Re: [qmailtoaster] can't send test message to myself
Michael Handiboe wrote: Eric Shubes wrote: welcome back, Shubes ... some of us noticed you were gone. --mh Thanks, Michael. Great to be back with you nice folks. -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] can't send test message to myself
Filtering on missing rDNS and rDNS that doesn't resolve to the hostname is one of the few spam-fighting tools available. Spamassassin and blacklists such as Spamhaus's bundled xbl help to some extent, but their abilities are limited. Several years ago, AOL started filtering rDNS. If it didn't resolve, it rejected the connection. Since then virtually all the big ISPs and most of the smaller ISPs that have modern MTA software filter rDNS. My logs show that every single rejection based on rDNS is garbage mail--no collateral damage. I do agree that most ISPs won't delegate rDNS. But if you're using a biz-class service, they'll gladly set the rDNS for you. Those who buy class C service do get it delegated. Ben Phil Leinhauser wrote: I have found that filtering mail that doesn't have PTR (Reverse) is not a good idea. Most service providers don't give you the delegation for the reverse so therefore you have to contact them to set it for you in their servers. This is mostly because most people just don't understand DNS forwards enough and reverse can be a bit more tricky. Just because you may have PTR records in your DNS server does not mean you have the delegation for that IP or range. In otherwords, it will only be effective for users on your own network, the Internet itself will not know about it. If you decide to block by no Rdns, you should expect problems getting mail from some of the medium to lower level legitimate post offices. In fact, I would bet better than half of the Qmail users here don't have their Rdns setup correctly and would be blocked by no Rdns filters. Phil - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [qmailtoaster] can't send test message to myself
Like anything else we do in this industry, the usual disclaimer or Your mileage may vary always applies. I've tried the rDNS blocking but it just was too big of a hammer for me. I got tired of the calls from customers. I would have to say that by far using the right combination of RBLs and filters is the best I have found. Just for kicks, I'll share what my config looks like: 2- Symantec Mail security for SMTP gateways servers running parallel Each receive about 10,000 connections an hour during the week, less on weekends. Out of those 10k- 8,000 are rejected connections from RBL and MX lookup and a bit less than 2,000 are rejected by spam filters. This comes to a around 2% is allowed in. Then I have the QMT server do the finish scanning but that seems to only be catching about 2% as spam. I've been at this game since the mid 80's. I've learned the very valuable lesson that it's much better to let a few spam slip through then to mistakenly kill 1 legitimate message. Phil -Original Message- From: Sam Clippinger [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 15, 2008 11:26 PM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] can't send test message to myself Sorry, but I have to disagree with you. You are correct: getting your ISP to delegate rDNS control can be difficult. But ISPs are willing to do that for business class accounts. On my own servers, approximately 30% of all connections are rejected due to missing rDNS. I also filter connections whose rDNS names don't resolve to IP addresses -- that stops another 10%-30%. Interestingly, the very few servers I've whitelisted have failed the second test (unresolvable rDNS), not the first. I also use DNS RBLs, my own blacklists, rDNS name filtering (searching the rDNS name for the IP address) and graylisting to block more than 99.9% of all connections. My email address has been listed on public web pages and mailing list archives since 1997. Spammers know who I am. But thanks to the filtering I get, on average, 1 spam every day. Of course every mail server administrator has to decide their own policies but it's worth mentioning that most of the big mail providers (AOL, Yahoo!, etc) filter based on missing rDNS. That makes it easier to defend rDNS filtering if you get any complaints. -- Sam Clippinger Phil Leinhauser wrote: I have found that filtering mail that doesn't have PTR (Reverse) is not a good idea. Most service providers don't give you the delegation for the reverse so therefore you have to contact them to set it for you in their servers. This is mostly because most people just don't understand DNS forwards enough and reverse can be a bit more tricky. Just because you may have PTR records in your DNS server does not mean you have the delegation for that IP or range. In otherwords, it will only be effective for users on your own network, the Internet itself will not know about it. If you decide to block by no Rdns, you should expect problems getting mail from some of the medium to lower level legitimate post offices. In fact, I would bet better than half of the Qmail users here don't have their Rdns setup