Re: Problems with mail system? [Fwd: Returned mail: User unknown]
In article [EMAIL PROTECTED], Joseph Carter [EMAIL PROTECTED] wrote: On Wed, Sep 06, 2000 at 11:37:55PM -0400, [EMAIL PROTECTED] wrote: yes. get an ISP that can do reverse DNS. YEESHHH! I'll happily bounce their mail until then. Are you willing to pay the difference between the cost of that user's current ISP and one which meets your standard? Until then, you have absolutely no right to tell someone what ISP they should use. For some, the option of getting another ISP is unaffordable or even impossible in some regions of the world. This is sometimes true even in the US, especially if you require more than a modem connection. A server on the 'net without matching forward/reverse DNS is broken. Period. What if someones ISP drops 50% of all messages. Should the Debian mailinglist servers simply send all messages 4 times so that the chance is bigger of the recipient actually getting the message? Ofcourse not, because the ISP should fix the mailserver instead since it is broken. The DNS issue is *exactly* the same. The fact that it happens to work some or even most of the time doesn't make it less broken. Mike. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Problems with mail system? [Fwd: Returned mail: User unknown]
On Thu, Sep 07, 2000 at 01:41:30PM +0100, Mark Brown wrote: Perhaps it's from being too geeky myself, but Branden's explanation (the recipient of the error message is not welcome on *THEIR* Internet under the reasoning that they're ... refusing connections from machines It was the bit about dialup trash - inability to get reverse DNS working is a different issue. My reverse DNS does not match my forward DNS. I have @home. Only broadband service available here. I think the quality @home's NT-based servicess is world-renown at this point. So let's not even start there, because I'm going to be very upset when people start suggesting I need a couple thousand a month for a decent T1 connection in order to be considered a good net citizen. You can't even get ISDN here. -- Joseph Carter [EMAIL PROTECTED] GnuPG key 1024D/DCF9DAB3 Debian GNU/Linux (http://www.debian.org/) 20F6 2261 F185 7A3E 79FC The QuakeForge Project (http://quakeforge.net/) 44F9 8FF7 D7A3 DCF9 DAB3 Knghtbrd 2fort5 sucks enough to have its own gravity ... -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Problems with mail system? [Fwd: Returned mail: User unknown]
On Thu, Sep 07, 2000 at 04:33:09PM -0500, Joseph Carter wrote: My reverse DNS does not match my forward DNS. I have @home. Only They don't need to match. Your IP just needs to resolve to something, and that something needs to resolve back to your IP. This has no effect on what From: addresses and envelope senders you can use. [EMAIL PROTECTED]:~$ host 24.22.127.210 Name: cc659474-a.indnpls1.in.home.com Address: 24.22.127.210 [EMAIL PROTECTED]:~$ host cc659474-a.indnpls1.in.home.com cc659474-a.indnpls1.in.home.com A 24.22.127.210 There is no reason your mail shouldn't work properly with these settings (apart from being listed on the DUL). If you'd like, I'll add you a line in my access control to allow you to relay through my server. I'm sure there are many other people on this list who would offer the same. broadband service available here. I think the quality @home's NT-based servicess is world-renown at this point. So let's not even start there, because I'm going to be very upset when people start suggesting I need a couple thousand a month for a decent T1 connection in order to be considered a good net citizen. You can't even get ISDN here. ssh -L 25:localhost:25 [EMAIL PROTECTED] --Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Problems with mail system? [Fwd: Returned mail: User unknown]
On Thu, Sep 07, 2000 at 08:44:06PM +, Miquel van Smoorenburg wrote: yes. get an ISP that can do reverse DNS. YEESHHH! I'll happily bounce their mail until then. Are you willing to pay the difference between the cost of that user's current ISP and one which meets your standard? Until then, you have absolutely no right to tell someone what ISP they should use. For some, the option of getting another ISP is unaffordable or even impossible in some regions of the world. This is sometimes true even in the US, especially if you require more than a modem connection. A server on the 'net without matching forward/reverse DNS is broken. Period. Complete bullshit. Show me the RFC that says you may only have one DNS name attached to an IP at a time. You can't do it because it doesn't exist. Several Debian developers have debian.net subdomains which do not reverse because they have no control over their DNS even though their IP addresses are static. My static IP address with @home (yes, I did convince them to give me one) is cc659474-a.indnpls1.in.home.com as far as they are concerned. I have no desire to use that hostname on my email, so I have this: tank.debian.net A 24.22.127.210 This is perfectly legal practice according to every RFC I have ever read. It is also quite legitimate for my system to declare that it is tank.debian.net which does indeed resolve to a valid IP address. The fact people such as yourself would add the additional requirement that 24.22.127.210 resolve back to tank.debian.net has nothing to do with what the RFC's state is correct. If I file a bug against a package and my report is bounced as probably spam, I will NMU the package immediately without discussion or further attempts at a warning. As a Debian developer, you have an obligation to maintain your packages. If you wish to act stupid regarding your mail policies that's fine - until it interferes with maintaining packages. At that point, it affects all of us. What if someones ISP drops 50% of all messages. Should the Debian mailinglist servers simply send all messages 4 times so that the chance is bigger of the recipient actually getting the message? Ofcourse not, because the ISP should fix the mailserver instead since it is broken. The DNS issue is *exactly* the same. The fact that it happens to work some or even most of the time doesn't make it less broken. Once again, complete bullshit. There is absolutely nothing anywhere which states an IP address may only have one name or that if it has more than one, you must use only the primary DNS for which you have reverse set up. Requiring that the name an IP reverses to also being able to resolve to the IP is a different matter if you're willing to jump through the lookup hoops to make sure the reverse name is actually the machine in question. How this would combat spam, I have no idea, but if you found such a system it would indeed be very broken. -- Joseph Carter [EMAIL PROTECTED] GnuPG key 1024D/DCF9DAB3 Debian GNU/Linux (http://www.debian.org/) 20F6 2261 F185 7A3E 79FC The QuakeForge Project (http://quakeforge.net/) 44F9 8FF7 D7A3 DCF9 DAB3 Dr^Nick SGI_Multitexture is bad voodoo now Dr^Nick ARB is good voodoo witten no, voodoo rush is bad voodoo :) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Problems with mail system? [Fwd: Returned mail: User unknown]
