LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 01-19-2011, 09:52 AM   #1
trist007
Senior Member
 
Registered: May 2008
Distribution: Slackware
Posts: 1,027

Rep: Reputation: 69
A question about smtp relaying...


I have server A (mail.domain.com) with a legitimate email IP address that is not blacklisted. I have server B (sub.domain.com) with a dynamic IP and whose IP has been manually blacklisted by request of the ISP. Both have postfix installed.

I can send mail from server A to hotmail with no problem. I send mail as domain.com which is configured in the /etc/postfix/main.cf as mydomain=domain.com.

On server B I have the smtp server use server A as a relayhost so that email would be sent from server A, the legitimate IP address.

Here's my problem. When I send mail from server A, I receive it in hotmail as coming from domain.com. When I send mail from server B, which relays through A, to hotmail it goes to my spam folder if I have it coming from domain.com. However, if I tweak the origin in the /etc/postfix/main.cf and the email sends as coming from sub.domain.com then the email ends up fine in the inbox of hotmail.

What should I be changing? It's like hotmail does a check that if server B is who he says he is, it accepts it into the inbox, else it sends it to spam.
 
Old 01-20-2011, 03:09 AM   #2
120
Member
 
Registered: Oct 2010
Posts: 46

Rep: Reputation: 9
SPF records for sub.domain.com
A: Exist?
B: Authorise relay to send for it?
 
Old 01-20-2011, 04:19 AM   #3
trist007
Senior Member
 
Registered: May 2008
Distribution: Slackware
Posts: 1,027

Original Poster
Rep: Reputation: 69
Oh wow, why didn't I think of that. Not sure if hotmail checks that, but will definitely test that out. Thanks hehe.
 
Old 01-20-2011, 04:21 AM   #4
trist007
Senior Member
 
Registered: May 2008
Distribution: Slackware
Posts: 1,027

Original Poster
Rep: Reputation: 69
Wait no, I do have it listed as a valid sender of mail.
 
Old 01-21-2011, 02:23 AM   #5
120
Member
 
Registered: Oct 2010
Posts: 46

Rep: Reputation: 9
Yes, Hotmail *do* check SPF. It forms a notable part of their spam filtering.

Without looking at the headers it is hard to say exactly what the issue is - but as you probably don't want to post full headers here with IP addresses, it's a bit of a guess. Personally I would check the top 'received from' header line and make sure PTR works and maps both ways. I'd check that the envelope from domain was listed in the SPF record for the final connecting IP. I'd also be interested to study other headers to see if there is anything that jumps out. Hotmail sometimes key on public IP's in other received from headers - so if the subdomain IP is appearing, I'd look to see if the address was dynamic/static and had good PTR + SPF.

But like I say, without having a full example in front of me, it's hard to be sure.
 
1 members found this post helpful.
Old 01-22-2011, 03:53 PM   #6
trist007
Senior Member
 
Registered: May 2008
Distribution: Slackware
Posts: 1,027

Original Poster
Rep: Reputation: 69
Here are the mail headers an email sent from my server to my relay host (my real smtp server and mx record) and then off to hotmail. I replaced my IP addresses with tags, yet I feel this is pointless cause you can simply ping the domains.

IP1 is my mail server. IP2 is my server I'm sending from that uses IP1 as a mail relay. This ends up in spam. I have IP2 in a SPF record. However, IP2 is a Time Warner dynamic IP, so PTR checks will fail. Where can I see a PTR check in this header? However, the weird thing is that I have sent email before this way and it ended up in the INBOX.

PTR are probably the culprit, just trying to figure out why it has worked before. Is there anything on my mail relay (smtp server) that I should be looking at? Like domain masquerading or anything?

Also another thing, when I send mail directly from IP1 it sends as darkterminal.net yet when I send from IP2 it sends as darkstar.darkterminal.net. The only way I've found to fix this is to edit the myhostname in /etc/postfix/main.cf in IP2 from darkstar.darkterminal.net, however I was thinking it would affect it, but I'm coming to think that it doesn't.

Also darkterminal.net actually resolved to IP2, yet I have IP1 mail.darkterminal.net be my MX and my smtp server.

