North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Greg: get it right.
Apologies to the list; this will be the final posting you see on this topic. Greg: the system is valid, verifiable, and has an A record. If that's not good enough for you, sign off now. -----Forwarded message from Mail Delivery Subsystem <MAILER-DAEMON>----- On Mon, Jul 21, 1997 at 07:06:58PM -0400, Greg A. Woods wrote: > > get a real mailer. > Oh oh! Trouble down there in Florida making you cranky Jay? ;-) Nope. People who don't read the RFC's. :-) > Thanks for your voicemail message -- sorry I couldn't answer directly as > I've been keeping the line open to a customer who's brand new T1 is down > and out and there's lots of finger pointing going on.... I'm hip. > FYI here's the log entry may mailer records when this sort of thing > happens (this example from your most recent attempt): Yeah, this time, as noted, I got the reply myself. > 07/21/1997 17:37:16: remote MAIL FROM: '<firstname.lastname@example.org>SIZE=3395' target 'scfn.thpl.lib.fl.us' is not a valid domain (no MX record); by email@example.com [188.8.131.52]. > > The '<firstname.lastname@example.org>SIZE=3395' is exactly what was sent by > "your" mailer as the parameter for the "MAIL FROM" SMTP command, and the > reason for the rejection is because the target 'scfn.thpl.lib.fl.us' > doesn't have an MX. ("email@example.com [184.108.40.206]" is the > results of the PTR lookup and an IDENT query.) > > And nope, I'm not going to change this -- I'm doing it on purpose! ;-) > (and I know full well what I am doing in this case since I wrote the > code to do it this way and the requirements I set out to fulfill have > been met! ;-) Except that you forgot that an MX record isn't necessary. An A record works nicely... and there _IS_ one of those. > Yes this is draconian, but it helps immensely at rejecting spam and it > rarely rejects any legitimate mail (except from sticks-in-the-mud like > the folks at PSU.EDU who don't seem to have ever heard of MX records and > folks such as yourself who haven't yet run across this). I receive > hundreds of messages per day, and others using similar mail > authorisation rules receive thousands or even tens of thousands of > messages per day. This form of authorisation is spreading to more and > more mailers too -- I understand that even sendmail can do it, and from > what I've heard aol.com has enabled such rules and Brad Knowles himself > advocates enforcing such checks. To quote a tiny portion of private > e-mail that he sent to me just before he decided to cut off all > discussion with me (I'm now privileged to be in his >/dev/null list! ;-): Don't misunderstand me; I salute your intent. Just do it _correctly_. :-) And note that you shouldn't validate the sender address until you have a recipient address. Mail addressed solely to "postmaster" has to be deliverable anyway, or you violate RFC 822. > He wasn't talking explicitly about requiring a valid MX for the sender > address, but I think you'll see the direction he seemed to be going in. Certainly; he was talking about verifying the existence of the sender. MX records are optional, and therefore inspire false negatives of this sort. > > > Your DNS is rather sparse of MX records. You might want to add at least > > > the following as well: > > > > > > thpl.LIB.fl.us. MX 1 scfn.thpl.lib.fl.us. > > > scfn.thpl.LIB.fl.us. MX 1 scfn.thpl.lib.fl.us. > > > > > > Either that or use a return address of <firstname.lastname@example.org> > > > (i.e. the "MAIL FROM:" address given in the SMTP envelope). > > > > The return address you should have had was "email@example.com". > > baylink.com MX's to scfn.thpl.lib.fl.us, which is an A record. > > Yes, that would have worked A-OK, but perhaps you're thinking of the > RFC-822 "Reply-To" address whereas I'm talking about the SMTP envelope > sender address. If you got an envelope address of ns1, then we have a mail routing problem on outbounds of which I wasn't aware. > Hopefully we can get this sorted out amicably -- I can't bend on my rule > to require an MX for sender addresses, but I may think about adding an > exception list to allow friends to break the rules (until they see clear > to fixing their DNS! ;-). Unless you can come up with a valid explanation why simply an A record isn't enough, I think you'll have to bend your rule to avoid violating the RFCs. Cheers, -- jra -- Jay R. Ashworth firstname.lastname@example.org Member of the Technical Staff Unsolicited Commercial Emailers Sued The Suncoast Freenet "People propose, science studies, technology Tampa Bay, Florida conforms." -- Dr. Don Norman +1 813 790 7592 --JAA28200.869579680/scfn.thpl.lib.fl.us-- -----End of forwarded message----- -- Jay R. Ashworth email@example.com Member of the Technical Staff Unsolicited Commercial Emailers Sued The Suncoast Freenet "People propose, science studies, technology Tampa Bay, Florida conforms." -- Dr. Don Norman +1 813 790 7592