ISPs blocking SMTP connections from dynamic IP address space

Louis LeBlanc freebsd at keyslapper.org
Mon Jun 7 10:18:54 PDT 2004 

On 06/07/04 12:36 PM, Bill Moran sat at the `puter and typed:
> Louis LeBlanc <leblanc at keyslapper.org> wrote:
> 
> > Bill Moran wrote:
> > <SNIP>
> > I think something has changed in this respect lately.  I've sent close 
> > to a dozen messages to the FreeBSD list since Saturday, and not one has 
> > gotten through.
> > 
> > I'm running sendmail on FreeBSD 4.10, and relaying through Verizon's 
> > authenticated SMTP system.  The thing is that I am also using Zoneedit 
> > to convince the world that keyslapper.org is at my current IP, and this 
> > is reset every time I get a new IP.  This means that when a relay does a 
> > lookup on the message, it sees it is a DHCP (DSL) address, and the 
> > message is stopped - by the FreeBSD list server in many cases.
> 
> I'm not 100% sure I understand what you're doing, but regardless, I think
> you're barking up the wrong tree.

I sincerely hope so.  If that's the case, I can probably fix it from
home.  My sendmail config (on keyslapper) authenticates to
outgoing.verizon.net, and sends all mail for keyslapper.org.  Since I
use mutt and keep an IMAP server on keyslapper, I often send mail from
work for my keyslapper.org accounts.  That's why you saw the leblanc
system in the headers.

> First off, the only DNS info that mx1.freebsd.org checks is the
> server it's actually talking to.  In the case of this last message,
> that's mail-relay1.mirrorimage.net:
> 
> Received: from mail-relay1.mirrorimage.net (mail-relay1.mirrorimage.net
> 	[209.58.140.11])
> 	by mx1.FreeBSD.org (Postfix) with ESMTP id 3D90343D1D
> 	for <freebsd-questions at freebsd.org>;
> 	Mon,  7 Jun 2004 16:01:45 +0000 (GMT)
> 	(envelope-from leblanc at keyslapper.org)
> 
> Now, if you're sending this route, and having trouble getting
> messages through, then it's a config problem with the
> mirrorimage.net folks.
> 
> However, if you're trying to send directly from this machine:
> 
> Received: from keyslapper.org (LEBLANC [10.10.4.59]) by
> 	triton.int.mirrorimage.net with SMTP (Microsoft Exchange Internet Mail Service
> 	Version 5.5.2653.13)	id MJT1GA4V; Mon, 7 Jun 2004 12:01:38 -0400

Yes, I mailed this from work, but I'm not sure why the headers did
this.  I'm running postfix on my FreeBSD box there, and I'm still
using the default.  I should set this up to relay directly through our
SMTP server.  I honestly don't know why it went to keyslapper.org at
all (I mostly work with HTTP server stuff, and am woefully short on
mail protocol understanding).  I sent from leblanc, my FreeBSD machine
at work, running postfix.

> Then the problem is not that it thinks that you are a dhcp addy, but
> that your HELO/EHLO announcement is calling the server "LEBLANC",
> which isn't even a valid DNS name, and therefore fails the lookup
> check.

I don't understand why it's doing this.  Time to read some more docs.

> > I've even sent mail from Netscape, using the Verizon SMTP relay
> > directly, and the same thing happens.  Ditto from work.  Just
> > because leblanc.eng.mirrorimage.net is on a private ip and doesn't
> > resolve outside doesn't mean it isn't a real legitimate system.
> > It's pretty annoying.  Since Friday afternoon, all email I've sent
> > to addresses other than hotmail, my employer, and internally, have
> > been blocked somewhere.
> 
> Sounds like you need to work something out.

Hopefully your feedback here will be enough to get me in the right
direction.

> And the fact that you're on a private IP _does_ mean that you're not
> a real mail server.  Per RFC-1918, those addresses are NOT part of
> the Internet, therefore, there's no reason for any mail server to
> accept that there's a real server there.  The only machine that has
> to recognize that IP is the NAT gateway that translates that IP into
> a real one.

I think I understand this, but it implies that I might have been doing
things 'right' all along - or at least as close to that as I can
expect without getting a commercial account.

> But, then again, from the last email you sent, this isn't your
> problem.

Not from that point.  That message was sent from Netscape using our
SMTP relay rather than the localhost postfix.  This message is being
sent from my home system (keyslapper.org) which is a DSL system on a
dynamic IP.  I hope you don't mind I'm copying you (normally I would
never do this), in case the group doesn't get it.  I'm copying myself
at work as well so I can look at the headers more closely.

It looks like I have 2 mail problems here.  One is at work: my default
postfix config is not appropriate for the way I use it.  The other is
at home.  Not entirely sure *what* the cause is there, but through the
magic of ssh, the flexibility of mutt, and a little luck, this message
might just provide enough info to figure it out.

Thanks for the feedback.

Lou
-- 
Louis LeBlanc               leblanc at keyslapper.org
Fully Funded Hobbyist, KeySlapper Extrordinaire :)
http://www.keyslapper.org                     Ô¿Ô¬

QOTD:
  Some people have one of those days.  I've had one of those lives.

More information about the freebsd-questions mailing list