correctly and would be blocked by no Rdns filters. Phil -Original message- From: Eric \Shubes\ [EMAIL PROTECTED] Date: Tue, 15 Jan 2008 12:49:42 -0500 To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] can't send test message to myself Cameron wrote: Could the strange hostname be causing the problem or is the PTR record? I think the PTR record is causing the problem. I'd get rid of it. a) I don't believe that you need a ptr record b) MX records *must* point to type A records, *not* PTR records. I'm not familiar with register.com's web pages, so it's hard for me to tell you specifically what's wrong. In general terms, you need a type A record for your host, and an MX record which points to that host's type A record. HTH -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR
Re: [qmailtoaster] can't send test message to myself
Phil Leinhauser wrote: I've learned the very valuable lesson that it's much better to let a few spam slip through then to mistakenly kill 1 legitimate message. Phil I'm agreed with you sorry, just sharing my experience and feeling about qmailtoaster. when I chosed qmailtoaster it's because old mailserver dont have any spamfilter (actually there is but it's using commercial software were later bought by Microsoft -RAV-, then they discontinue the support) users, boss, and my bigboss always complain about the spam almost every weeks. with qmailtoaster I'm happy with it got the modular system, so I can add other apps easily (it's my first time setup a mailserver) and with help from everyone on the milist I was too anxious to setup a nospam mailserver. at first below antispam filter that are activated on my server: -- greylisting (active) -- RBLs (active and use more then 1 rblsmtpd provider) -- chkuser (active) -- simscan (active) -- clamav w/ SaneSecurity + SecuriteInfo Signature (active) -- spamassassin (active) --- SURBL (active) --- FuzzyOcr (active) --- SARE's imageinfo and pdfinfo (active) --- Openprotect (active) --- pyzor (active) -- spambox option (active) but after few months users complain about one or two legitimate that they never receive and wandering why they tagged as ***SPAM*** then I must add recipient domain SA whitelist, add the IP on DNS whitelist (so it wont reject by rblsmptd), notify the users to check their SPAM folder or send the legitimate email to [EMAIL PROTECTED] but there is always incident users can't rvcd legitimate email. until one day a high-rank user complain his email from vendor/partner (which contain asian chars) almost never been rcvd. my bigboss asked to fix it right away, telling me not to make the filter too tight (he never praise me that now he got less spam) afterthat below are filters that activated on my server: -- RBLs (active, only use spamhaus) -- simscan (active) -- clamav w/ SaneSecurity + SecuriteInfo Signature (active) -- spamassassin (active) --- SURBL (active) --- SARE's imageinfo and pdfinfo (active) --- Openprotect (active) after removing some filters until now no users complaining that he never rcvd legitimate email. I can back become lazy-admin spamdyke is really complete (and complex) anti-spam tool for me.. when spamdyke is officially included on qmailtoaster, I'll be using it also but for now, SA + clamav is enough for me. just lets the tools and options there and admins can choose their weapon to fight spam - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] can't send test message to myself
The bottom line is what works for the customer. Good points from both sides but the bottom line is what you need to accomplish your goal may not be the same as someone else. It's also good for the new users to see that even the seasoned veterans can't settle on the right formula because there is no one size fits all. after removing some filters until now no users complaining that he never rcvd legitimate email. I can back become lazy-admin LOL!! Lazy admin Isn't that the bottom line for all of us?!?! Feet up on the desk looking for the end of the internet? Phil -Original message- From: PakOgah [EMAIL PROTECTED] Date: Wed, 16 Jan 2008 12:12:07 -0500 To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] can't send test message to myself Phil Leinhauser wrote: I've learned the very valuable lesson that it's much better to let a few spam slip through then to mistakenly kill 1 legitimate message. Phil I'm agreed with you sorry, just sharing my experience and feeling about qmailtoaster. when I chosed qmailtoaster it's because old mailserver dont have any spamfilter (actually there is but it's using commercial software were later bought by Microsoft -RAV-, then they discontinue the support) users, boss, and my bigboss always complain about the spam almost every weeks. with qmailtoaster I'm happy with it got the modular system, so I can add other apps easily (it's my first time setup a mailserver) and with help from everyone on the milist I was too anxious to setup a nospam mailserver. at first below antispam filter that are activated on my server: -- greylisting (active) -- RBLs (active and use more then 1 rblsmtpd provider) -- chkuser (active) -- simscan (active) -- clamav