On Thu, Sep 07, 2000 at 05:00:39PM -0500, Joseph Carter wrote: Complete bullshit. Show me the RFC that says you may only have one DNS name attached to an IP at a time. You can't do it because it doesn't exist. Several Debian developers have debian.net subdomains which do not reverse because they have no control over their DNS even though their IP addresses are static. My static IP address with @home (yes, I did convince them to give me one) is cc659474-a.indnpls1.in.home.com as far as they are concerned. I have no desire to use that hostname on my email, so I have this: tank.debian.net A 24.22.127.210 There is no problem with that.. Every mail that leaves my system comes from 207.99.50.34 and I host over 50 domains here. This is perfectly legal practice according to every RFC I have ever read. It is also quite legitimate for my system to declare that it is tank.debian.net which does indeed resolve to a valid IP address. The fact people such as yourself would add the additional requirement that 24.22.127.210 resolve back to tank.debian.net has nothing to do with what the RFC's state is correct. If I file a bug against a package and my report is bounced as probably spam, I will NMU the package immediately without discussion or further attempts at a warning. As a Debian developer, you have an obligation to maintain your packages. If you wish to act stupid regarding your mail policies that's fine - until it interferes with maintaining packages. At that point, it affects all of us. 24.22/16 is not listed on the DUL anwyay. Whoever is bouncing your mail must have manually added you to their spam filters, or possibly all of 24/8. --Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Problems with mail system? [Fwd: Returned mail: User unknown]
On Thu, Sep 07, 2000 at 05:37:25PM -0400, Adam McKenna wrote: My reverse DNS does not match my forward DNS. I have @home. Only They don't need to match. Your IP just needs to resolve to something, and that something needs to resolve back to your IP. This has no effect on what From: addresses and envelope senders you can use. Miquel van Smoorenburg and others seem to think that they do need to match. if you connect to my IP, you will see that neither 24.22.127.210 nor cc659474-a.indnpls1.in.home.com appear in the greeting. [EMAIL PROTECTED]:~$ host 24.22.127.210 Name: cc659474-a.indnpls1.in.home.com Address: 24.22.127.210 [EMAIL PROTECTED]:~$ host cc659474-a.indnpls1.in.home.com cc659474-a.indnpls1.in.home.com A 24.22.127.210 There is no reason your mail shouldn't work properly with these settings (apart from being listed on the DUL). If you'd like, I'll add you a line in my access control to allow you to relay through my server. I'm sure there are many other people on this list who would offer the same. I do not appear to be listed with the DUL, so far as I know. A couple of hosts seem to reject 24.* or something, but I'm not overly worried about them. I _AM_ worried about people who want to make it worse by adding additional arbitrary requirements before they accept mail related to Debian. It's somewhat amusing that the blacklist people seem to have blacklisted eachother, though. -- Joseph Carter [EMAIL PROTECTED] GnuPG key 1024D/DCF9DAB3 Debian GNU/Linux (http://www.debian.org/) 20F6 2261 F185 7A3E 79FC The QuakeForge Project (http://quakeforge.net/) 44F9 8FF7 D7A3 DCF9 DAB3 Pacific Bell Customer Service, this is [..], how can I provide you with excellent customer service today? HAHAHAHAHA!! That's good, I like it.. Um, thanks, they make us say that. -- knghtbrd and a pacbell rep, name removed to protect her job -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Problems with mail system? [Fwd: Returned mail: User unknown]
On Thu, Sep 07, 2000 at 05:16:23PM -0500, Joseph Carter wrote: On Thu, Sep 07, 2000 at 05:37:25PM -0400, Adam McKenna wrote: My reverse DNS does not match my forward DNS. I have @home. Only They don't need to match. Your IP just needs to resolve to something, and that something needs to resolve back to your IP. This has no effect on what From: addresses and envelope senders you can use. Miquel van Smoorenburg and others seem to think that they do need to match. if you connect to my IP, you will see that neither 24.22.127.210 nor cc659474-a.indnpls1.in.home.com appear in the greeting. So? Anyone who asked for that would be unreasonable. Besides, nobody's mail server is telneting to your port 25 to see what your SMTP greeting says -- that would be insane. It's a simple double-lookup. The PTR record is queried, and checked to see if it matches that particular A record. Not all MTA's even do this. The only other check that some MTA's perform is checking that the domain in the Mail From: header (the envelope sender) is a real domain. To sum up, your particular problem is not with DNS, it's with some fool arbitrarily blocking either you in particular, or some larger network which includes you. --Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Problems with mail system? [Fwd: Returned mail: User unknown]
In article [EMAIL PROTECTED], Joseph Carter [EMAIL PROTECTED] wrote: On Thu, Sep 07, 2000 at 08:44:06PM +, Miquel van Smoorenburg wrote: A server on the 'net without matching forward/reverse DNS is broken. Period. Complete bullshit. Show me the RFC that says you may only have one DNS name attached to an IP at a time. You can't do it because it doesn't exist. Go and read the (according to you non-existant) RFC 1912 Several Debian developers have debian.net subdomains which do not reverse because they have no control over their DNS even though their IP addresses are static. Doesn't matter. As long as getipaddr(gethostname(ipaddr)) == ipaddr, and that is the case. gethostname(getipaddr(hostname)) == hostname doesn't have to match, in fact for an incoming connection you can't even check that fact. So your arguments are bogus. Wait - you are talking about the envelope address. No mail server I know of does a check of this kind against the envelope address. Just a quick check to see if the domain resolves is usually all that is done. My static IP address with @home (yes, I did convince them to give me one) is cc659474-a.indnpls1.in.home.com as far as they are concerned. I have no desire to use that hostname on my email, so I have this: tank.debian.net A 24.22.127.210 No problem, but you *really* should have this entry: tank.debian.net A 24.22.127.210 MX 50 cc659474-a.indnpls1.in.home.com. MX 100 some.friendly.fallback.host. This is perfectly legal practice according to every RFC I have ever read. Yes. There are also perfectly legal ways to avoid paying tax. Does that also mean that that was how the lawmakers intended it ? It is also quite legitimate for my system to declare that it is tank.debian.net which does indeed resolve to a valid IP address. The fact people such as yourself would add the additional requirement that 24.22.127.210 resolve back to tank.debian.net has nothing to do with what the RFC's state is correct. No, if you connect to my server, I can only see that you are connecting from 24.22.127.210. That resolves to cc659474-a.indnpls1.in.home.com, which in turn resolves back to 24.22.127.210. Your DNS is perfectly valid. If I file a bug against a package and my report is bounced as probably spam, I will NMU the package immediately without discussion or further attempts at a warning. Ah. Now, what if the report bounces because the mail server from my ISP is badly configured/maintained, and it looks like a spam bounce but isn't really. Should I get another ISP? Oops, redo mailthread from start. Mike. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Problems with mail system? [Fwd: Returned mail: User unknown]
