From owner-freebsd-questions@FreeBSD.ORG Wed Mar 14 04:05:51 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 9BAFF16A400 for ; Wed, 14 Mar 2007 04:05:51 +0000 (UTC) (envelope-from jeffrey@goldmark.org) Received: from out5.smtp.messagingengine.com (out5.smtp.messagingengine.com [66.111.4.29]) by mx1.freebsd.org (Postfix) with ESMTP id 6292413C43E for ; Wed, 14 Mar 2007 04:05:51 +0000 (UTC) (envelope-from jeffrey@goldmark.org) Received: from out1.internal (unknown [10.202.2.149]) by out1.messagingengine.com (Postfix) with ESMTP id 2CD641F87DE; Wed, 14 Mar 2007 00:05:51 -0400 (EDT) Received: from heartbeat1.messagingengine.com ([10.202.2.160]) by out1.internal (MEProxy); Wed, 14 Mar 2007 00:05:51 -0400 X-Sasl-enc: Q3JLVUS7mPJotGlzjeBCrUSX1hjUyGUxAS4BOTbwr0jD 1173845151 Received: from [10.1.10.136] (n114.ewd.goldmark.org [72.64.118.114]) by mail.messagingengine.com (Postfix) with ESMTP id 1AD1E32574; Wed, 14 Mar 2007 00:05:50 -0400 (EDT) In-Reply-To: <493e2590c7f615d9fb9db209919e147d@prodigy.net> References: <6660f1280703110845w52b8babapf2814da0ac6424ae@mail.gmail.com> <56A5B5E4-5644-4C50-9346-5EC9A372C3DB@goldmark.org> <20070312170530.65898c23@gumby.homeunix.com> <9b8f6952375affce2f85577c9c2792b6@prodigy.net> <20070313011458.0f3534fd@gumby.homeunix.com> <493e2590c7f615d9fb9db209919e147d@prodigy.net> Mime-Version: 1.0 (Apple Message framework v752.2) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: <7CB78BD9-21C4-4372-B421-6D7A26CF3695@goldmark.org> Content-Transfer-Encoding: 7bit From: Jeffrey Goldberg Date: Tue, 13 Mar 2007 23:05:48 -0500 To: jekillen X-Mailer: Apple Mail (2.752.2) Cc: FreeBSD Mailing List Subject: Re: getting mail to work X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Mar 2007 04:05:51 -0000 On Mar 13, 2007, at 8:17 PM, jekillen wrote: > > On Mar 12, 2007, at 5:14 PM, RW wrote: >> Just as long as you understand the distinction between forward and >> reverse DNS. Based on the whois record for for your IP address, at >> the >> moment you appear to have the following reverse DNS for the address >> range 75.7.236.224 - 75.7.236.231: >> >> $ for i in `jot 8 224` ; do dig +short -x 75.7.236.$i ; done >> adsl-75-7-236-224.dsl.irvnca.sbcglobal.net. >> adsl-75-7-236-225.dsl.irvnca.sbcglobal.net. >> adsl-75-7-236-226.dsl.irvnca.sbcglobal.net. >> adsl-75-7-236-227.dsl.irvnca.sbcglobal.net. >> adsl-75-7-236-228.dsl.irvnca.sbcglobal.net. >> adsl-75-7-236-229.dsl.irvnca.sbcglobal.net. >> adsl-75-7-236-230.dsl.irvnca.sbcglobal.net. >> adsl-75-7-236-231.dsl.irvnca.sbcglobal.net. > OK, It appears that it is the ISPs name servers who > are responding. When I call up my sights I get to the > machines they are on according to my present > DNS setup. But that is what the public sees. If (which I strongly doubt) your own internal nameservers give a different result to $ dig +short -x 75.7.236.224 then it still makes no difference to the rest of the world which, when doing a *reverse* lookup on your IP address doesn't get anything that looks like your domain name. > try www.brushandbard.com That's not the question. RW was (correctly) talking about *reverse* DNS, aka DNS PTR records. That is we are looking at the translation *from* number *to* name. If you look up one of my statically IP addresses $ dig +short -x 72.64.118.115 n115.ewd.goldmark.org. you get that instead of static-72-64-118-115.dllstx.fios.verizon.net It took me many unpleasant hours on the phone to Verizon to get the reverse look up the way it is now. I spent those hours on the phone specifically because I did want to run my own direct to MX mailserver. My mailserver sends out mail as being from lists.shepard-families.org (in the envelope and header froms) but identifies itself as gecko.ewd.goldmark.org a regular look up of either of those returns 72.64.118.115 A reverse of that turns up n115.ewd.goldmark.org which when you do a regular lookup gets you 72.64.118.115 So my machine is claiming to be in goldmark.org, and doing a reverse lookup on its IP address points you back to goldmark.org. So that strongly suggests that when it identifies itself as goldmark.org, it is doing so with the consent not only of the person who controls the goldmark.org domain, but also with the consent of the person (in this case Verizon) who controls the IP address of the machine. If mail from my machine failed this IP --> name1 --> IP --> name2 --> IP test (the test being that name1 and name2 are in the same domain and that "IP" is the same IP throughout), then mail from my machine would get a high spam score by most systems. I really don't want to sound harsh with this, but if you aren't fully clear on concepts like reverse and forward DNS and authoritative servers for each, you really should be looking for a solution that doesn't involve you running a direct to MX system. You can still run your own mailserver which you can integrate with your webserver, but have it relay all of the outgoing mail to your ISP's SMTP host which is set up for the purpose. Also if you post your queries to the postfix mailing list (I think I recall that you were using postfix) you will probably find lots of pointers to information explaining about configuration. "The Book of Postfix" (ISBN 1-59327-001-1) has a good discussion of the need for other hosts being able to reverse resolve the IP of your mail hub. -j -- Jeffrey Goldberg http://www.goldmark.org/jeff/