w/ SaneSecurity + SecuriteInfo Signature (active) -- spamassassin (active) --- SURBL (active) --- FuzzyOcr (active) --- SARE's imageinfo and pdfinfo (active) --- Openprotect (active) --- pyzor (active) -- spambox option (active) but after few months users complain about one or two legitimate that they never receive and wandering why they tagged as ***SPAM*** then I must add recipient domain SA whitelist, add the IP on DNS whitelist (so it wont reject by rblsmptd), notify the users to check their SPAM folder or send the legitimate email to [EMAIL PROTECTED] but there is always incident users can't rvcd legitimate email. until one day a high-rank user complain his email from vendor/partner (which contain asian chars) almost never been rcvd. my bigboss asked to fix it right away, telling me not to make the filter too tight (he never praise me that now he got less spam) afterthat below are filters that activated on my server: -- RBLs (active, only use spamhaus) -- simscan (active) -- clamav w/ SaneSecurity + SecuriteInfo Signature (active) -- spamassassin (active) --- SURBL (active) --- SARE's imageinfo and pdfinfo (active) --- Openprotect (active) after removing some filters until now no users complaining that he never rcvd legitimate email. I can back become lazy-admin spamdyke is really complete (and complex) anti-spam tool for me.. when spamdyke is officially included on qmailtoaster, I'll be using it also but for now, SA + clamav is enough for me. just lets the tools and options there and admins can choose their weapon to fight spam - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] can't send test message to myself
OK... this got me thinking... what are we overlooking Are you sure your mail server (from whom you're trying to send a test message) is using DNS correctly? (not serving... USING) Check your /etc/resolv.conf file... is should look like this: search mylocaldomain.name nameserver 192.168.0.2 NOTE: the IP address should be your own... just to be sure, you could also use 127.0.0.1 Just because your system is a DNS server, doesn't mean you definitely want it (the DNS server) to use itself as the server... you can force your server to get outside resolutions by using an outside DNS server... E.g.: search mylocaldomain.name nameserver 4.2.2.2 (The 4.2.2.2 address is a Verizon DNS server that is open to requests -- even from non-Verizon IP addresses. It'll also respond to a PING, so that's an easy IP address to file away in your limited mind-space!) I hope this helps... Dan Daniel McAllister, President IT4SOHO, LLC 224 - 13th Avenue N St. Petersburg, FL 33701 877-IT4SOHO: Toll Free 727-647-7646 In Pinellas 813-464-2093 In Hillsborough 727-507-9435 Fax Only When did you do your last backup? Ask me about unattended offsite backup solutions... to protect your business, not just your data! Cameron wrote: Ok, I set up a TXT record from some stuff I found online and that seems to have fixed my issue. Thanks for all the help. I'm sure I'll be asking more... Cameron - Original Message - From: Dan McAllister [EMAIL PROTECTED] To: qmailtoaster-list@qmailtoaster.com Sent: Tuesday, January 15, 2008 9:32 AM Subject: Re: [qmailtoaster] can't send test message to myself Cameron: If you are using SpamDyke, or another anti-spam, you may need to create a PTR record for your DNS: that is, make the Internet (Public) IP Address of your server reverse-resolve to something like bstastjohns.com (or, if you ONLY do mail on that IP Address, mail.bstastjohns.com -- I prefer the former). The reason is that one commonly used anti-spam technique used today is a check for a valid reverse-dns entry. NOTE that, unless your IP address is a Register.com IP address (e.g.: they are your hosting company for your server), you'll need to contact your ISP to make this PTR entry! The pathway for resolving an IP address's PTR entry goes through your ISP, not your domain name. For now, I suggest removing any spam-blocking making sure your ports are open (no iptables active, if necessary, ports forwarded through firewall/router). Hope this helps! Dan Daniel McAllister, President IT4SOHO, LLC 224 - 13th Avenue N St. Petersburg, FL 33701 877-IT4SOHO: Toll Free 727-647-7646 In Pinellas 813-464-2093 In Hillsborough 727-507-9435 Fax Only When did you do your last backup? Ask me about unattended offsite backup solutions... to protect your business, not just your data! Cameron wrote: I've done that...about 6 days ago. I set it up to point to mail.bstastjohns.com and of course changed the A record for mail.bstastjohns.com to the current IP. Do I need to set up TXT records or add a PTR or is that more than I need? Cameron - Original Message - From: Phil Leinhauser [EMAIL PROTECTED] To: qmailtoaster-list@qmailtoaster.com Sent: Tuesday, January 15, 2008 8:46 AM Subject: Re: [qmailtoaster] can't send test message to myself I see your DNS is at register.com. You have an A record for your web site and that is working fine. Now you need to setup the MX record because when I query the DNS for one, it comes back empty. Look in your DNS control panel in the register.com where you setup the