Marian Ďurkovič wrote:
> On Sun, 07 Jun 2009 16:13:53 +0100, Martin A. Brooks wrote
>> On 07/06/2009 16:04, W B Hacker wrote:
>>> as a public-facing MTA really, really does need to have a fixed-IP
>>> with a valid PTR RR
>> It doesn't matter how many times you say this, it's simply not true.
>> No RFC requires this. This is you saying "I think a public-facing
>> MTA really, really does need to have a fixed-IP with a valid PTR RR".
>> Please express such things as opinions, and not as universally
>> accepted facts or technical requirements, which is what they, however
>> unintentionally, come across as.
>>
>> And, yes, I know I'll get my usual bounce from your mail server when
>> it throws away yet another perfectly legitimate non-spam email,
>> because I dare to send email from my home ADSL connection, starting
>> the email in RFC1918 space, with no matching reverse DNS.
>
> Sorry, but I fail to understand what point you're trying to make.
> Your *public facing* MTA does have a valid PTR RR and your
> envelope from doesn't use RFC1918 either. So your real problem is
> most probably the fact, that your HELO uses completely different
> domain than the PTR points to:
>
> Received: from 82-69-6-203.dsl.in-addr.zen.co.uk ([82.69.6.203]:50456
> helo=winter.hinterlands.org)
> by tahini.csx.cam.ac.uk with esmtp (Exim 4.69)
> (envelope-from <martin@???>) id 1MDK4U-0004Xe-0d
> for exim-users@???; Sun, 07 Jun 2009 16:14:09 +0100
>
For the benefit of those who DO try to track and understand the relevant
RFC's.... 'indirectly' requiring PTR RR's...
(NB: Why do MTA's provide for - even default-enable - such tests?)
Marian,
Correcting the HELO to match unfortunately is not always quite enough, and for
two reasons:
- first, before one ever reaches that point, the code in Exim's ~/src/helo.c
does more than simply seek a 'valid' PTR. A great deal more.
Exim is rather thorough as to forward AND reverse lookup returning something
SMTP USEFUL, not just empirically 'correct'. Soundly written code, and most
appropriate to the need - written by a wise man for use of other wise folks.
A 'generic' PTR RR, such as '82-69-6-203.dsl.in-addr.zen.co.uk' does not
'always' fail such tests, but in this case, only an MTA of 'zen.co.uk' might be
expected to pass them, and it would be 'most unusual' for an ISP to operate
their own MTA on such 'generic' PTR RR. They do not HAVE to.
OTOH, if one has not asked Exim to make the reverse_host_lookup test at all, we
may arrive at the HELO phase.
Here - again IF we test all - we *may* have a similar issue. Once again - code
is pragmatic, not stupid, and an Exim mailadmin has enormous flexibility. One
can allow a geenric 'match' to pass. Or NOT.
Finally - there is yet another potential barrier:
The OP is still in the middle of a dynamic-IP block, and some look at that as
yet-another strong indication of zombishness.
Bottom line?
If/as/when it is impractical or expensive to obtain a fixed-IP and proper PTR
and other DNS records - find a cheap or 'free' smarthost that DOES have proper
credentials. It is not hard.
Following the standards needed for cooperative efforts makes friends even of
total strangers.
Defying them makes even friends suspicious of one's motives.
Mendaciously claiming they do not *exist* removes all doubt.
Bill