On Thu, Sep 07, 2000 at 05:00:39PM -0500, Joseph Carter wrote: On Thu, Sep 07, 2000 at 08:44:06PM +, Miquel van Smoorenburg wrote: A server on the 'net without matching forward/reverse DNS is broken. Period. Complete bullshit. Show me the RFC that says you may only have one DNS name attached to an IP at a time. nobody claimed that it did. i'd accuse you of inventing straw-men arguments just to prove your point but i don't believe you're anywhere near smart enough to even attempt thati'll put it down to stupidity rather than malice. You can't do it because it doesn't exist. Several Debian developers have debian.net subdomains which do not reverse because they have no control over their DNS even though their IP addresses are static. My static IP address with @home (yes, I did convince them to give me one) is cc659474-a.indnpls1.in.home.com as far as they are concerned. I have no desire to use that hostname on my email, so I have this: tank.debian.net A 24.22.127.210 This is perfectly legal practice according to every RFC I have ever read. It is also quite legitimate for my system to declare that it is tank.debian.net which does indeed resolve to a valid IP address. The fact people such as yourself would add the additional requirement that 24.22.127.210 resolve back to tank.debian.net has nothing to do with what the RFC's state is correct. as usual, you don't have the faintest clue of what you are talking about. as usual, you are getting all flustered and distressed over your own idiotic misunderstanding of what is going on. the fact that there is an A record for tank.debian.net pointing to the IP address is completely and utterly irrelevant. those sites which do reverse lookup checks for incoming connections do one (or both) of two things: 1. check that there is a .in-addr.arpa PTR record the IP address in question. 2. check that the .in-addr.arpa PTR record is actually correct. e.g. if the server does a lookup on 24.22.127.210 and finds the PTR record which says that it is cc659474-a.indnpls1.in.home.com, then it will immediately do a lookup on cc659474-a.indnpls1.in.home.com to make sure that it has an A record pointing to 24.22.127.210. this is what TCP Wrappers calls a PARANOID check. note that tank.debian.net does not enter the picture at all. it is irrelevant to the check under discussion. since the .in-addr.arpa PTR record does not mention tank.debian.net at all, the server does not and CAN NOT know or care anything about that name. whether failure of either or both of the above checks is a valid reason for bouncing mail is another matter entirely (and, IMO, it is not valid). some other sites check whether the SMTP envelope HELO/EHLO hostname exists. some even check whether it resolves to the IP address of the incoming connection. these have nothing to do with reverse DNS lookups, and the question of whether they are good policy or not is debatable (IMO the former is OK, the latter is not). craig -- craig sanders -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Problems with mail system? [Fwd: Returned mail: User unknown]
On Fri, Sep 08, 2000 at 11:10:12AM +1100, Craig Sanders wrote: On Thu, Sep 07, 2000 at 05:00:39PM -0500, Joseph Carter wrote: On Thu, Sep 07, 2000 at 08:44:06PM +, Miquel van Smoorenburg wrote: [snip, snip, snippety-snip] Ladies and Gentlemen, I just joined the debian-devel list yesterday, all excited about being able to possibly contribute code and insights to the installation system to make it more palatable to those who would like to install the OS in 5 minutes a la Kickstart/Jumpstart. Maybe I'd even build some .debs for software for which there are none yet. However, the first thing I see is some pointless bickering about DNS and email. I am now very turned off because instead of seeing a bunch of bright developers, I'm seeing a voluminous amount of off-topic flaming. I suspect that Debian development would move a lot faster if you stopped worrying about relatively inane administrivia like whether fwd/rev DNS entries match and instead moved on with coding and QA. Everyone has a different security philosophy and we all have to learn to deal with that. As an olive branch, I'm not even going to bother offering my opinion on the matter at hand. ;-) So, who wants to talk about installation? -- Michael S. Fischer [EMAIL PROTECTED] AKA Otterley _O_ Lead Hacketeer, Dynamine Consulting, Silicon Valley, CA | Phone: +1 650 533 4684 | AIM: IsThisOtterley | ICQ: 4218323 | From the bricks of shame is built the hope--Alan Wilder net.goth -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Problems with mail system? [Fwd: Returned mail: User unknown]
On Thu, Sep 07, 2000 at 05:16:23PM -0500, Joseph Carter wrote: On Thu, Sep 07, 2000 at 05:37:25PM -0400, Adam McKenna wrote: My reverse DNS does not match my forward DNS. I have @home. Only They don't need to match. Your IP just needs to resolve to something, and that something needs to resolve back to your IP. This has no effect on what From: addresses and envelope senders you can use. Miquel van Smoorenburg and others seem to think that they do need to match. if you connect to my IP, you will see that neither 24.22.127.210 nor cc659474-a.indnpls1.in.home.com appear in the greeting. Maybe it is because they've read over RFC1912 Section 2.1: Many services available on the Internet will not talk to you if you aren't correctly registered in the DNS. Make sure your PTR and A records match. For every IP address, there should be a matching PTR record in the in-addr.arpa domain. If you feel that the way you use DNS is broad enough, why not write up an RFC? Anand -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Problems with mail system? [Fwd: Returned mail: User unknown]
On Thu, Sep 07, 2000 at 06:20:46PM -0400, Adam McKenna wrote: So? Anyone who asked for that would be unreasonable. Besides, nobody's mail server is telneting to your port 25 to see what your SMTP greeting says -- that would be insane. It's a simple double-lookup. The PTR record is queried, and checked to see if it matches that particular A record. Not all MTA's even do this. The only other check that some MTA's perform is checking that the domain in the Mail From: header (the envelope sender) is a real domain. To sum up, your particular problem is not with DNS, it's with some fool arbitrarily blocking either you in particular, or some larger network which includes you. I don't have such a problem. As you have agreed, any such requirement would be unreasonable, so why are we arguing? -- Joseph Carter [EMAIL PROTECTED] GnuPG key 1024D/DCF9DAB3 Debian GNU/Linux (http://www.debian.org/) 20F6 2261 F185 7A3E 79FC The QuakeForge Project (http://quakeforge.net/) 44F9 8FF7 D7A3 DCF9 DAB3 === This letter is the Honor System Virus If you are running a Macintosh, OS/2, Unix, or Linux computer, please randomly delete several files from your hard disk drive and forward this message to everyone you know. == -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Problems with mail system? [Fwd: Returned mail: User unknown]
On Thu, Sep 07, 2000 at 05:20:02PM -0700, Michael S. Fischer wrote: I just joined the debian-devel list yesterday, all excited [...] I am now very turned off because instead of seeing a bunch of bright developers, I'm seeing a voluminous amount of off-topic flaming. Welcome to Debian. -- G. Branden Robinson | Measure with micrometer, Debian GNU/Linux| mark with chalk, [EMAIL PROTECTED] | cut with axe, http://www.debian.org/~branden/ | hope like hell. pgpsP8zwbSSRY.pgp Description: PGP signature