So PTR are reverse map checks. Are any forward regular dns checks made as well? Like to see if darkterminal.net resolves to a non internal IP?

I'd love to know more about this area because I'm very weak in it.

Code:
X-Message-Delivery: Vj0xLjE7dXM9MDtsPTA7YT0xO0Q9MTtTQ0w9Mw==

X-Message-Status: n

X-SID-PRA: root@d.d.net

X-AUTH-Result: NONE

X-Message-Info: JGTYoYF78jEu905dgLxgZjukPR+kR0ULDjhLtKVM7oU2CafABIASQpYpVvHYcQSYjGPC6dg0kdri2aaHW2t1CihIfSjwyOncXA/0/+1eOXM=

Received: from z.d.net ([IP1]) by SNT0-MC1-F34.Snt0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675);

	 Sat, 22 Jan 2011 12:33:41 -0800

Received: from d.d.net (darkstar [IP2])

	by z.d.net (Postfix) with ESMTP id D70A4F0BFD;

	Sat, 22 Jan 2011 14:33:40 -0600 (CST)

Received: by d.d.net (Postfix, from userid 0)

	id 9290380EE6; Sat, 22 Jan 2011 14:33:40 -0600 (CST)

Date: Sat, 22 Jan 2011 14:33:40 -0600

To: r.tristan.gonzalez@gmail.com, thartanian@hotmail.com

Subject: test7

User-Agent: Heirloom mailx 12.4 7/29/08

MIME-Version: 1.0

Content-Type: text/plain; charset=us-ascii

Content-Transfer-Encoding: 7bit

Message-Id: <20110122203340.9290380EE6@d.d.net>

From: root@d.d.net

Return-Path: root@d.d.net

X-OriginalArrivalTime: 22 Jan 2011 20:33:41.0341 (UTC) FILETIME=[A809C8D0:01CBBA73]



test

7

Last edited by trist007; 01-23-2011 at 08:52 AM.
 
Old 01-23-2011, 04:54 AM   #7
120
Member
 
Registered: Oct 2010
Posts: 46

Rep: Reputation: 9
Picking over the various bits and pieces of this, and just to be clear.
When you send from the main relay with the IP address ending in 102, that drops into a hotmail account inbox without going to spam, yes? But if you relay through it from Roadrunner address ending in 202 it junks it?

First question I would ask, before even looking at the SMTP stuff is this; during your testing (and we all do this in error) did you inadvertently click on the 'not junk' option in Hotmail for tests from the relay itself? What I would do is use fresh hotmail, gmail, yahoo and gmx accounts and test again - just to be absolutely sure no manual/auto whitelisting has taken place. This will only work reliably for the first test mail you send - so make it realistically like anything you will normally be sending. I'm going to PM you a couple of email addresses to send tests too as well, that way I can see the headers as I want them in private.

Moving to your posted headers - and I've removed them from the quoted chunk so you retain the power to edit your earlier post and delete them:


Quote:
Originally Posted by trist007 View Post
PTR are probably the culprit
From a DNS perspective, PTR is fine for both machines. They both resolve back and forth as they should. The only slight reservation on this is that clearly the second host has generic and dynamic type PTR. Really that should not matter as it is natural for remote smtp clients on dynamic addresses to connect to SMTP servers to send mail. I do note that the RR address concerned is listed in the SORBS blocklist. I'm not aware of Hotmail using SORBS in their decision making process, but it's not entirely impossible that it plays a part - or. Don't even waste your time trying to get delisted if that address is dynamic. I won't go into the politics because I rather like Michelle Sullivan and SORBS on ethos alone, but getting de-listed is notoriously difficult.

Quote:
Originally Posted by trist007 View Post
Also another thing, when I send mail directly from IP1 it sends as d.....net yet when I send from IP2 it sends as d....d....net. The only way I've found to fix this is to edit the myhostname in /etc/postfix/main.cf in IP2 from d....d....net, however I was thinking it would affect it, but I'm coming to think that it doesn't.
Potentially it very much could but it depends on the whole line of the first 'received from' header. As Postifx goes you get three bits of info: Let me expand a little with an example:

