ISPs blocking SMTP connections from dynamic IP address space
    Bill Moran 
    wmoran at potentialtech.com
       
    Mon Jun  7 09:36:51 PDT 2004
    
    
  
Louis LeBlanc <leblanc at keyslapper.org> wrote:
> Bill Moran wrote:
> > "Lucas Holt" <Luke at FoolishGames.com> wrote:
> > 
> >>Just make sure they are truly dynamic ips.  Many people block ips identified
> >>as "DSL" connections.  Those are not necessarily dynamic ip based.
> > 
> > 
> > It's wonderful that most ISPs haven't figured out how to play nicely with the
> > rest of the world.  I only block when I can verify that it IS a dhcp addy.
> > There are also blocklists that specifically list verified dynamic IPs.
> > 
> > It would be nice if all ISPs could agree on a convention that could be used to
> > identify these machines.  Such as using <uniquename>.dhcp.<domainname> so it
> > could be easily filtered.
> 
> I think something has changed in this respect lately.  I've sent close 
> to a dozen messages to the FreeBSD list since Saturday, and not one has 
> gotten through.
> 
> I'm running sendmail on FreeBSD 4.10, and relaying through Verizon's 
> authenticated SMTP system.  The thing is that I am also using Zoneedit 
> to convince the world that keyslapper.org is at my current IP, and this 
> is reset every time I get a new IP.  This means that when a relay does a 
> lookup on the message, it sees it is a DHCP (DSL) address, and the 
> message is stopped - by the FreeBSD list server in many cases.
I'm not 100% sure I understand what you're doing, but regardless, I think
you're barking up the wrong tree.
First off, the only DNS info that mx1.freebsd.org checks is the server it's
actually talking to.  In the case of this last message, that's
mail-relay1.mirrorimage.net:
Received: from mail-relay1.mirrorimage.net (mail-relay1.mirrorimage.net
	[209.58.140.11])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 3D90343D1D
	for <freebsd-questions at freebsd.org>;
	Mon,  7 Jun 2004 16:01:45 +0000 (GMT)
	(envelope-from leblanc at keyslapper.org)
Now, if you're sending this route, and having trouble getting messages through,
then it's a config problem with the mirrorimage.net folks.
However, if you're trying to send directly from this machine:
Received: from keyslapper.org (LEBLANC [10.10.4.59]) by
	triton.int.mirrorimage.net with SMTP (Microsoft Exchange Internet Mail Service
	Version 5.5.2653.13)	id MJT1GA4V; Mon, 7 Jun 2004 12:01:38 -0400
Then the problem is not that it thinks that you are a dhcp addy, but that your
HELO/EHLO announcement is calling the server "LEBLANC", which isn't even a 
valid DNS name, and therefore fails the lookup check.
> I've even sent mail from Netscape, using the Verizon SMTP relay 
> directly, and the same thing happens.  Ditto from work.  Just because 
> leblanc.eng.mirrorimage.net is on a private ip and doesn't resolve 
> outside doesn't mean it isn't a real legitimate system.  It's pretty 
> annoying.  Since Friday afternoon, all email I've sent to addresses 
> other than hotmail, my employer, and internally, have been blocked 
> somewhere.
Sounds like you need to work something out.
And the fact that you're on a private IP _does_ mean that you're not a real
mail server.  Per RFC-1918, those addresses are NOT part of the Internet,
therefore, there's no reason for any mail server to accept that there's a real
server there.  The only machine that has to recognize that IP is the NAT gateway
that translates that IP into a real one.
But, then again, from the last email you sent, this isn't your problem.
-- 
Bill Moran
Potential Technologies
http://www.potentialtech.com
    
    
More information about the freebsd-questions
mailing list