Server/mail/naming setup theory

bscott at ntisys.com bscott at ntisys.com
Fri Apr 16 19:13:01 EDT 2004


On 13 Apr 2004, at 10:51pm, derek at derek.homeunix.org wrote:
> OK, I'll see if I can give you some more info...I haven't had a chance
> to try anything though as the Bruins are about to go into double
> overtime...:)

  Yes, they must be taking drama lessons from the Patriots.  ;-)  Although
last night's performance was rather dismal, but I guess you can't be awesome
all of the time...

>>> I ... found out that my mail was blocked from here and I could not hit
>>> the web page. This turned out to be due to dns issues.
>> 
>> Could you explain this in a little more detail, please?  What were the
>> DNS issues?
>
> From work if I try to hit my web page by going to
> http://derek.homeunix.org, it times out ...

  That would be because Adelphia is blocking TCP port 80, which is the
well-known port for HTTP.  It is not a DNS issue.

> the new domain that I recently registered www.deucedaily.org, hits
> zoneedit, and is forwarded to ww2.deucedaily.org:8080 ...

  That would be because Adelphia is *not* blocking TCP port 8080.  When you
request <http://www.deucedaily.org/>, your browser makes a connection to
ZoneEdit's servers on TCP port 80.  ZoneEdit's servers, as you note, issue
an HTTP redirect to <http://ww2.deucedaily.org:8080>.  The new URL specifies
the non-standard port number.

> Mailing to aol accounts bounces back with error: server refused mail
> service.

  That means, of course, that AOL refused mail from your server.  See below,
about mail to AOL, from a dynamic address.

> By emailing from my aol account to derek at derek.homeunix.org, I get a
> timeout ...

  Please explain "timeout".  There are many places a timeout could be
occurring -- DNS, your MUA, the MTA you're submitting to, AOL's MTA as it
tries to contact your MTA, etc.

  If at all possible, post a copy of the DSN (assuming AOL gives you a DSN,
and doesn't just play a sound file of "You don't got mail" or whatever).

> ... which is the same as not being able to hit my site ...

  Maybe, maybe not.

> If I email from my aol account to derek at deucedaily.org, it gets through.
> This is all leading me to be a dns setup on the aol servers issue.

  I do not think so.

  As I write this, the <deucedaily.org> domain has MX records which specify
ZoneEdit servers (specifically, <mail3.zoneedit.com> and
<mail4.zoneedit.com>).  Your <derek.homeunix.org> domain uses your own
system, which is connected via Adelphia.  So mail travels a completely
different path, depending on which domain you use.

> I am aware of this, port 25 is not blocked ...

  Yet.  More and more large ISPs are starting to block TCP port 25 for
residential feeds (for anti-virus as well as anti-spam reasons).

> ... its mainly from aol I get rejected ...

  Yes.  As I mentioned, AOL likes to block mail from IP address ranges known
to by dynamic, which would include your cable IP address.

  Unfortunately, AOL is notorious for doing all sorts of weird things, doing
them inconsistently, not explaining them, and ignoring requests for
explanations or assistance.  This means that exchanging mail with AOL can
sometimes be problematic.  I realize they are your employer, and that many
people use AOL.  That does not make the problems with AOL go away.

  As someone else suggested, you can usually work around this by configuring
your own MTA to relay all outgoing mail through your ISP's SMTP servers.  
That would be Adelphia, in your case.  With Sendmail, this is called using a
"smart host".  I am not familiar with Postfix, so I cannot advise on how to
configure it to do the same.  I'm sure someone else on this list can,
though.  You might also check the Postfix documentation.

> good to know, again not so relevant as the IP is pretty much static, well
> I think at least.  Tell me if I'm wrong

  You're right that the TTL issue will not effect you if your IP address
does not change (or changes very infrequently).

  I don't think your address is static by design, though.  I suspect what is
happening is that your system is simply on all the time, so it keeps
renewing the DHCP lease, and thus gets to keep the same IP address.  This is
common with cable feeds.

>> Some operators have configured their mail exchangers to reject mail
>> coming from dynamic IP addresses.  They use blacklists of netblocks known
>> to be used by dynamic providers (such as Adelphia).  You will be unable
>> to exchange mail with these systems.  AOL falls into this category.
> 
> This could be, but like I said, I can get mail from aol account to
> deucedaily.org account, its just the derek.homeunix.org ones that fail.

  See above.

>> Some operators have configured their mail exchangers to do reverse DNS
>> lookups.  This means they take the address your own MX is connecting
>> from, and do a reverse DNS lookup on it.  If they do not get a response,
>> they refuse your mail.  Your current address (68.235.175.211 as I write
>> this)  does reverse properly, but if that does not always occur, you may
>> lose mail.
> 
> This is what the problem is I believe, so I think I want to change the
> configuration of postfix to accept mail going to derek at deucedaily.org.

  Again, your IP address <68.235.175.211> currently resolves using a reverse
DNS lookup, to the domain name <68-235-175-211.chvlva.adelphia.net>.  That
is how I knew you were using Adelphia.  So reverse DNS exists.  That domain
name also has an associated address record which matches the original IP
address.  So the forward matches the reverse, which is even better.  So I do
not think reverse DNS is your problem.

-- 
Ben Scott <bscott at ntisys.com>
| The opinions expressed in this message are those of the author and do  |
| not represent the views or policy of any other person or organization. |
| All information is provided without warranty of any kind.              |




More information about the gnhlug-discuss mailing list