Re: [Exim] Newbie SMTP/ISP-Problem ...

Góra strony
Delete this message
Reply to this message
Autor: James P. Roberts
Data:  
Dla: exim-users
Temat: Re: [Exim] Newbie SMTP/ISP-Problem ...
<snip>

>The spammers have made the business of operating relays
>of ANY kind very difficult.


I totally agree.

>As an ISP/Service Bureau I can tell you that we ALWAYS
>validate the domain name returned by the reverse-DNS query
>and if they don't match? Sorry, your not getting email in here!
>It is getting far too risky for us to do it any other way.


I probably mis-understand what you do, so I'll ask by example...

I run a small web and email hosting service. My ISP provides me
with a very small block of static IP's. I run my own DNS servers.
HOWEVER, I cannot get my ISP to properly delegate reverse
DNS lookups. (Huge sigh). A reverse DNS on my IP gets a
single valid response, which is some made-up name provided by
the ISP. With me so far?

OK, now, I host several customer domains. They are permitted
to relay only after SMTP AUTH over TLS. I re-write their email
headers to replace my domain name with their own, so that they
appear (correctly) to be sending from their own domain. If you
look up the MX or A records for their domains, you will get my
static IP address (i.e. correct place to send replies to their domain).
If you reverse lookup that IP, you get my ISP's pseudo-name.
No match. Not even for my own domain!

Even if I could get my IP addresses properly delegated (ie. able to
control the reverse DNS entries), you still wouldn't necessarily get
a match, because you could get MULTIPLE answers to a reverse
DNS query, one for each domain hosted. If there are a LOT of
answers, DNS will truncate the results. BTW it is perfectly
legitimate to get multiple answers to a reverse DNS query.
Happens all the time. As it should. Face it, we can't
afford to have one unique IP per domain. There aren't enough to
go around anymore. Virtual hosting is a virtual necessity!

If I understand your comments correctly, (and I very well may
not; it's >5:30 am and I've not been to bed yet!), you may be
blocking dramatically more email than mere spam. I would
hazard a guess that more than half of all email users do not have
matching forward and reverse DNS entries. (Not even counting
spammers). Does anyone have any hard data on this?

<snip>

>Even sending email from a web host is difficult now. Because
>ARIN will no longer accept 'virtual hosting' as a justification
>for address assignments you will notice that most hosting house
>do not offer the possibility of relaying email through your site.
>Some do - by using a separate machine to do the relaying.
>But even this can fall down!


I offer exactly that service, as described above. And I do not
require a separate machine for relaying. The only thing that
makes it "fall down" is people expecting unique IPs for
every email domain. The entire DNS/Internet system now relies
on the ability to overlap multiple domains per IP address
("virtual hosting").

Actually, this might change again, if we ever adopt IPV6
universally. But I digress.

>My advice? If you are really serious go out and get a dedicated
>server at a hosting house. They will give you an IP address (or
>even a small block) and with some you even get to run your own
>DNS. One company worth trying is to be found at
>www.nocster.com (I use them but have no other association)
>who currently offer Exim 3.36 on their servers.
>
>John Day
>Toronto, Canada


I offer Exim 4.x on my servers, along with POP and IMAP,
which may accomplish what Jeff wants; that is, to have his own
domain name on his own emails, with replies sent to same
address actually getting back to him.

Jeff, contact me, and maybe we can setup something to get
around your ISP problems, without making you change ISPs.

Jim Roberts
punster@???
www.punsterproductions.com


At 12:11 PM 9/20/2002 -0400, Jeff Breitner wrote:
>> I'd like to use my own Linux-Box as SMTP-host because my ISP
>> always rewrites my e-mail adress but I'd like to use my
>> standard alias. (i use email@??? but after sending via
>> my ISP the recipient would see email@??? and would answer
>> to it ... ) The problem ist, that certain other ISPs will not
>> accept emails sent from dial-up hosts (in this case, my
>> privat pc), so how can I fix this???
>>
>
>
>The answer is, you can't.

<snip>

I disagree! (see above) You just need to buy email hosting services
from someone other than your ISP (me, for example). Imagine being
able to change ISP without changing your email address... Yep, this
is possible!

>I disagree with your ISP rewriting your mail envelopes to change your
>address. I think that if they accept mail for relay, then they have to
>accept it as is and it simply is not their business to change it. I
>understand their reasoning, but fail to see how that changes anything
>when fighting/researching the cause of junk and abusive mail.


Maybe it is wrong for an ISP to do it. But I am not an ISP, only a
hosting service. Different Beastie.

My customers WANT their mail to be coming from the domain they
are paying for, not from someone else's. I make a point of this.
It is a FEATURE of my service. I enforce SMTP AUTH over TLS
to verify my customer's identities. And I have a strict policy against
my customers sending spam; anyone doing it loses their service.

So, I hope you can understand that it is sometimes OK to use
re-write rules on relayed mail? It has to be done with the customer's
understanding, desire, permission. If it is for their benefit, then I feel
it is not only OK, but downright un-ethical to NOT do it for them.

Otherwise, I would be forcing my customers to advertise me with
every email, instead of their own selves. And that just seems wrong.

Just for clarification, the only thing my re-write does is replace
occurrences of my domain name, with the authenticated customer's
domain name, in any outgoing headers.

Oh, I get it! The problem is with the ISP over-writing the
customer's domain with their own. I do exactly the opposite!
So, I really am a good guy. Sigh. I need sleep.

Good night all! (Or is it morning already...? dang it).

Jim Roberts
Punster Productions, Inc.