[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Proper SMTP server setup - was Anti-Spam ideas for usenet/list harvestedemail addresses

Daniel L. Miller said:
> Jacob Anawalt wrote:
>  > Doesn't some spam come directly from an individual running SMTP from
>  > their box to yours? I'm pretty sure this is the case for the
>  > W32/Swen@MM's email spreading methods.
>
> I have exactly this configuration.  Our e-mail is hosted off-site on
> another server, but I have configured an Postfix server to send all our
> outgoing mail.  Is there a "proper" way I should configure our internal
> server and/or domain registration so we don't appear to be a spammer -
> since a reverse lookup would fail and my internal SMTP server does not
> accept mail at this time?
>

While I can wish all I want that outgoing and incomming SMTP will map to
vaild MX records, as far as I know it isn't required to have outgoing
traffic map have a MX DNS record. It sounds like the off-site server is
your MX server.

I'm going to guess that this is for amfes.com.

MX 5=smtpav.wpdbiz.com = 66.238.186.13.
MX 10 = smtp.amfes.com = 66.238.186.115.

You could relay all your mail through them if they have a good smarthost,
but it isn't required. I did notice that on this email, your mail server
identifies itself with the local network instead of afes.com:

mail.amfeslan.local -> 67.106.235.126.ptr.us.xo.net [67.106.235.126]

There is a reverse DNS IP, it just isn't owned by amfes or named to
amfes.com and XO Communications doesn't want to or wasn't asked to have
that reverse dns record say gw.amfes.com. The system I'm mailing from
doesn't have the domain name's reverse dns on it. It did for a few months,
but then our ISP changed some policies or something and changed them all
again because it was easier on them.

It's not necessary to send email to have reverse DNS of afes.com for your
IP. Lots of systems dont have 'perfect' reverse dns. The name your gateway
mailserver is using doesn't resolve to anything useful by people outside
of your lan. If you control your DNS you could at least have the forward
dns point to gw.afes.com or some afes.com name and then have postfix on
mail.amfeslan.local put that <name>.afes.com value for $hostname.

The best way to avoid being called a spammer is to make sure spam doesn't
leave your system by not relaying for other networks, and watching
outgoing email for spam - especialy from viruses. Since you only accept
outgoing mail, your rules can be even stricter. You can reject all
incoming mail except postmaster and abuse. Maybe you can even reject them
since technically you have a valid MX record to recieve mail on a
different machine.

You may want to subscribe to or search the web on debian-isp to keep
informed of other issues. I only started this thread here because the
affects of Swen on people who posted to debian-user.

-- 
Jacob
SquirrelMail - Webmail for Nuts
Reply to: