>...
>
>Quoting List Mail User <[EMAIL PROTECTED]>:
>
>> maps to 69.9.164.210, but the reverse of 69.9.164.210 is faye.voxel.net - in
>> particular do you have problems with ISPs like AOL?). Also, I'm not sure
>> if my own servers would accept mail from a host like that - It would depend
>> on the HELO/EHLO argument you used. Would you try and send a test message to
>
>Actually, your domain won't accept mail from me - only from the list.
>I'm on a
>shared server with a shared IP, so the mail server sending mail will
>never have
>the same reverse as my domain. I think this is perfectly valid, but
>evidently,
>you don't.
>
>> have a single exception case where a server that talks regularly to me has
>> forward and reverse DNS that don't match - and they pay me, and they just
>> contracted out the DNS and email and are having lots of problems with many
>> sites refusing mail from them.
>
>This is why I don't do HELO or header checks except to make sure its somewhat
>sane, and even that is removed for authenticated users as Windows machines can
>never get that right. Its better to let one spam in then to shut out
>one valid
>email. And I don't normally have spam getting through.
>
>-- Evan
>
>
Evan,
One of the reasons spammers hit low priority mail servers is often
they are less stringent. If your MTA kept trying, it would find that my
off-site back-up MX would take it. I simple use the built-in Postfix rule
which requires rDNS and that the client's IP map back to either itself or
a 'MX' for itself (you get a 450 code, not a 5xx code, since it could be
a transient DNS failure - and this is a "MUST" clause in the RFCs). Every
day I get email from some Hotmail servers which are misconfigured, but walk
the 'MX' list until the mail is accepted; I do find that qmail, Postini
and a few other MTAs give up before walking the entire list (I have a *lot*
of 'MX' records - all but one enforce the rDNS mapping).
BTW. MS Express/Outlook will walk the entire chain, so it has never
been an issue.
If you send me your IP, I'd like to look at the logs to see exactly
what the conversation was, how many 'MX's your MTA tried, etc. (off-list if
you prefer - just telnet to my lowest priority 'MX', fe.mail.megapathdsl.net
and it will accept and forward nearly anything - greater than 75% of the spam
I get is forwarded from there). In particular, I'm interested in seeing if
it was a case of "invalid" DNS or "not matching" DNS - I may loosen the "not
matching" case, but doubt I'll relax on the invalid one (Windows machines that
use the MS DOMAIN's name can be damned - I'm not a commercial provider, so I
can get away with this - clearly an ISP or email provider couldn't).
Paul Shupak
[EMAIL PROTECTED]
P.S. Can you email AOL? They are generally stricter than the Postfix option.
I can point you to sites much more restrictive still, but AOL is the big one
that bites most people without matching DNS.