www. You should see something about an MX or Mail Exchanger record. Phil -Original message- From: Cameron [EMAIL PROTECTED] Date: Tue, 15 Jan 2008 10:26:13 -0500 To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] can't send test message to myself Well I'm registered at Register.com and updated all the fields I could find. I'm not real sure what the s.th is. Cameron - Original Message - From: Andreas Galatis [EMAIL PROTECTED] To: qmailtoaster-list@qmailtoaster.com Sent: Tuesday, January 15, 2008 1:51 AM Subject: Re: [qmailtoaster] can't send test message to myself Hi Cameron, me too, I cannot find an MX for bstastjohns.com Maybe you missed s.th. when setting up the MX? bye Andreas Am Dienstag, 15. Januar 2008 07:57 schrieb Cameron: I just set up qmail-toaster on CentOS5, Core2 duo, 1 Gig ram machine with a clean install. Everything looks fine now, but when I try to send a test message to myself using the Squirrelmail interface, I get a 511 sorry, can't find a valid MX for sender domain error. I'm using a domain I own that doesn't currently have a mail server set up. The domain is bstastjohns.com and I have mail.bstastjohns.com A and MX records pointed to a temproary public IP at 71.86.114.51. I can't send in messages form outside either. I'm pretty new to Linux and really new to qmail so please be gentle
Re: [qmailtoaster] can't send test message to myself
Well I'm registered at Register.com and updated all the fields I could find. I'm not real sure what the s.th is. Cameron - Original Message - From: Andreas Galatis [EMAIL PROTECTED] To: qmailtoaster-list@qmailtoaster.com Sent: Tuesday, January 15, 2008 1:51 AM Subject: Re: [qmailtoaster] can't send test message to myself Hi Cameron, me too, I cannot find an MX for bstastjohns.com Maybe you missed s.th. when setting up the MX? bye Andreas Am Dienstag, 15. Januar 2008 07:57 schrieb Cameron: I just set up qmail-toaster on CentOS5, Core2 duo, 1 Gig ram machine with a clean install. Everything looks fine now, but when I try to send a test message to myself using the Squirrelmail interface, I get a 511 sorry, can't find a valid MX for sender domain error. I'm using a domain I own that doesn't currently have a mail server set up. The domain is bstastjohns.com and I have mail.bstastjohns.com A and MX records pointed to a temproary public IP at 71.86.114.51. I can't send in messages form outside either. I'm pretty new to Linux and really new to qmail so please be gentle. When I ping mail.bstastjohns.com it resolves to the correct IP. Any clues? Regards, Cameron - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] can't send test message to myself
I see your DNS is at register.com. You have an A record for your web site and that is working fine. Now you need to setup the MX record because when I query the DNS for one, it comes back empty. Look in your DNS control panel in the register.com where you setup the www. You should see something about an MX or Mail Exchanger record. Phil -Original message- From: Cameron [EMAIL PROTECTED] Date: Tue, 15 Jan 2008 10:26:13 -0500 To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] can't send test message to myself Well I'm registered at Register.com and updated all the fields I could find. I'm not real sure what the s.th is. Cameron - Original Message - From: Andreas Galatis [EMAIL PROTECTED] To: qmailtoaster-list@qmailtoaster.com Sent: Tuesday, January 15, 2008 1:51 AM Subject: Re: [qmailtoaster] can't send test message to myself Hi Cameron, me too, I cannot find an MX for bstastjohns.com Maybe you missed s.th. when setting up the MX? bye Andreas Am Dienstag, 15. Januar 2008 07:57 schrieb Cameron: I just set up qmail-toaster on CentOS5, Core2 duo, 1 Gig ram machine with a clean install. Everything looks fine now, but when I try to send a test message to myself using the Squirrelmail interface, I get a 511 sorry, can't find a valid MX for sender domain error. I'm using a domain I own that doesn't currently have a mail server set up. The domain is bstastjohns.com and I have mail.bstastjohns.com A and MX records pointed to a temproary public IP at 71.86.114.51. I can't send in messages form outside either. I'm pretty new to Linux and really new to qmail so please be gentle. When I ping mail.bstastjohns.com it resolves to the correct IP. Any clues? Regards, Cameron - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] can't send test message to myself