Re: Problems with mail system? [Fwd: Returned mail: User unknown]
Micheal == Michael S Fischer [EMAIL PROTECTED] writes: Micheal I just joined the debian-devel list yesterday, all excited about being Micheal able to possibly contribute code and insights to the installation Micheal system to make it more palatable to those who would like to install Micheal the OS in 5 minutes a la Kickstart/Jumpstart. Maybe I'd even build Micheal some .debs for software for which there are none yet. Actally, the naivette inherent in these assumptions is rather touching ... Micheal However, the first thing I see is some pointless bickering about DNS Micheal and email. I am now very turned off because instead of seeing a bunch Micheal of bright developers, I'm seeing a voluminous amount of off-topic Micheal flaming. Welcome to real life, as personified by the Debian mailing lists manoj -- There is nothing so deadly as not to hold up to people the opportunity to do great and wonderful things, if we wish to stimulate them in an active way. Dr. Harold Urey, Nobel Laureate in chemistry Manoj Srivastava [EMAIL PROTECTED] http://www.debian.org/%7Esrivasta/ 1024R/C7261095 print CB D9 F4 12 68 07 E4 05 CC 2D 27 12 1D F5 E8 6E 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Problems with mail system? [Fwd: Returned mail: User unknown]
On Sep 07, Jules Bean [EMAIL PROTECTED] wrote: Some very big ISP here have mailservers with no reverse mapping... Well, they are badly broken, you know? I do, but refusing mail is quite an extreme act. The IANA mandate is that /all/ machines on public IP address have I really don't think so. Please provider RFC number and verse. -- ciao, Marco -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Problems with mail system? [Fwd: Returned mail: User unknown]
8.09.2000 pisze Branden Robinson ([EMAIL PROTECTED]): I am now very turned off because instead of seeing a bunch of bright developers, I'm seeing a voluminous amount of off-topic flaming. Welcome to Debian. ``What is Debian. How do you define Debian? If you're talking about what you can feel, what you can smell, what you can taste and see, then Debian is simply electrical signals interpreted by your brain. This is the world that you know. The world as it was at the end of the twentieth century. It exists now only as part of a neural-interactive simulation that we call the Matrix. You've been living in a dream world, Neo. This is the world as it exists today... Welcome to the Desert of the Real. We have only bits and pieces of information but what we know for certain is that at some point in the early twenty-first century all of mankind was united in celebration. We marveled at our own magnificence as we gave birth to Debian project.'' ;- best regards, Jubal -- [ Miros/law L Baran, baran-at-knm-org-pl, neg IQ, cert AI ] [ 0101010 is ] [ BOF2510053411, makabra.knm.org.pl/~baran/, alchemy pany ] [ The Answer ] Humans use walking canes when they grow old. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Problems with mail system? [Fwd: Returned mail: User unknown]
Hi, Oliver Schulze is an upstream maintainer of one of my prospective packages, and he's had problems sending mail to my @debian.org address. I believe that this is something to do with master's IPv6 configuration - the SMTP error message from master is: 550 mail from :::216.250.196.10 rejected: administrative prohibition (failed to find host name from IP address) Is there any way to get this fixed? A copy of the transcript is included below. Thanks, Timshel - Forwarded message from Oliver Schulze L. [EMAIL PROTECTED] - Delivered-To: [EMAIL PROTECTED] Date: Wed, 06 Sep 2000 00:22:33 -0400 From: Oliver Schulze L. [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] X-Mailer: Mozilla 4.75 [en] (X11; U; Linux 2.2.16 i586) X-Accept-Language: en, es-PY, es To: [EMAIL PROTECTED] Subject: [Fwd: Returned mail: User unknown] -- Oliver Schulze L. [EMAIL PROTECTED] Asuncion-Paraguay http://www.pla.net.py/home/oliver/ Date: Tue, 5 Sep 2000 14:04:44 +0400 From: Mail Delivery Subsystem [EMAIL PROTECTED] Subject: Returned mail: User unknown To: [EMAIL PROTECTED] Auto-Submitted: auto-generated (failure) X-Mozilla-Status2: The original message was received at Tue, 5 Sep 2000 14:03:08 +0400 from [EMAIL PROTECTED] - The following addresses had permanent fatal errors - [EMAIL PROTECTED] - Transcript of session follows - ... while talking to master.debian.org.: RCPT To:[EMAIL PROTECTED] 550- 550 mail from :::216.250.196.10 rejected: administrative prohibition (failed to find host name from IP address) 550 [EMAIL PROTECTED] User unknown Reporting-MTA: dns; Polaris.Pla.net.PY Arrival-Date: Tue, 5 Sep 2000 14:03:08 +0400 Final-Recipient: rfc822; [EMAIL PROTECTED] Action: failed Status: 5.1.1 Remote-MTA: dns; master.debian.org Diagnostic-Code: smtp; 550- Last-Attempt-Date: Tue, 5 Sep 2000 14:04:40 +0400 Date: Tue, 05 Sep 2000 13:43:12 -0400 From: Oliver Schulze L. [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] X-Mailer: Mozilla 4.75 [en] (X11; U; Linux 2.2.16 i586) X-Accept-Language: en, es-PY, es To: Timshel Knoll [EMAIL PROTECTED] Subject: Re: GPPPKill in Debian ... content snipped - End forwarded message - -- Timshel Knoll [EMAIL PROTECTED] for Debian email: [EMAIL PROTECTED] Second year Computer Science, RMIT | CS108 Tutor (Semester 2, 2000) Debian GNU/Linux developer, see http://www.debian.org/~timshel/ For GnuPG public key: finger [EMAIL PROTECTED] or [EMAIL PROTECTED] pgpK9xSKcole0.pgp Description: PGP signature
Re: Problems with mail system? [Fwd: Returned mail: User unknown]
On Thu, 7 Sep 2000, Timshel Knoll wrote: Oliver Schulze is an upstream maintainer of one of my prospective packages, and he's had problems sending mail to my @debian.org address. I believe that this is something to do with master's IPv6 configuration - the SMTP error message from master is: 550 mail from :::216.250.196.10 rejected: administrative prohibition (failed to find host name from IP address) This is just your standard lack of reverse DNS.. Part of the anti-spam bit. The sender needs to get working reverse DNS I suppose.. Jason -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Problems with mail system? [Fwd: Returned mail: User unknown]
On Thu, Sep 07, 2000 at 01:08:17PM +1100, Timshel Knoll wrote: 550 mail from :::216.250.196.10 rejected: administrative prohibition (failed to find host name from IP address) Is there any way to get this fixed? No. The MTA at the destination host is trying to tell you that dialup trash like yourself isn't welcome on *THEIR* Internet, under the reasoning that they're stopping spammers by refusing connections from machines with characteristics like yours (dynamically assigned IP, perhaps, or simply no reverse DNS record), and that any legitimate non-spam traffic is too inconvenient to deal with. A similar sort of logic holds that if we had executed enough queers (and IV drug users, but the important part is the queers[*]) in 1983, there wouldn't be an AIDS epidemic today. [*] Because if you're fine, upstanding, Church-going member of the Knights of Columbus, Kiwanis Club, etc., it is far more psychologically devastating to you if your son is getting poked with pork instead of syringes, even if the syringes contain smack that's been cut with Drano. -- G. Branden Robinson | Optimists believe we live in the best of Debian GNU/Linux| all possible worlds. Pessimists are [EMAIL PROTECTED] | afraid the optimists are right. http://www.debian.org/~branden/ | pgpUsuZ5WP1wu.pgp Description: PGP signature
