Moin, trying to sum things up so far:
Am 19.10.22 um 13:33 schrieb Heiko Schlittermann via mailop:
A given mailhost (ran privately for smaller entities) can't send messages to T-Online anymore. 554 IP=168.119.159.241 - A problem occurred. … The sending IP belongs to a rented host (rented from a major German hoster). The answer he (the owner of that host) got was about like this:
Today we learned the complete message reads (thanks to Kirill Miazine):
Thank you very much for your message. We only allow evidently commercial or similar operators to connect to our mailservers. So, please use an SMTP relay or e-mail gateway of your hoster or ISP, that you can use as part of your contract with them. Their support will surely help you to configure your system accordingly. However, from our point of view, a host would be evidently commercial if it fulfills all the requirements an recommandations from the first two paragraphs of section 4.1 of our FAQ; see <https://postmaster.t-online.de/index.en.html#t4.1>.
As of yesterday, the setup around 168.119.159.241 didn't match any to section 4.1, except matching DNS. Yesterday we also learned from Bernardo Reino that Deutsche Telekom is still whitelisting any mailservers to connect to the t-online.de MXers — IF they comply with section 4.1 of the rules on postmaster.t-online.de. So, to put it in a nutshell: Deutsche Telekom's policy for accessing the MXes for t-online.de hasn't changed for 10+ years. Their wording seemingly has, see above, but they still provide ways for "new" mailservers to be able to sent to @t-online.de (details on https://postmaster.t-online.de/index.en.html#t4.1).
Personally I consider this quite rude, and as a smaller ISP I'll be hit sooner or later.
I do agree. (Being my own ISP, I've been hit by this BS about every second year.)
As an Exim developer I'm asking myself why they (T-Online) assume that I shouldn't run my own mail service.
This only Deutsche Telekom can answer. But, as you ARE an Exim developer, how about starting internal discussions within that community to include a default rejection of any mail from @t-online.de in Exim's default configuration? As nearly no-one who is deploying Exim (or Postfix, Sendmail for that matter) will be able to *send* to @t-online.de due to their policy, it is only logical to not *accept* any mail from them, too. Those who did whitelist their server could remove that config, but for the majority of the users, this small config change will solve the issue. Same should happen with Postfix, and the Package Maintainers at Debian, Ubuntu, RedHat, etc. should look into changing their default configuration in a similar way as well. This is the only reasonable approach, as, as we learned yesterday, t-online.de's MXes are configured in a way that do not let any mailserver connect — unless it's postmaster arranged a whitelisting with them upfront. The setup of t-online.de's mailservers is, AFAIK, unique, and therfore it should be preconfigured appropriately in mailserver packages, so no more postmasters drop into that pitfall. Regards, -kai _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
