Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 13 Jul 2007 09:14:10 -0400
From:      Steve Bertrand <iaccounts@ibctech.ca>
To:        vuthecuong <cuongvt@fpt.vn>
Cc:        questions@freebsd.org
Subject:   Re: is is able to setting up DNS server reverse lookup with	DynamicIP?
Message-ID:  <46977AA2.5090806@ibctech.ca>
In-Reply-To: <4697362E.8010608@fpt.vn>
References:  <46970917.3030502@fpt.vn>	<200707130536.l6D5akxS070187@banyan.cs.ait.ac.th>	<46971201.8030101@fpt.vn>	<200707130552.l6D5qEM7071933@banyan.cs.ait.ac.th>	<4697170E.3000909@fpt.vn>	<200707130728.l6D7SfBA086091@banyan.cs.ait.ac.th> <4697362E.8010608@fpt.vn>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
vuthecuong wrote:
> Olivier Nicole wrote:
>>> But my postfix only can receive mails from freebsd-questions mailing
>>> list, it can not send mail to this.     
>>
>> There is another thing you have to consider. As it is explained in
>> http://www.bsdforums.org/forums/showthread.php?p=265093#post265093
>> your dynamic IP has been black listed (the IP was used before by
>> someone else who sent SPAM, so now the IP is in a list of bad guys and
>> many mail server will refuse to receive emails from your IP).
>>
>> So it is really a better idea that you sent all your email thought FPT
>> email server.
>>
>> Best regards,
>>
>> Olivier
>>
>>   
> OK I understood, this is one lession I learned today: In order to run
> "real" mail server,
> fixed IP address for forward and reverse DNS is must-have.
> I will choose method of relaying through ISP though I prefer the first one.
> Tnx you very much.

The ISP who assigns you the IP from their allocated block are
responsible for the reverse entry. You can create one locally, but the
Internet as a whole will never look to anything you set up for an rDNS
entry. I believe that every IP that is in use on a network, no matter
what piece of infrastructure or computer it is assigned to should have a
reverse entry.

Most ISP's now are configuring rDNS entries for dynamic clients as such,
with prefixes that include ppp, dynamic, dialin etc. Almost all of these
such entries will cause mail blocks leading to blacklists due to the
fact 99.99% of dynamic IP entries should never be sending mail directly
to another MX to begin with.

In your case, you can still run a fully functional email server at your
end, however, instead of sending out directly, you use your upstream as
your smart host as stated above.

Aside from that, if you are a non-business client without static IP(s),
your ISP should be blocking you from sending outbound 25 traffic into
their network, except to their mail servers directly anyway.

Of course, your ISP should also be blocking port 25 inbound into their
network from the outside world, and outbound from their network to you
(except to their own legit mail servers) to protect against exploitation
of someone with an open relay. (You shouldn't be able to use yourself on
the dynamic IP as an SMTP server from outside your own location). If
they have implemented this, then you will have to use SMTP Auth on port
587. As a matter of fact, you should be using this anyway.

This ISP uses SMTP Auth across the board for all of our users (ADSL,
SDSL, dial-up etc). Only a very small handful are permitted to use port
25, and those clients would be the ones (like old Mac OS mail software)
that do not have the ability to implement port 587.

Cheers!

Steve



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?46977AA2.5090806>