Re: Problems with mail system? [Fwd: Returned mail: User unknown]
On Wed, Sep 06, 2000 at 09:58:49PM -0500, Branden Robinson wrote: On Thu, Sep 07, 2000 at 01:08:17PM +1100, Timshel Knoll wrote: 550 mail from :::216.250.196.10 rejected: administrative prohibition (failed to find host name from IP address) Is there any way to get this fixed? No. The MTA at the destination host is trying to tell you that dialup trash like yourself isn't welcome on *THEIR* Internet, under the reasoning that they're stopping spammers by refusing connections from machines with characteristics like yours (dynamically assigned IP, perhaps, or simply no reverse DNS record), and that any legitimate non-spam traffic is too inconvenient to deal with. We know your opinions on the DUL, Branden, but that's not what the error says. It says, in plain English, failed to find host name from IP address. --Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Problems with mail system? [Fwd: Returned mail: User unknown]
On Wed, Sep 06, 2000 at 09:58:49PM -0500, Branden Robinson wrote: On Thu, Sep 07, 2000 at 01:08:17PM +1100, Timshel Knoll wrote: 550 mail from :::216.250.196.10 rejected: administrative prohibition (failed to find host name from IP address) Is there any way to get this fixed? No. The MTA at the destination host is trying to tell you that dialup trash like yourself isn't welcome on *THEIR* Internet, under the reasoning that they're stopping spammers by refusing connections from machines with characteristics like yours (dynamically assigned IP, perhaps, or simply no reverse DNS record), and that any legitimate non-spam traffic is too inconvenient to deal with. We know your opinions on the DUL, Branden, but that's not what the error says. It says, in plain English, failed to find host name from IP address. It says in plain English, administrative prohibition (failed to fine host name from IP address) Perhaps it's from being too geeky myself, but Branden's explanation (the recipient of the error message is not welcome on *THEIR* Internet under the reasoning that they're ... refusing connections from machines with characteristics like [his] (...simply no reverse DNS record)) sounds like a fairly direct and accurate translation of admisitrative prohibition (failed to find host name from IP address). --Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- Buddha Buck [EMAIL PROTECTED] Just as the strength of the Internet is chaos, so the strength of our liberty depends upon the chaos and cacophony of the unfettered speech the First Amendment protects. -- A.L.A. v. U.S. Dept. of Justice -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Problems with mail system? [Fwd: Returned mail: User unknown]
On Wed, Sep 06, 2000 at 11:33:21PM -0400, Buddha Buck wrote: On Wed, Sep 06, 2000 at 09:58:49PM -0500, Branden Robinson wrote: On Thu, Sep 07, 2000 at 01:08:17PM +1100, Timshel Knoll wrote: 550 mail from :::216.250.196.10 rejected: administrative prohibition (failed to find host name from IP address) Is there any way to get this fixed? yes. get an ISP that can do reverse DNS. YEESHHH! I'll happily bounce their mail until then. No. The MTA at the destination host is trying to tell you that dialup trash like yourself isn't welcome on *THEIR* Internet, under the reasoning that they're stopping spammers by refusing connections from machines with characteristics like yours (dynamically assigned IP, perhaps, or simply no reverse DNS record), and that any legitimate non-spam traffic is too inconvenient to deal with. We know your opinions on the DUL, Branden, but that's not what the error says. It says, in plain English, failed to find host name from IP address. It says in plain English, administrative prohibition (failed to fine host name from IP address) Perhaps it's from being too geeky myself, but Branden's explanation (the recipient of the error message is not welcome on *THEIR* Internet under the reasoning that they're ... refusing connections from machines with characteristics like [his] (...simply no reverse DNS record)) sounds like a fairly direct and accurate translation of admisitrative prohibition (failed to find host name from IP address). --Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- Buddha Buck [EMAIL PROTECTED] Just as the strength of the Internet is chaos, so the strength of our liberty depends upon the chaos and cacophony of the unfettered speech the First Amendment protects. -- A.L.A. v. U.S. Dept. of Justice -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- Christopher F. Miller, Publisher [EMAIL PROTECTED] MaineStreet Communications, Inc 208 Portland Road, Gray, ME 04039 1.207.657.5078 http://www.maine.com/ Database publishing, e-commerce, office/internet integration, Debian linux. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Problems with mail system? [Fwd: Returned mail: User unknown]
On Wed, Sep 06, 2000 at 11:33:21PM -0400, Buddha Buck wrote: Perhaps it's from being too geeky myself, but Branden's explanation (the recipient of the error message is not welcome on *THEIR* Internet under the reasoning that they're ... refusing connections from machines with characteristics like [his] (...simply no reverse DNS record)) sounds like a fairly direct and accurate translation of admisitrative prohibition (failed to find host name from IP address). Yes, that's what he said, but what he meant was that people shouldn't have the right to decide who they accept mail from, and under what conditions. I guess it's been too long since we had that particular flamewar on debian-devel. --Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Problems with mail system? [Fwd: Returned mail: User unknown]
On Wed, Sep 06, 2000 at 11:37:55PM -0400, [EMAIL PROTECTED] wrote: yes. get an ISP that can do reverse DNS. YEESHHH! I'll happily bounce their mail until then. Are you willing to pay the difference between the cost of that user's current ISP and one which meets your standard? Until then, you have absolutely no right to tell someone what ISP they should use. For some, the option of getting another ISP is unaffordable or even impossible in some regions of the world. This is sometimes true even in the US, especially if you require more than a modem connection. -- Joseph Carter [EMAIL PROTECTED] GnuPG key 1024D/DCF9DAB3 Debian GNU/Linux (http://www.debian.org/) 20F6 2261 F185 7A3E 79FC The QuakeForge Project (http://quakeforge.net/) 44F9 8FF7 D7A3 DCF9 DAB3 cesarb Damn, every time I spawn, qf-client-x11 locks hard Zoid Don't die? Knghtbrd good incentive. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Problems with mail system? [Fwd: Returned mail: User unknown]
On Wed, Sep 06, 2000 at 11:57:05PM -0400, Adam McKenna wrote: Perhaps it's from being too geeky myself, but Branden's explanation (the recipient of the error message is not welcome on *THEIR* Internet under the reasoning that they're ... refusing connections from machines with characteristics like [his] (...simply no reverse DNS record)) sounds like a fairly direct and accurate translation of admisitrative prohibition (failed to find host name from IP address). Yes, that's what he said, but what he meant was that people shouldn't have the right to decide who they accept mail from, and under what conditions. I guess it's been too long since we had that particular flamewar on debian-devel. They have every right. They have no right to demand that those from whom they reject legitimate mail find another way to deliver mail to them, however. -- Joseph Carter [EMAIL PROTECTED] GnuPG key 1024D/DCF9DAB3 Debian GNU/Linux (http://www.debian.org/) 20F6 2261 F185 7A3E 79FC The QuakeForge Project (http://quakeforge.net/) 44F9 8FF7 D7A3 DCF9 DAB3 evilkalla heh, I never took a coding class evilkalla or a graphics class evilkalla or a software design class vegan and it shows :P -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Problems with mail system? [Fwd: Returned mail: User unknown]