I've done that...about 6 days ago. I set it up to point to mail.bstastjohns.com and of course changed the A record for mail.bstastjohns.com to the current IP. Do I need to set up TXT records or add a PTR or is that more than I need? Cameron - Original Message - From: Phil Leinhauser [EMAIL PROTECTED] To: qmailtoaster-list@qmailtoaster.com Sent: Tuesday, January 15, 2008 8:46 AM Subject: Re: [qmailtoaster] can't send test message to myself I see your DNS is at register.com. You have an A record for your web site and that is working fine. Now you need to setup the MX record because when I query the DNS for one, it comes back empty. Look in your DNS control panel in the register.com where you setup the www. You should see something about an MX or Mail Exchanger record. Phil -Original message- From: Cameron [EMAIL PROTECTED] Date: Tue, 15 Jan 2008 10:26:13 -0500 To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] can't send test message to myself Well I'm registered at Register.com and updated all the fields I could find. I'm not real sure what the s.th is. Cameron - Original Message - From: Andreas Galatis [EMAIL PROTECTED] To: qmailtoaster-list@qmailtoaster.com Sent: Tuesday, January 15, 2008 1:51 AM Subject: Re: [qmailtoaster] can't send test message to myself Hi Cameron, me too, I cannot find an MX for bstastjohns.com Maybe you missed s.th. when setting up the MX? bye Andreas Am Dienstag, 15. Januar 2008 07:57 schrieb Cameron: I just set up qmail-toaster on CentOS5, Core2 duo, 1 Gig ram machine with a clean install. Everything looks fine now, but when I try to send a test message to myself using the Squirrelmail interface, I get a 511 sorry, can't find a valid MX for sender domain error. I'm using a domain I own that doesn't currently have a mail server set up. The domain is bstastjohns.com and I have mail.bstastjohns.com A and MX records pointed to a temproary public IP at 71.86.114.51. I can't send in messages form outside either. I'm pretty new to Linux and really new to qmail so please be gentle. When I ping mail.bstastjohns.com it resolves to the correct IP. Any clues? Regards, Cameron - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] can't send test message to myself
Cameron wrote:
I've done that...about 6 days ago. I set it up to point to
mail.bstastjohns.com and of course changed the A record for
mail.bstastjohns.com to the current IP. Do I need to set up TXT
records or add a PTR or is that more than I need?
Here is what is showing
www.DNSreport.com http://www.DNSreport.com at 15:04:27 GMT
on 15 Jan 2008.
CategoryStatus Test Name Information
Parent *PASS* Missing Direct Parent check OK. Your direct parent zone
exists, which is good. Some domains (usually third or fourth level
domains, such as example.co.us) do not have a direct parent zone
('co.us' in this example), which is legal but can cause confusion.
*INFO* NS records at parent servers Your NS records at the parent
servers are:
|dns010.d.register.com. [216.21.236.10] [TTL=172800] [US]
dns029.c.register.com. [216.21.235.29] [TTL=172800] [US]
dns062.b.register.com. [216.21.232.62] [TTL=172800] [US]
dns213.a.register.com. [216.21.231.213] [TTL=172800] [US]
|[These were obtained from c.gtld-servers.net]
*PASS* Parent nameservers have your nameservers listed OK. When
someone uses DNS to look up your domain, the first step (if it doesn't
already know about your domain) is to go to the parent servers. If you
aren't listed there, you can't be found. But you are listed there.
*PASS* Glue at parent nameservers OK. The parent servers have glue for
your nameservers. That means they send out the IP address of your
nameservers, as well as their host names.
*PASS* DNS servers have A records OK. All your DNS servers either have
A records at the zone parent servers, or do not need them (if the DNS
servers are on other TLDs). A records are required for your hostnames to
ensure that other DNS servers can reach your DNS servers. Note that
there will be problems if your DNS servers do not have these same A
records.
NS *INFO* NS records at your nameservers Your NS records at your
nameservers are:
|dns213.a.register.com.
dns062.b.register.com.
dns029.c.register.com.
dns010.d.register.com.
|
*PASS* Open DNS servers OK. Your DNS servers do not announce that they
are open DNS servers. Although there is a slight chance that they really
are open DNS servers, this is very unlikely. Open DNS servers increase
the chances that of cache poisoning, can degrade performance of your
DNS, and can cause your DNS servers to be used in an attack (so it is
good that your DNS servers do not appear to be open DNS servers).
*PASS* Mismatched glue OK. The DNS report did not detect any
discrepancies between the glue provided by the parent servers and that
provided by your authoritative DNS servers.
*PASS* No NS A records at nameservers OK. Your nameservers do include
corresponding A records when asked for your NS records. This ensures
that your DNS servers know the A records corresponding to all your NS
records.
*PASS* All nameservers report identical NS records OK. The NS records
at all your nameservers are identical.
*PASS* All nameservers respond OK. All of your nameservers listed at
the parent nameservers responded.
*PASS* Nameserver name validity OK. All of the NS records that your
nameservers report seem valid (no IPs or partial domain names).
*PASS* Number of nameservers OK. You have 4 nameservers. You must have
at least 2 nameservers (RFC2182
http://www.DNSstuff.com/pages/rfc2182.htm section 5 recommends at
least 3 nameservers), and preferably no more than 7.
*PASS* Lame nameservers OK. All the nameservers listed at the parent
servers answer authoritatively for your domain.
*PASS* Missing (stealth) nameservers OK. All 4 of your nameservers (as
reported by your nameservers) are also listed at the parent servers.