Received: from foo.com (mail.bar.com [1.2.3.4])
This says that 'the remote server HELO'd/EHLO'd with 'foo.com', it connected from 1.2.3.4 and the reverse (ptr) for 1.2.3.4 was 'mail.bar.com'). What is important is the 'helo' hostname - which can be quite different - *can* be keyed on when checking for potential spam. Some systems can use simple header checks for this, others make use of SPF on this (and the 'from' domain too) - so don't rule this out. Personally if your relay machine had reverse DNS that said it was called 'mail.foo.com' I'd make sure it helo'd with a hostname of 'mail.foo.com'. Consistency is the key and while this may not be playing a big part in the Hotmail issue, it may be combining with other issues to just trip the score. Also, it may play problems with other freemail providers. It's not unusual to see the HELO hostname different from reverse PTR, but in the golden game of email deliverability I personally would want that correct.

Quote:
Originally Posted by trist007 View Post
Are any forward regular dns checks made as well? Like to see if d.....net resolves to a non internal IP?
It depends on the receiving system but in many cases, yes. Some systems check for valid A records in non dynamic address space, MANY systems check the address of the AUTH name servers. I note one of yours is on a RR residential IP and I'd be really surprised if a couple of well known anti-spam devices did not bang the score up if you mentioned your domain name in the body of a mail, given that it appears in one or more blocklist(s). That said, it should not be *the* issue causing your problem as you can successfully deliver mail direct from the relay on its own. I mention it as it may cause you trouble later on - or be combining with other small issues to tip over the scales.

I'd also mention your SPF record. Yes, it permits both IP's to send. Personally, until I had this issue sorted I'd change the end of it from '-all' to '~all'.

I'll PM you some test email addresses - if you can fire off a full test to all of them I may just spot something in concrete if that's any use to you.

EDIT
Can't PM you by the look of it, so I'll send email to the domain if that's OK.

There is also the option to 'hide' headers in postfix with something like this (I'll use internal examples)

Quote:
FILE: /etc/postfix/maps/header_checks
#hide internal IPs added by postfix on the way out
/^Received:.*\[127\.0\.0\.1/ IGNORE
/^Received:.*\[10\.24\.55\.1/ IGNORE
/^Received:.*\[192\.168\.0\./ IGNORE
Then link that into main.cf with a line like this at the bottom:

header_checks = regexp:/etc/postfix/maps/header_checks

Naturally you could tell this to ignore the RR dynamic address if you get my drift.

Last edited by 120; 01-23-2011 at 05:07 AM. Reason: UPDATE
 
1 members found this post helpful.
Old 01-23-2011, 02:07 PM   #8
trist007
Senior Member
 
Registered: May 2008
Distribution: Slackware
Posts: 1,027

Original Poster
Rep: Reputation: 69
Got your email. I'm going to fire off those emails right after this post as well.

1. Now what if I use a soft fail '~' in the SPF record. What happens when neither of the two ip4 entries match the sending server? What that just rack up less points than a hard fail?

Going to send out those emails right now.
 
Old 01-24-2011, 02:15 AM   #9
120
Member
 
Registered: Oct 2010
Posts: 46

Rep: Reputation: 9
Got your test mails - the hotmail example went directly to 'junk' (all others OK). I think I can see why:

Quote:
173.x.x.102 is neither permitted nor denied...domain of root@dxxxx.dxxxx.net)
Your 'from' is using a subdomain of your .net (probably meant to be the hostname, but that is not how it is being interpreted). There are no SPF records for the subdomain, just the main.net - so the SPF neither fails or succeeds.

As for changing the dash to the tilde (- ro ~) it will just make errors in your SPF a bit more forgiving. Your interest in SPF is (and I'm guessing) probably to help deliverability, rather than to stop forgery.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
sendmail SMTP AUTH allows relaying ganesh_914 Linux - Server 0 07-23-2009 06:12 AM
Xmail and SMTP Relaying depam Linux - Software 4 04-08-2009 12:24 AM
Relaying mails through auth-SMTP server ? nileshgr Linux - Server 2 05-26-2008 12:14 AM
sendmail relaying with smtp-auth strange prob liam1234321 Linux - Server 1 05-20-2008 12:30 PM
smtp relaying is prohibited sami Linux - Networking 4 04-06-2004 10:14 AM


All times are GMT -5. The time now is 08:26 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration