecting from, and do a reverse DNS lookup on it.  If they do not
> > get a response, they refuse your mail.  Your current address
> > (68.235.175.211 as I write this)  does reverse properly, but if that
> > does not always occur, you may lose mail.
> 
> This is what the problem is I believe, so I think I want to change the
> configuration of postfix to accept mail going to derek at deucedaily.org.

This is a factor in mail outbound from your system, not inbound, and when 
you set your ISP's server as the relay host, it ceases to be a problem.

-- 
Bill Mullen   moon at lunarhub.com   MA, USA   RLU #270075   MDK 8.1 & 9.0
"In communities where men build ships for their own sons to fish or
fight from, quality is never a problem." -- J. A. Dever



More information about the gnhlug-discuss mailing list