*PASS* Missing nameservers 2 OK. All of the nameservers listed at the
parent nameservers are also listed as NS records at your nameservers.
*PASS* No CNAMEs for domain OK. There are no CNAMEs for
bstastjohns.com. RFC1912 http://www.DNSstuff.com/pages/rfc1912.htm 2.4
and RFC2181 http://private.dnsstuff.com/tools/rfc.ch?detail=2181 10.3
state that there should be no CNAMEs if an NS (or any other) record is
present.
*PASS* No NSs with CNAMEs OK. There are no CNAMEs for your NS records.
RFC1912 http://www.DNSstuff.com/pages/rfc1912.htm 2.4 and RFC2181
http://private.dnsstuff.com/tools/rfc.ch?detail=2181 10.3 state that
there should be no CNAMEs if an NS (or any other) record is present.
*PASS* Nameservers on separate class C's OK. You have nameservers on
different Class C (technically, /24) IP ranges. You must have
nameservers at geographically and topologically dispersed locations.
RFC2182 http://www.DNSstuff.com/pages/rfc2182.htm 3.1 goes into more
detail about secondary nameserver location.
*PASS* All NS IPs public OK. All of your NS records appear to use
public IPs. If there were any private IPs, they would not be reachable,
causing DNS delays.
*PASS* TCP Allowed OK. All your DNS servers allow TCP
Re: [qmailtoaster] can't send test message to myself
Cameron: If you are using SpamDyke, or another anti-spam, you may need to create a PTR record for your DNS: that is, make the Internet (Public) IP Address of your server reverse-resolve to something like bstastjohns.com (or, if you ONLY do mail on that IP Address, mail.bstastjohns.com -- I prefer the former). The reason is that one commonly used anti-spam technique used today is a check for a valid reverse-dns entry. NOTE that, unless your IP address is a Register.com IP address (e.g.: they are your hosting company for your server), you'll need to contact your ISP to make this PTR entry! The pathway for resolving an IP address's PTR entry goes through your ISP, not your domain name. For now, I suggest removing any spam-blocking making sure your ports are open (no iptables active, if necessary, ports forwarded through firewall/router). Hope this helps! Dan Daniel McAllister, President IT4SOHO, LLC 224 - 13th Avenue N St. Petersburg, FL 33701 877-IT4SOHO: Toll Free 727-647-7646 In Pinellas 813-464-2093 In Hillsborough 727-507-9435 Fax Only When did you do your last backup? Ask me about unattended offsite backup solutions... to protect your business, not just your data! Cameron wrote: I've done that...about 6 days ago. I set it up to point to mail.bstastjohns.com and of course changed the A record for mail.bstastjohns.com to the current IP. Do I need to set up TXT records or add a PTR or is that more than I need? Cameron - Original Message - From: Phil Leinhauser [EMAIL PROTECTED] To: qmailtoaster-list@qmailtoaster.com Sent: Tuesday, January 15, 2008 8:46 AM Subject: Re: [qmailtoaster] can't send test message to myself I see your DNS is at register.com. You have an A record for your web site and that is working fine. Now you need to setup the MX record because when I query the DNS for one, it comes back empty. Look in your DNS control panel in the register.com where you setup the www. You should see something about an MX or Mail Exchanger record. Phil -Original message- From: Cameron [EMAIL PROTECTED] Date: Tue, 15 Jan 2008 10:26:13 -0500 To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] can't send test message to myself Well I'm registered at Register.com and updated all the fields I could find. I'm not real sure what the s.th is. Cameron - Original Message - From: Andreas Galatis [EMAIL PROTECTED] To: qmailtoaster-list@qmailtoaster.com Sent: Tuesday, January 15, 2008 1:51 AM Subject: Re: [qmailtoaster] can't send test message to myself Hi Cameron, me too, I cannot find an MX for bstastjohns.com Maybe you missed s.th. when setting up the MX? bye Andreas Am Dienstag, 15. Januar 2008 07:57 schrieb Cameron: I just set up qmail-toaster on CentOS5, Core2 duo, 1 Gig ram machine with a clean install. Everything looks fine now, but when I try to send a test message to myself using the Squirrelmail interface, I get a 511 sorry, can't find a valid MX for sender domain error. I'm using a domain I own that doesn't currently have a mail server set up. The domain is bstastjohns.com and I have mail.bstastjohns.com A and MX records pointed to a temproary public IP at 71.86.114.51. I can't send in messages form outside either. I'm pretty new to Linux and really new to qmail so please be gentle. When I ping mail.bstastjohns.com it resolves to the correct IP. Any clues? Regards, Cameron - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED
Re: [qmailtoaster] can't send test message to myself
