Re: [exim] Issue with sending mails on multiple IPs

Page principale
Supprimer ce message
Répondre à ce message
Auteur: W B Hacker
Date:  
À: exim users
Sujet: Re: [exim] Issue with sending mails on multiple IPs
Biju Abraham N. wrote:
> Hi Bill,
>
> Thanks for the all the help. As per your advice, I have asked both the
> providers to add the PTR record. One provider added y'day and second one
> today. The second provider told me that there can be only ONE IP which can
> point to mail.rajagiritech.ac.in, is that true?


Short answer: Yes, they are correct.

Longer Answer: ..but may have missed the point w/r prioritized MX RR.

'mail.<whatever>

and

'mailbak.<whatever> are valid differentiators in your case.

One *can* even point them to the SAME IP. But that would be generally pointless.
(See M Perkel's posts on special spam 'sports'..)

Plenty of good info online all about DNS - including websites that will do a
full check for you. Go Ogle.

On your own box, use 'dig', 'hostname', and/or install 'dnslint' and sputniks.

Generally - while a single IP may have multiple PTR RR, from experience, I'd
suggest trying to avoid it in favor of more IP's - even if on same-box.

While any given IP can have many RR pointing to it, any given RR - of any kind
- can point to only one IP.

> I doubt if they have removed
> the other PTR record (from asianet.co.in). Can you please test this
> (mail.rajagiritech.ac.in) for reverse DNS and let me know?
>
> Regards,
> Biju.
>


Old New Zealand proverb says:

"Build a man a fire, and he will be warm for a day.
SET him on fire, and he will be warm for the rest of his life"

So .... you can check it yourself any time you like with the tools above.

Ex: do a 'hostname -v' on the IP.

Do a 'dig mx' on the domain.tld returned in the PTR RR.


You can also test it yourself *remotely* to see if the DNS has 'propagated'.

Try calling-back from some other country.
Go Ogle 'looking glass servers' or see 'traceroute.org'.


If problems, a 'whois' on the *IP* will tell you whom the block-holder is, and
whether it is Allocated Portable (in a dynamic pool), to whom re-assigned if
'fixed IP' or re-sold by an intermediary. After all - some 'ISP' are just two
guys and a dog named 'lunch'.

Use Exim's excellent debug toolset:

To test your own 'live' system, use a 'warn' verb in your ~/configure and run an
Exim debug against the incoming you wish to test. This won't affect your running
process.

On a production server, you may ALSO want to use a 'warn' instead of a 'deny'
until you have logged some experience applicable to YOUR arrivals rDNS 'quality'.

Then build a by-IP-whitelist, check it first, exempt the rDNS test if hit.
Don't foregt to give rDNS a miss also for your submission user-group AUTH'ing on
port 587. The will almost NEVER have a resolvable rDNS - nor should they.

YOUR mileage WILL vary.

smtp is akin to seawater.

Same rules of physics apply, and salinity changes only slightly.

But what you find carried IN IT at Hong Kong Harbour or the Bay of Bengal is not
the same as off the coast of Chile or New Zealand.

tune, test, observe, correct, test again......

;-)

Bill


> -----Original Message-----
> From: W B Hacker [mailto:wbh@conducive.org]
> Sent: 23 November 2010 10:30
> To: exim-users@???
> Subject: Re: [exim] Issue with sending mails on multiple IPs
>
> Biju Abraham N. wrote:
>> Dear All,
>>
>>
>>
>> We have an exim4 4.69-9 running on a debian linux box. We have two
> internet
>> service providers and as a protection, assigned one public IP each from
> two
>> pools on the mail server machine. I have got mapped the second ISP's
> public
>> IP also in the DNS with MX priority 20 as follows while the first one has
>> priority 10:
>>
>> rajagiritech.ac.in.     3600    IN      MX      10
> mail.rajagiritech.ac.in.

>>
>> rajagiritech.ac.in.     3600    IN      MX      20
>> mailback.rajagiritech.ac.in.

>>
>> mail.rajagiritech.ac.in. 3600   IN      A       202.88.229.124

>>
>> mailback.rajagiritech.ac.in. 3600 IN    A       115.248.202.19

>>
>>
>>
>> I also listening on port 25 for both the public IPs for incoming mails and
>> if the primary ISP fails, mails will come in through the second ISP.
>>
>> Now while sending mails, I have seen that there are rejections on the
> second
>> ISP's public IP as follows:
>>
>>
>>
>> SMTP error from remote mail server after end of data:
>>
>>       host gmail-smtp-in.l.google.com [74.125.155.27]:

>>
>>       550-5.7.1 [115.248.202.19] The IP you're using to send mail is not
>> authorized to

>>
>>       550-5.7.1 send email directly to our servers. Please use the SMTP
> relay
>> at your

>>
>>       550-5.7.1 service provider instead. Learn more at

>>
>>       550 5.7.1 http://mail.google.com/support/bin/answer.py?answer=10336

>>
>> u4si2912443ybi.99
>>
>>
>>
>> How do I avoid such errors? Should I fully prevent sending mails from the
>> second public IP OR can I do something by which I still can send mails
> from
>> second public IP and other mail servers will receive them with no error?
> Can
>> somebody please help me?
>>
>>
>>
>> Regards,
>>
>> Biju.
>>
>
> *Receiving* should be OK with the MX (or even the 'A') RR.
>
> Sending is another matter:
>
> # host 202.88.229.124
> 124.229.88.202.in-addr.arpa domain name pointer
> 124.229.88.202.asianet.co.in.
>
> # host 115.248.202.19
> Host 19.202.248.115.in-addr.arpa. not found: 3(NXDOMAIN)
>
> What you *want* is PTR RR on both of those (or whatever else you use for
> 'outbound') that agrees with your<domain>.<tld>, MX records (and HELO
> string to
> be pedantic). IOW .. rajagiritech.ac.in AND NOT '...asianet.co.in'
>
> Your provider, if the principle IP block 'holder' can place those RR in
> their
> DNS for you. That's where they are expected to be.
>
> Feel free to email me directly to test before and after.
>
> I may not be as 'polite' as GMail, but reject for the same reasons..
>
> HTH,
>
> Bill
>
>
>
>
>
>