1 |
Am Tue, 8 Nov 2016 13:12:03 +0200 |
2 |
schrieb Alan McKinnon <alan.mckinnon@×××××.com>: |
3 |
|
4 |
> On 08/11/2016 13:07, J. Roeleveld wrote: |
5 |
> > On November 8, 2016 9:43:30 AM GMT+01:00, Willie M |
6 |
> > <matthews.willie80@×××××.com> wrote: |
7 |
> >> On 11/07/2016 06:31 PM, Harry Putnam wrote: |
8 |
> [...] |
9 |
> [...] |
10 |
> [...] |
11 |
> [...] |
12 |
> >> on |
13 |
> [...] |
14 |
> >> :-) |
15 |
> [...] |
16 |
> >> expected |
17 |
> [...] |
18 |
> >> that |
19 |
> [...] |
20 |
> >> |
21 |
> >> Hey Harry, |
22 |
> >> |
23 |
> >> If I a not mistaken if you change your nameservers to FreeDNS you |
24 |
> >> will be able to have that dynamic IP Address that way. So your |
25 |
> >> reverse lookup |
26 |
> >> should work just fine. |
27 |
> >> |
28 |
> >> Only problem is that if your IP address changes, you would have a |
29 |
> >> short amount of time that your server would not respond (because |
30 |
> >> of the IP change). The default TTL on FreeDNS is 3600 seconds (1 |
31 |
> >> hour). |
32 |
> >> |
33 |
> >> Reading on the front page it says that you can edit the TTL if you |
34 |
> >> add your own domain. I don't know for sure how it all works |
35 |
> >> because I have never added on. It doesn't hurt to try and it seems |
36 |
> >> like it would be a lot better than what you are using now. |
37 |
> >> |
38 |
> >> Hope this helps. |
39 |
> > |
40 |
> > Willie, |
41 |
> > |
42 |
> > This will not work. |
43 |
> > A reverse lookup (which FQDN for the IP) needs to work for all SMTP |
44 |
> > servers he is likely to send mail to. This would also include |
45 |
> > Google and Microsoft. |
46 |
> > |
47 |
> > He needs to get his ISP to change the reverse DNS. |
48 |
> |
49 |
> |
50 |
> ISP mail admin chiming in here. |
51 |
> |
52 |
> If a host on a dynamic range tries to hit my MX machines and deliver |
53 |
> mail, that host WILL be denied. Most ISP's work similarly as we are |
54 |
> sick and tired and fed up to the yinyang of 99.99% of mail from such |
55 |
> hosts being pure spam. |
56 |
> |
57 |
> Harry, you have 2 options: |
58 |
> |
59 |
> 1. Do it yourself and do it properly - get a static IP from your ISP |
60 |
> 2. Don't do it yourself and do it properly - use your ISP's mail |
61 |
> relays, or use a relay provider |
62 |
> |
63 |
> Why are you even trying to do this yourself? I do this for a living |
64 |
> and I can tell you it's a pain in the butt you don't want (*I* don't |
65 |
> even want it, I shove mail services off onto other teams as fast as I |
66 |
> can get them to take it...) |
67 |
|
68 |
I can only second this... |
69 |
|
70 |
As a full service provider and admin myself (using Gentoo machines |
71 |
btw) we are also running our own mail central mail server with correct |
72 |
RDNS etc. And it's a pain to filter out all those spammers correctly. |
73 |
|
74 |
But we are also servicing our customers with their own on-premise mail |
75 |
servers (mostly exchange). For the most part, we are also admin of |
76 |
those servers. |
77 |
|
78 |
The only sane configuration is to setup authenticated relaying. This |
79 |
is, we forward proxy mails (by address rewriting) to the static IP of |
80 |
the customer (with firewall in place), or in case of dynamic IP use a |
81 |
POP3 grabber (everything is forwarded to the same POP3 box, not |
82 |
catchall) and adding an original receiver header. P2S works great for |
83 |
it on windows machines, use fetchmail for linux. |
84 |
|
85 |
The setup scenarios are as follows: |
86 |
|
87 |
example.com = MX on our site |
88 |
relay.example.com = MX on customer site |
89 |
|
90 |
Static DNS: |
91 |
|
92 |
* Setup a special SMTP sending account on our site |
93 |
* Forward @example.com to @relay.example.com |
94 |
* Outgoing mails sent to our site, TLS, port 587, using smart relaying |
95 |
with authentication (use the sending account) |
96 |
|
97 |
|
98 |
Dynamic DNS (which would be your case): |
99 |
|
100 |
* Setup one POP3 box for sending and receiving |
101 |
* Forward each email address to this POP3 box adding an original |
102 |
receiver header |
103 |
* Setup POP3 grabber on customer site and let it decide to which |
104 |
email account this belongs inspecting the added header |
105 |
|
106 |
|
107 |
With the second solution, you are free to fall back to multiple POP3 |
108 |
boxes to fetch - but this involves some advanced strategies how to send |
109 |
mails. With linux it's easy to do sender-based routing and using |
110 |
different SMTP accounts for sending. Especially if it's all the same |
111 |
sender domain, you can fall back to use the same SMTP account for |
112 |
sending. If it's different mail providers, you should use different |
113 |
SMTP accounts per sender depending on which provider the sender belongs |
114 |
to. |
115 |
|
116 |
Apparently, Exchange doesn't support sender-based routing, only |
117 |
destination-based routing (I still wonder the purpose for this). |
118 |
|
119 |
|
120 |
Background here is: |
121 |
|
122 |
For spam fighting purpose, we only allow a customer to use senders |
123 |
within their own customer account - even when authenticated. We don't |
124 |
allow senders belonging to a different customer. And we don't allow |
125 |
unauthenticated delivering with any sender on our system. This |
126 |
successfully fights a lot of spam and account hijacking. |
127 |
|
128 |
|
129 |
So in your case: Use POP3 grabbing, use authenticated sending, use |
130 |
sender-based routing, and all should be fine. Don't try to be a public |
131 |
MX. If it's only two or three accounts, it's fine. Otherwise it's not |
132 |
worth the hassle. Better find a sane client solution that provides you |
133 |
good mail storage usable from different MUAs. You usually don't want to |
134 |
setup a local IMAP server for the long term, especially not on your |
135 |
local machine. |
136 |
|
137 |
-- |
138 |
Regards, |
139 |
Kai |
140 |
|
141 |
Replies to list-only preferred. |