On 2014-08-08 at 18:10 +0300, Odhiambo Washington wrote: > I run a server (cloud-based) with Exim+Mailman. The problem I am facing is > as described in the $subject. Why this is happening beats me.
Cloud or Colo (or small-scale VPS)? Colo and manually-assigned VPS machines tend to have long term stable IP addresses, but "cloud" setups, with the automation that implies, means that any one customer can be using multiple externally-facing source IP addresses and cycling through them by tearing down and bringing up instances as fast as they can get away with. My own mail-server rejects messages coming from known cloud ranges unless its DKIM signed. I want something I can use as a stable reputation identifier, and if the IP address is not going to be stable then I need to be able to track reputation for the domain, instead. My server, my rules. You should *definitely* read Bradley Taylor's paper on how Google were tracking reputation back in 2006: http://research.google.com/pubs/author70.html > The domain name is my.co.ke and I use mailman-prod.my.co.ke as the FQDN. There may be problems caused by the nameservers; on my own colocation box in NL, attempts to resolve mailman-prod.my.co.ke were timing out as none of the nameservers could be reached. I see that both NS servers have an IP in the same /24 netblock (but I don't know if anycast is in use). I can now resolve it, so there may just be routing glitches (or both NS went unavailable at the same time?) If you don't have public facing authoritative DNS which is reliably reachable from the systems accepting email from you, then you look like a spammer, sending from a fake domain. So I'd tackle three things: (1) Get an NS secondary setup with someone in a completely different network, preferably even a different continent, so that network links into constrained areas aren't a bottleneck. I stick to just two continents for my own zones (three countries), but those are EU and NA, with the EU ones being near LINX and AMS-IX, so there's good connectivity. These things matter. (2) See about getting onto some whitelists, as a known sender of opt-in email; <http://www.dnswl.org/> is easier to get onto than Spamhaus's list, while still being good at tackling abusive registration attempts. (3) DKIM signing for your domain -Phil -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