On Thu, Sep 07, 2000 at 12:55:07AM -0500, Joseph Carter wrote: On Wed, Sep 06, 2000 at 11:37:55PM -0400, [EMAIL PROTECTED] wrote: yes. get an ISP that can do reverse DNS. YEESHHH! I'll happily bounce their mail until then. Are you willing to pay the difference between the cost of that user's current ISP and one which meets your standard? Until then, you have absolutely no right to tell someone what ISP they should use. nobody's telling anyone to get any particular ISP or that they have to pay for a premium quality service. it's simple - if you want a service that's worth having, you pay whatever it costs. if you don't want that, then pay for a cheap/crappy service and put up with it without whining. if you pay peanuts for a crap service from incompetent bumbling fools who can't even get reverse DNS working, then don't be surprised when what you get actually IS a crap service. and don't be surprised when your connectivity and your ability to communicate suffers as a result. caveat emptor. (that said, i don't believe that missing reverse DNS is a good reason for bouncing mail. a 450 try again later response is more appropriate, to cope with temporary dns outages. bouncing mail from nonexistant domains, however, is a different story - it's almost certainly spam and there's no point in accepting a message which doesn't have a valid reply address so just bounce it) For some, the option of getting another ISP is unaffordable or even impossible in some regions of the world. This is sometimes true even in the US, especially if you require more than a modem connection. there are numerous ways around the problem if you are stuck with a crappy dialup ISP, one of which is to pay for decent mail service from someone who has a clue and run uucp over tcp or an ssh tunnel to port 25, or any of the other methods which have been mentioned every time this and similar issues (e.g. the recurring DUL thread) comes up. there ARE sites that offer reasonably priced (between $5 and $20 per month) uucp mail services. there are even sites that will offer the same or similar services for free - e.g. i have an open standing offer to provide ssh or uucp access for mail for any debian or other free software developer - although i reserve the right to refuse service to one particular loser (can you guess who, joseph?) and make sure that everyone who takes me up on the offer accepts the fact that the service is not guaranteed, you get at least what you pay for (i.e. nothing), and it may die with no warning or recompense for any number of reasons. if i've got the time i'd even be willing to experiment with the certificate based relay control in postfix-tls (so far i only use it for smtp encryption, not relay control) craig -- craig sanders -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Problems with mail system? [Fwd: Returned mail: User unknown]
On Wed, Sep 06, 2000 at 11:57:05PM -0400, Adam McKenna wrote: On Wed, Sep 06, 2000 at 11:33:21PM -0400, Buddha Buck wrote: Perhaps it's from being too geeky myself, but Branden's explanation (the recipient of the error message is not welcome on *THEIR* Internet under the reasoning that they're ... refusing connections from machines with characteristics like [his] (...simply no reverse DNS record)) sounds like a fairly direct and accurate translation of admisitrative prohibition (failed to find host name from IP address). Yes, that's what he said, but what he meant was that people shouldn't have the right to decide who they accept mail from, and under what conditions. I guess it's been too long since we had that particular flamewar on debian-devel. I said no such thing. You are failing to distinguish between rights and policies. Every individual has a right to maintain whatever policies they like in life as long as they don't violate the rights of others. However, not all policies promote the common weal equally. In fact, some work to the deteriment of society in general. It is difficult to read much in social and political, or even legal, theory, without noting that indiscriminate policies that affect as many innocent bystanders as targets are ineffecient and possibly even detrimental. Extreme political and economic conservatives perceive every human decision in a microcosm, reducing every issue to Smith and Jones, ignoring aggregate effects when it is convenient do so (see, for instance, Rothbard, Murray: _Man, Economy, and State_). As a pedagogical tool this is useful tool; but if one wants to make real decisions or do real work, one has to consider the real world. Sure, Mr. Jones at ISP A has every right to shitcan mail from me at ISP B. An individual analysis is merited by an individual decision. Maybe Mr. Jones doesn't want to read my rants. But if Mr. Jones has a policy of shitcanning all mail from all hosts whose IP's don't have reverse DNS records, he has abandoned the pretext of basing his decision on individual analysis, instead choosing to adopt a policy based on aggregates. If Mr. Jones is responsible to Messrs. Smith, Franklin, and Johnson for their email as well, he needs to consider the impact of his policy on lines of communication between all the people he is screening out due to his policy, and his customers. (Of course, he may be screening some of his *own* correspondents with such a policy, but to the extent that he is aware of this, he typically assigns responsibility for the problem on their shoulders. After all, he is unequivocally justified in his own mind.) People like Mr. Jones don't like to consider impacts. They like easy rules and easy policies. They don't like to do analysis. And they especially don't like to be inconvenienced by considerations of the impact of their actions on a larger system. Because that's Hard. Nobody likes Hard work. Nobody said fairness or intelligence were easily come by, either. Does it follow that we should not encourage their cultivation? -- G. Branden Robinson |Communism is just one step on the long Debian GNU/Linux|road from capitalism to capitalism. [EMAIL PROTECTED] |-- Russian saying http://www.debian.org/~branden/ | pgpNHtLSg9L5J.pgp Description: PGP signature
Re: Problems with mail system? [Fwd: Returned mail: User unknown]
On Thu, Sep 07, 2000 at 12:55:07AM -0500, Joseph Carter wrote: On Wed, Sep 06, 2000 at 11:37:55PM -0400, [EMAIL PROTECTED] wrote: yes. get an ISP that can do reverse DNS. YEESHHH! I'll happily bounce their mail until then. Are you willing to pay the difference between the cost of that user's current ISP and one which meets your standard? Until then, you have absolutely no right to tell someone what ISP they should use. Sigh. Not again. I just can't be bothered arguing this with a bunch of half-wits again. In any case, reverse DNS lookup is reasonable, no matter what you think of DUL. Hamish -- Hamish Moffatt VK3SB [EMAIL PROTECTED] [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Problems with mail system? [Fwd: Returned mail: User unknown]
