Author: James P. Roberts Date: To: patrick-dated-1040586360.81036a, exim-users Subject: Re: [Exim] Re: Example of legit email rejected by testing on reverse IP lookup
> > It is a static IP block, of course. >
> Are you sure... your address 64.105.159.234 shows up in my tools as belonging > to one contiguous address range 64.105.0.0 - 64.105.255.255 which means it > is most like part of an ISP's dynamic addresses. Unlike someone booking a /24 > to /29 Internet IP address range. This puts you (along with a lot of people > with DSL/cable connections) in that 'twilight' zone of not really a 'business' > class connection but maybe still running a business on it!
Absolutely sure it is static. However, it is a static block of 8 IPs
from the large list controlled by Covad; and, they have so far failed to
delegate the block to my authority, even though I am paying for it. I
am permitted by the contract to run servers on this block.
>
> You cannot get away from the situation that sites/MTA's out of your control are > going to consider your host to be suspect and maybe play it safe and block you.
I know. It is driving me crazy. To the point of looking for a new ISP.
>
> This is irrespective of whether your ISP (this week) is returning your reverse > lookup OK, things like MAPS work on *IP addresses*. Also some sites (as has > been said) look at reverse IP and if it has any IP address range data in it > block the host, whether we agree with that or not will not necessarily change > the situation.
>
> So what's to do -
>
> Two considerations - mail in and mail out. As long as your ISP does not block > incoming traffic on port 25 on their net address block then your incoming is > OK.
Correct. I even have a way to let customers whose ISPs DO block port 25
to connect to my server on an alternate port, authenticate, and then
send mail. ONLY my customers are permitted to relay through me, and
only after successful SMTP AUTH. I have a policy of cutting off any
customer that sends spam (I have not had to actually do that, yet).
> Outgoing you either:
> * redirect everything to smart host - your ISP's relay server or;
I don't like this idea, since I would have to trust Covad to handle all
that mail, it adds an extra stop on the route to it destination, another
set of headers, etc. etc.
> * send mail out directly, wait for rejects then put those domains into list > then make a manual route to go before dnslookup router to send to ISP's mail > relay server.
>
> manual_domains:
> driver = manualroute
> domains = ${lookup{$domain}lsearch{/the/file/name}}
> transport = remote_smtp
> route_list = * your.isp.mailserver
>
> this will try all domains in '/the/file/name' if domain not found will pass > through to next router - dnslookup.
>
> To have this happen automatically... hmmm more difficult. Exim would have to > selectively process the error and know the difference between real mail > failures and failures due to this issue. This would be *after* the fact of it > having chosen a router and processed message.
>
> Patrick
Thank you! I think this is the essence of what I need to do, short
term. (When I finish ironing out the details, I will publish to the
list). Long term, I need a new ISP. :(