Ok, I set up a TXT record from some stuff I found online and that seems to have fixed my issue. Thanks for all the help. I'm sure I'll be asking more... Cameron - Original Message - From: Dan McAllister [EMAIL PROTECTED] To: qmailtoaster-list@qmailtoaster.com Sent: Tuesday, January 15, 2008 9:32 AM Subject: Re: [qmailtoaster] can't send test message to myself Cameron: If you are using SpamDyke, or another anti-spam, you may need to create a PTR record for your DNS: that is, make the Internet (Public) IP Address of your server reverse-resolve to something like bstastjohns.com (or, if you ONLY do mail on that IP Address, mail.bstastjohns.com -- I prefer the former). The reason is that one commonly used anti-spam technique used today is a check for a valid reverse-dns entry. NOTE that, unless your IP address is a Register.com IP address (e.g.: they are your hosting company for your server), you'll need to contact your ISP to make this PTR entry! The pathway for resolving an IP address's PTR entry goes through your ISP, not your domain name. For now, I suggest removing any spam-blocking making sure your ports are open (no iptables active, if necessary, ports forwarded through firewall/router). Hope this helps! Dan Daniel McAllister, President IT4SOHO, LLC 224 - 13th Avenue N St. Petersburg, FL 33701 877-IT4SOHO: Toll Free 727-647-7646 In Pinellas 813-464-2093 In Hillsborough 727-507-9435 Fax Only When did you do your last backup? Ask me about unattended offsite backup solutions... to protect your business, not just your data! Cameron wrote: I've done that...about 6 days ago. I set it up to point to mail.bstastjohns.com and of course changed the A record for mail.bstastjohns.com to the current IP. Do I need to set up TXT records or add a PTR or is that more than I need? Cameron - Original Message - From: Phil Leinhauser [EMAIL PROTECTED] To: qmailtoaster-list@qmailtoaster.com Sent: Tuesday, January 15, 2008 8:46 AM Subject: Re: [qmailtoaster] can't send test message to myself I see your DNS is at register.com. You have an A record for your web site and that is working fine. Now you need to setup the MX record because when I query the DNS for one, it comes back empty. Look in your DNS control panel in the register.com where you setup the www. You should see something about an MX or Mail Exchanger record. Phil -Original message- From: Cameron [EMAIL PROTECTED] Date: Tue, 15 Jan 2008 10:26:13 -0500 To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] can't send test message to myself Well I'm registered at Register.com and updated all the fields I could find. I'm not real sure what the s.th is. Cameron - Original Message - From: Andreas Galatis [EMAIL PROTECTED] To: qmailtoaster-list@qmailtoaster.com Sent: Tuesday, January 15, 2008 1:51 AM Subject: Re: [qmailtoaster] can't send test message to myself Hi Cameron, me too, I cannot find an MX for bstastjohns.com Maybe you missed s.th. when setting up the MX? bye Andreas Am Dienstag, 15. Januar 2008 07:57 schrieb Cameron: I just set up qmail-toaster on CentOS5, Core2 duo, 1 Gig ram machine with a clean install. Everything looks fine now, but when I try to send a test message to myself using the Squirrelmail interface, I get a 511 sorry, can't find a valid MX for sender domain error. I'm using a domain I own that doesn't currently have a mail server set up. The domain is bstastjohns.com and I have mail.bstastjohns.com A and MX records pointed to a temproary public IP at 71.86.114.51. I can't send in messages form outside either. I'm pretty new to Linux and really new to qmail so please be gentle. When I ping mail.bstastjohns.com it resolves to the correct IP. Any clues? Regards, Cameron - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e
Re: [qmailtoaster] can't send test message to myself
Cameron wrote: Could the strange hostname be causing the problem or is the PTR record? I think the PTR record is causing the problem. I'd get rid of it. a) I don't believe that you need a ptr record b) MX records *must* point to type A records, *not* PTR records. I'm not familiar with register.com's web pages, so it's hard for me to tell you specifically what's wrong. In general terms, you need a type A record for your host, and an MX record which points to that host's type A record. HTH -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] can't send test message to myself
I have found that filtering mail that doesn't have PTR (Reverse) is not a good idea. Most service providers don't give you the delegation for the reverse so therefore you have to contact them to set it for you in their servers. This is mostly because most people just don't understand DNS forwards enough and reverse can be a bit more tricky. Just because you may have PTR records in your DNS server does not mean you have the delegation for that IP or range. In otherwords, it will only be effective for users on your own network, the Internet itself will not know about it. If you decide to block by no Rdns, you should expect problems getting mail from some of the medium to lower level legitimate post offices. In fact, I would bet better than half of the Qmail users here don't have their Rdns setup correctly and would be blocked by no Rdns filters. Phil -Original message- From: Eric \Shubes\ [EMAIL PROTECTED] Date: Tue, 15 Jan 2008 12:49:42 -0500 To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] can't send test message to myself Cameron wrote: Could the strange hostname be causing the problem or is the PTR record? I think the PTR record is causing the problem. I'd get rid of it. a) I don't believe that you need a ptr record b) MX records *must* point to type A records, *not* PTR records. I'm not familiar with register.com's web pages, so it's hard for me to tell you specifically what's wrong. In general terms, you need a type A record for your host, and an MX record which points to that host's type A record. HTH -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] can't send test message to myself