On Thu, Sep 07, 2000 at 06:09:31PM +1100, Craig Sanders wrote: nobody's telling anyone to get any particular ISP or that they have to pay for a premium quality service. True. it's simple - if you want a service that's worth having, you pay whatever it costs. if you don't want that, then pay for a cheap/crappy service and put up with it without whining. Eh? (that said, i don't believe that missing reverse DNS is a good reason for bouncing mail. a 450 try again later response is more appropriate, to cope with temporary dns outages. bouncing mail from nonexistant domains, however, is a different story - it's almost certainly spam and there's no point in accepting a message which doesn't have a valid reply address so just bounce it) Ouch. I think debian developers should have a better understanding of DNS. [1] A mail domain does not have to have a valid IP address. As a default, if you use a mail domain for which there's no mail exchange, the default is to look for a host address with that name. But that's just the default. [2] A PTR record does not have to contain *any* information whatsoever. Imagine the mail client at 1.2.3.4 initiates an smtp session with your system. Your mail server performs a PTR lookup and gets back 4.3.2.1.in-addr.arpa. It then performs an A lookup and finds that 4.3.2.1.in-addr.arpa has the address 1.2.3.4. What have you learned? -- Raul -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Problems with mail system? [Fwd: Returned mail: User unknown]
On Thu 07 Sep 2000, Hamish Moffatt wrote: On Thu, Sep 07, 2000 at 12:55:07AM -0500, Joseph Carter wrote: On Wed, Sep 06, 2000 at 11:37:55PM -0400, [EMAIL PROTECTED] wrote: yes. get an ISP that can do reverse DNS. YEESHHH! I'll happily bounce their mail until then. Are you willing to pay the difference between the cost of that user's current ISP and one which meets your standard? Until then, you have absolutely no right to tell someone what ISP they should use. In any case, reverse DNS lookup is reasonable, no matter what you think of DUL. I have to agree with this. The previous time, the discussion was using DUL to block email. This is about reverse DNS lookups failing, which is a completely different this. If the reverse DBS lookup fails, you either have a grossly incompetent ISP(*) or a malicious one. (*) Try this for size: $ nslookup Default Server: localhost Address: 127.0.0.1 set type=mx deanmoor.nl Server: localhost Address: 127.0.0.1 Non-authoritative answer: deanmoor.nl preference = 10, mail exchanger = mail.deanmoor.nl Authoritative answers can be found from: deanmoor.nl nameserver = ns01.deanmoor.nl deanmoor.nl nameserver = ns02.deanmoor.nl mail.deanmoor.nlinternet address = 193.203.225.35 ns01.deanmoor.nlinternet address = 193.203.225.35 ns02.deanmoor.nlinternet address = 193.203.225.36 set type=a 193.203.225.35 Server: localhost Address: 127.0.0.1 *** localhost can't find 193.203.225.35: Non-existent host/domain 193.203.225.36 Server: localhost Address: 127.0.0.1 *** localhost can't find 193.203.225.36: Non-existent host/domain www.deanmoor.nl Server: localhost Address: 127.0.0.1 Non-authoritative answer: Name:www.deanmoor.nl Address: 193.203.225.10 193.203.225.10 Server: localhost Address: 127.0.0.1 *** localhost can't find 193.203.225.10: Non-existent host/domain It used to be a different scenario: mail.deanmoor.nl - 193.203.225.35 - www.deanmoor.nl - 193.203.225.10 - unknown I contacted them about this (a couple of times), but they were convinced that their setup was correct. They also tried to convince me that I misunderstood the problem. Yeah, right. I recommended my client to go elsewhere for internet connectivity. He did, and now knows that it is possible to have a reliable internet connection. He now also pays in excess of US$1000 a year _less_ for it. Paul Slootman -- home: [EMAIL PROTECTED] http://www.wurtel.demon.nl/ work: [EMAIL PROTECTED] http://www.murphy.nl/ debian: [EMAIL PROTECTED] http://www.debian.org/ isdn4linux: [EMAIL PROTECTED] http://www.isdn4linux.de/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Problems with mail system? [Fwd: Returned mail: User unknown]
On Thu, Sep 07, 2000 at 05:48:17AM -0400, Raul Miller wrote: On Thu, Sep 07, 2000 at 06:09:31PM +1100, Craig Sanders wrote: it's simple - if you want a service that's worth having, you pay whatever it costs. if you don't want that, then pay for a cheap/crappy service and put up with it without whining. Eh? it means exactly what it says. if you pay for garbage, don't be surprised when you get garbage. which is not to say that a good service always costs more - it means that if you subscribe to a crappy service solely because it's cheap then you've only got yourself to blame when that crappy service causes you problems. (that said, i don't believe that missing reverse DNS is a good reason for bouncing mail. a 450 try again later response is more appropriate, to cope with temporary dns outages. bouncing mail from nonexistant domains, however, is a different story - it's almost certainly spam and there's no point in accepting a message which doesn't have a valid reply address so just bounce it) Ouch. I think debian developers should have a better understanding of DNS. [1] A mail domain does not have to have a valid IP address. yes, i know. i said NON-EXISTANT domain - i.e. no NS record, no MX record, no A records, no records of any kind. actually, i distinguish between domains which have no existence at all, and those where an NS record exists but none of the nameservers are responding. for the former, my MTA bounces the message (with a 550 reject code). an example is [EMAIL PROTECTED] - i.e. spam from a nonexistant randomly-generated address. for the latter, my MTA uses a 450 temporary failure, try again later code. if they fix their DNS problem before their queue expiry time, then my system will eventually accept it. if not, then their system will bounce it after 5 days (or however long they've got it configured for). still, this is something to watch for in the logs because some broken NT mailers don't do exponential back-off (or any kind of back off at all). instead of increasing the delay between subsequent attempts, they will immediately attempt another delivery. when i see this happen, i put in an explicit rule to either reject or bounce the incoming message (depending on what the logs say - really obvious spam gets bounced, anything else gets accepted). most (if not all) unix MTAs are capable of doing this kind of domain check these days. As a default, if you use a mail domain for which there's no mail exchange, the default is to look for a host address with that name. But that's just the default. yes, i know. i've been working with internet mail systems and dns for over 7 years. [2] A PTR record does not have to contain *any* information whatsoever. Imagine the mail client at 1.2.3.4 initiates an smtp session with your system. Your mail server performs a PTR lookup and gets back 4.3.2.1.in-addr.arpa. It then performs an A lookup and finds that 4.3.2.1.in-addr.arpa has the address 1.2.3.4. What have you learned? nothing, of course. i think you misread what i said. i said that missing or incorrect reverse DNS is *NOT* a good reason for bouncing mail. craig -- craig sanders -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Problems with mail system? [Fwd: Returned mail: User unknown]
