We discovered we were block-listed on the CBL list yesterday. After
some investigation, it turns out that their issue is with IMail
attempting to represent itself as different domains that it hosts
when announcing itself in the HELO command. I'm not a RFP expert -
what is the proper behavior in this situation? Here's what they said:
If you are using Ipswitch Imail, Ensim or WorkGroupMail we would
recommend that
you ask the software vendor to add an option to their software to avoid
this game playing with HELO strings, largely because many other
anti-spam techniques and services use similar algorithms, and both of us
would be better off if we don't get surprised months down the road when
you install another one of these things.
Anyone have any comments or similar experiences? Is there a
configuration I'm missing?
if your outbound machine is the same as your MX for locustcreek.com,
then it looks like you have syntax problem in the RDATA field (in the
zone file, missing a terminating "." on a FQDN):
dig locustcreek.com mx
; <<>> DiG 9.3.1 <<>> locustcreek.com mx
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34022
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;locustcreek.com. IN MX
;; ANSWER SECTION:
locustcreek.com. 172800 IN MX 10
inbound.locustcreek.com.emailmx.com.
.... but probably not. Probably a "vanity" domain name.
The PTR for your MXs IP does not have a matching A record:
dig inbound.locustcreek.com.emailmx.com.
; <<>> DiG 9.3.1 <<>> inbound.locustcreek.com.emailmx.com.
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30068
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3
;; QUESTION SECTION:
;inbound.locustcreek.com.emailmx.com. IN A
;; ANSWER SECTION:
inbound.locustcreek.com.emailmx.com. 1200 IN A 216.40.36.30
.... A record above doesn't match the PTR below:
dig -x 216.40.36.30
; <<>> DiG 9.3.1 <<>> -x 216.40.36.30
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10174
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3
;; QUESTION SECTION:
;30.36.40.216.in-addr.arpa. IN PTR
;; ANSWER SECTION:
30.36.40.216.in-addr.arpa. 1200 IN PTR c1-sf.emaildefenseservice.com.
PTR and A records must match, or many DNS verifications run by
anti-spam filters will conclude you have no PTR at all.
A good practice is that HELO domain name match the PTR domain name.
Len
_____________________________________________________________________
http://IMGate.MEIway.com : free anti-spam gateway, runs on 1000's of sites
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
