Date: Fri, 13 Jul 2007 09:14:10 -0400 From: Steve Bertrand <iaccounts@ibctech.ca> To: vuthecuong <cuongvt@fpt.vn> Cc: questions@freebsd.org Subject: Re: is is able to setting up DNS server reverse lookup with DynamicIP? Message-ID: <46977AA2.5090806@ibctech.ca> In-Reply-To: <4697362E.8010608@fpt.vn> References: <46970917.3030502@fpt.vn> <200707130536.l6D5akxS070187@banyan.cs.ait.ac.th> <46971201.8030101@fpt.vn> <200707130552.l6D5qEM7071933@banyan.cs.ait.ac.th> <4697170E.3000909@fpt.vn> <200707130728.l6D7SfBA086091@banyan.cs.ait.ac.th> <4697362E.8010608@fpt.vn>
next in thread | previous in thread | raw e-mail | index | archive | help
vuthecuong wrote: > Olivier Nicole wrote: >>> But my postfix only can receive mails from freebsd-questions mailing >>> list, it can not send mail to this. >> >> There is another thing you have to consider. As it is explained in >> http://www.bsdforums.org/forums/showthread.php?p=265093#post265093 >> your dynamic IP has been black listed (the IP was used before by >> someone else who sent SPAM, so now the IP is in a list of bad guys and >> many mail server will refuse to receive emails from your IP). >> >> So it is really a better idea that you sent all your email thought FPT >> email server. >> >> Best regards, >> >> Olivier >> >> > OK I understood, this is one lession I learned today: In order to run > "real" mail server, > fixed IP address for forward and reverse DNS is must-have. > I will choose method of relaying through ISP though I prefer the first one. > Tnx you very much. The ISP who assigns you the IP from their allocated block are responsible for the reverse entry. You can create one locally, but the Internet as a whole will never look to anything you set up for an rDNS entry. I believe that every IP that is in use on a network, no matter what piece of infrastructure or computer it is assigned to should have a reverse entry. Most ISP's now are configuring rDNS entries for dynamic clients as such, with prefixes that include ppp, dynamic, dialin etc. Almost all of these such entries will cause mail blocks leading to blacklists due to the fact 99.99% of dynamic IP entries should never be sending mail directly to another MX to begin with. In your case, you can still run a fully functional email server at your end, however, instead of sending out directly, you use your upstream as your smart host as stated above. Aside from that, if you are a non-business client without static IP(s), your ISP should be blocking you from sending outbound 25 traffic into their network, except to their mail servers directly anyway. Of course, your ISP should also be blocking port 25 inbound into their network from the outside world, and outbound from their network to you (except to their own legit mail servers) to protect against exploitation of someone with an open relay. (You shouldn't be able to use yourself on the dynamic IP as an SMTP server from outside your own location). If they have implemented this, then you will have to use SMTP Auth on port 587. As a matter of fact, you should be using this anyway. This ISP uses SMTP Auth across the board for all of our users (ADSL, SDSL, dial-up etc). Only a very small handful are permitted to use port 25, and those clients would be the ones (like old Mac OS mail software) that do not have the ability to implement port 587. Cheers! Steve
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?46977AA2.5090806>