On Thu, Sep 07, 2000 at 09:06:55PM +1100, Craig Sanders wrote: i think you misread what i said. i said that missing or incorrect reverse DNS is *NOT* a good reason for bouncing mail. I guess I did. Thanks, -- Raul -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Problems with mail system? [Fwd: Returned mail: User unknown]
On Sep 07, Jason Gunthorpe [EMAIL PROTECTED] wrote: This is just your standard lack of reverse DNS.. Part of the anti-spam bit. The sender needs to get working reverse DNS I suppose.. Looks like a stupid check, to me. Some very big ISP here have mailservers with no reverse mapping... -- ciao, Marco -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Problems with mail system? [Fwd: Returned mail: User unknown]
On Thu, Sep 07, 2000 at 12:33:21PM +0200, Marco d'Itri wrote: On Sep 07, Jason Gunthorpe [EMAIL PROTECTED] wrote: This is just your standard lack of reverse DNS.. Part of the anti-spam bit. The sender needs to get working reverse DNS I suppose.. Looks like a stupid check, to me. It is. Some very big ISP here have mailservers with no reverse mapping... Well, they are badly broken, you know? The IANA mandate is that /all/ machines on public IP address have reverse mappings. No exceptions. I won't rehash the old debate over whether it's better to tolerate broken behaviour (better resilience) or force broken behaviour to break worse (often the only way to force incompetent idiots to fix things). Jules -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Problems with mail system? [Fwd: Returned mail: User unknown]
On Thu, Sep 07, 2000 at 11:58:33AM +0200, Paul Slootman wrote: In any case, reverse DNS lookup is reasonable, no matter what you think of DUL. I have to agree with this. The previous time, the discussion was using DUL to block email. This is about reverse DNS lookups failing, which is a completely different this. If the reverse DBS lookup fails, you either have a grossly incompetent ISP(*) or a malicious one. i'd have to disagree with this. screwed up the DNS isn't a good reason for bouncing mail (because there's no particular reason to believe it's spam)the fact that the ISP is clueless doesn't mean that they're spammers or a spam haven. the only thing that reverse DNS really tells you is that the remote site isn't pretending to be someone else (i.e. tcpd style PARANOID checks)and that check is satisfied whether there's a PTR record or not. OTOH, DUL is good because their is bugger-all legitimate reason for anyone to be sending direct from a dialup dynamic IP address - there are many cheap reasonable alternatives to doing that. more importantly, given that the number of die-hard DIYers with linux boxes who insist on delivering their mail from a dynamic IP address (and wont consider any alternative for any reason) is insignificant compared to the number of spammers who try to do the same, there is excellent reason to believe that the incoming mail is probably spam. I recommended my client to go elsewhere for internet connectivity. He did, and now knows that it is possible to have a reliable internet connection. He now also pays in excess of US$1000 a year _less_ for it. buggered DNS is, however, a damn good reason to look for a better ISP. one with a clue. if your current ISP can't even get something simple like DNS working properly then it's unlikely that they can get anything workingthey don't deserve your money. craig -- craig sanders -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Problems with mail system? [Fwd: Returned mail: User unknown]
On Wed, Sep 06, 2000 at 11:33:21PM -0400, Buddha Buck wrote: It says, in plain English, failed to find host name from IP address. It says in plain English, administrative prohibition (failed to fine host name from IP address) Perhaps it's from being too geeky myself, but Branden's explanation (the recipient of the error message is not welcome on *THEIR* Internet under the reasoning that they're ... refusing connections from machines It was the bit about dialup trash - inability to get reverse DNS working is a different issue. -- Mark Brown mailto:[EMAIL PROTECTED] (Trying to avoid grumpiness) http://www.tardis.ed.ac.uk/~broonie/ EUFShttp://www.eusa.ed.ac.uk/societies/filmsoc/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Problems with mail system? [Fwd: Returned mail: User unknown]
On Thu 07 Sep 2000, Craig Sanders wrote: On Thu, Sep 07, 2000 at 11:58:33AM +0200, Paul Slootman wrote: In any case, reverse DNS lookup is reasonable, no matter what you think of DUL. I have to agree with this. The previous time, the discussion was using DUL to block email. This is about reverse DNS lookups failing, which is a completely different this. If the reverse DBS lookup fails, you either have a grossly incompetent ISP(*) or a malicious one. i'd have to disagree with this. screwed up the DNS isn't a good reason for bouncing mail (because there's no particular reason to believe it's I've seen lots of spam where the originating IP address doesn't resolve. OTOH, I've hardly ever received legitimate mail with the same problem. OTOH, DUL is good because their is bugger-all legitimate reason for anyone to be sending direct from a dialup dynamic IP address - there are many cheap reasonable alternatives to doing that. The name is badly chosen, it should be DDUL (dynamic dial up list). I have a dialup line, but it has a fixed IP address. more importantly, given that the number of die-hard DIYers with linux boxes who insist on delivering their mail from a dynamic IP address (and If the alternative was a smarthost with an ISP that can't get its DNS straight, I'm with the die-hard DIYers. wont consider any alternative for any reason) is insignificant compared to the number of spammers who try to do the same, there is excellent reason to believe that the incoming mail is probably spam. Sounds remarkably similar to my argument above about non-resolving IP addresses and spam. Paul Slootman -- home: [EMAIL PROTECTED] http://www.wurtel.demon.nl/ work: [EMAIL PROTECTED] http://www.murphy.nl/ debian: [EMAIL PROTECTED] http://www.debian.org/ isdn4linux: [EMAIL PROTECTED] http://www.isdn4linux.de/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Problems with mail system? [Fwd: Returned mail: User unknown]
On Thu, Sep 07, 2000 at 03:19:06AM -0500, Branden Robinson wrote: People like Mr. Jones don't like to consider impacts. They like easy rules and easy policies. They don't like to do analysis. And they especially don't like to be inconvenienced by considerations of the impact of their actions on a larger system. Because that's Hard. Nobody likes Hard work. People sending mail from dialups and IP's without reverse DNS have several choices: 1) Use their ISP's mail server to send mail and/or get their ISP to fix the problem. 2) Ask a friend for an SSH account on a box that mail can be routed through. 3) Come up with a better way to block spam, so that everyone can stop using RBL/RSS/DUL. 4) Do nothing except whine and cry every time the issue comes up in a public conversation. It seems that #4 is the preferred choice for some of the poeple on this list. Nobody said fairness or intelligence were easily come by, either. Does it follow that we should not encourage their cultivation? I hereby dub thee Duke of False Analogies. --Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]