On 4/14/2014 4:01 AM, li...@rhsoft.net wrote: > > Am 14.04.2014 05:20, schrieb Stan Hoeppner: >> Clearly I was responding specifically to 'what is hard about making them >> match', which is why I snipped the rest. If one controls PTR it's easy >> to make all 3 match. When one does not control PTR it is 'hard', in >> fact impossible, to make them all match. >> >> Our friend from Vienna seemed focused on incompetency of admins, while I >> was pointing out that 'incompetency' of some ISPs is a larger problem, >> as in the latter case there is often no option to set the PTR, whether >> one reads the docs or not > > don't get me wrong but that's the same weak excuse as > "i do not spam my customers do" so why blacklist me > > in fact a sane PTR is a prerequisite for relieable mailservices > and if you are at planning a public MTA normally you make sure > the matching PTR and other things before send the first message > > if you are at checking the prerequisites and realize you can't > get a PTR as needed you can't setup the mailserver on that ISP > or need to rent a relay-server - that's part of organize things > and at the end competence of a sysadmin
In a perfect world yes, this is how it should work. But we live in an imperfect world, one in which even competent sysadmins are forced to setup outbound MTAs on IPs with generic rDNS, because there are no alternatives. What you fail to understand is that in many parts of the world outside your sphere of knowledge/experience, people's options are limited or non existent, whether services not offered by the provider, lack of competition, budget, administrative or policy constraints, etc, etc. A couple of years ago I started receiving bot spam from multiple IPs in a Southern California Verizon FIOS subnet. I did a little research into the block, polled the rDNS for the /16, and decided it was all residential. I added a regex to match the generic rDNS pattern to fqrdns.pcre and copied it to the upload dir. Within 12 hours I received an angry email from a user whose Postfix MX had blocked mail from his father who worked at a K-12 school. Correspondence with the administrator revealed that Verizon did not offer custom rDNS for FIOS IP addresses. When I asked why he didn't relay through their servers he explained that their fee for "business SMTP relay" was ridiculous given he had no direct delivery problems of any magnitude. I myself have my SOHO SMTP outbound on an IP with generic rDNS, for the same reason as the OP above. In my case the provider is CentruyLink. While I could use their relays I choose not to for the same reason I run a mail server in my home office in the first place: full control of my email. Co-locating a box is not an option for me as the nearest facility is over an hour away. I could rent a VPS, but many VPS provider's IP space is widely blocked due to snowshoe spammer infestations. But why should I spend money on that when I have no delivery issues relating to generic rDNS, and my outbound IP has a Trustworthiness score of HIGH at dnswl.org? You can call myself, the sysop at the SoCal school, and tens of thousands of other OPs doing the same thing, incompetent all you like. Whether RFCs state A/PTR/HELO *MUST* match, or whether *you* say they must match does not make it so, because a large portion of the world isn't paying attention to either of you, and the mail gets delivered. Cheers, Stan