Sorry, but I have to disagree with you. You are correct: getting your ISP to delegate rDNS control can be difficult. But ISPs are willing to do that for business class accounts. On my own servers, approximately 30% of all connections are rejected due to missing rDNS. I also filter connections whose rDNS names don't resolve to IP addresses -- that stops another 10%-30%. Interestingly, the very few servers I've whitelisted have failed the second test (unresolvable rDNS), not the first. I also use DNS RBLs, my own blacklists, rDNS name filtering (searching the rDNS name for the IP address) and graylisting to block more than 99.9% of all connections. My email address has been listed on public web pages and mailing list archives since 1997. Spammers know who I am. But thanks to the filtering I get, on average, 1 spam every day. Of course every mail server administrator has to decide their own policies but it's worth mentioning that most of the big mail providers (AOL, Yahoo!, etc) filter based on missing rDNS. That makes it easier to defend rDNS filtering if you get any complaints. -- Sam Clippinger Phil Leinhauser wrote: I have found that filtering mail that doesn't have PTR (Reverse) is not a good idea. Most service providers don't give you the delegation for the reverse so therefore you have to contact them to set it for you in their servers. This is mostly because most people just don't understand DNS forwards enough and reverse can be a bit more tricky. Just because you may have PTR records in your DNS server does not mean you have the delegation for that IP or range. In otherwords, it will only be effective for users on your own network, the Internet itself will not know about it. If you decide to block by no Rdns, you should expect problems getting mail from some of the medium to lower level legitimate post offices. In fact, I would bet better than half of the Qmail users here don't have their Rdns setup correctly and would be blocked by no Rdns filters. Phil -Original message- From: Eric \Shubes\ [EMAIL PROTECTED] Date: Tue, 15 Jan 2008 12:49:42 -0500 To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] can't send test message to myself Cameron wrote: Could the strange hostname be causing the problem or is the PTR record? I think the PTR record is causing the problem. I'd get rid of it. a) I don't believe that you need a ptr record b) MX records *must* point to type A records, *not* PTR records. I'm not familiar with register.com's web pages, so it's hard for me to tell you specifically what's wrong. In general terms, you need a type A record for your host, and an MX record which points to that host's type A record. HTH -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[qmailtoaster] can't send test message to myself
I just set up qmail-toaster on CentOS5, Core2 duo, 1 Gig ram machine with a clean install. Everything looks fine now, but when I try to send a test message to myself using the Squirrelmail interface, I get a 511 sorry, can't find a valid MX for sender domain error. I'm using a domain I own that doesn't currently have a mail server set up. The domain is bstastjohns.com and I have mail.bstastjohns.com A and MX records pointed to a temproary public IP at 71.86.114.51. I can't send in messages form outside either. I'm pretty new to Linux and really new to qmail so please be gentle. When I ping mail.bstastjohns.com it resolves to the correct IP. Any clues? Regards, Cameron - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] can't send test message to myself
Hi Cameron, me too, I cannot find an MX for bstastjohns.com Maybe you missed s.th. when setting up the MX? bye Andreas Am Dienstag, 15. Januar 2008 07:57 schrieb Cameron: I just set up qmail-toaster on CentOS5, Core2 duo, 1 Gig ram machine with a clean install. Everything looks fine now, but when I try to send a test message to myself using the Squirrelmail interface, I get a 511 sorry, can't find a valid MX for sender domain error. I'm using a domain I own that doesn't currently have a mail server set up. The domain is bstastjohns.com and I have mail.bstastjohns.com A and MX records pointed to a temproary public IP at 71.86.114.51. I can't send in messages form outside either. I'm pretty new to Linux and really new to qmail so please be gentle. When I ping mail.bstastjohns.com it resolves to the correct IP. Any clues? Regards, Cameron - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
