From owner-freebsd-questions@FreeBSD.ORG Fri Jul 13 13:14:06 2007 Return-Path: X-Original-To: questions@freebsd.org Delivered-To: freebsd-questions@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 4FEC616A401 for ; Fri, 13 Jul 2007 13:14:06 +0000 (UTC) (envelope-from iaccounts@ibctech.ca) Received: from pearl.ibctech.ca (pearl.ibctech.ca [208.70.104.210]) by mx1.freebsd.org (Postfix) with ESMTP id 098C113C4AA for ; Fri, 13 Jul 2007 13:14:05 +0000 (UTC) (envelope-from iaccounts@ibctech.ca) Received: (qmail 62410 invoked by uid 1002); 13 Jul 2007 13:14:05 -0000 Received: from iaccounts@ibctech.ca by pearl.ibctech.ca by uid 89 with qmail-scanner-1.22 (spamassassin: 2.64. Clear:RC:1(208.70.107.100):. Processed in 6.649375 secs); 13 Jul 2007 13:14:05 -0000 Received: from unknown (HELO ?192.168.1.210?) (steve@ibctech.ca@208.70.107.100) by pearl.ibctech.ca with (DHE-RSA-AES256-SHA encrypted) SMTP; 13 Jul 2007 13:13:58 -0000 Message-ID: <46977AA2.5090806@ibctech.ca> Date: Fri, 13 Jul 2007 09:14:10 -0400 From: Steve Bertrand User-Agent: Thunderbird 2.0.0.4 (Windows/20070604) MIME-Version: 1.0 To: vuthecuong References: <46970917.3030502@fpt.vn> <200707130536.l6D5akxS070187@banyan.cs.ait.ac.th> <46971201.8030101@fpt.vn> <200707130552.l6D5qEM7071933@banyan.cs.ait.ac.th> <4697170E.3000909@fpt.vn> <200707130728.l6D7SfBA086091@banyan.cs.ait.ac.th> <4697362E.8010608@fpt.vn> In-Reply-To: <4697362E.8010608@fpt.vn> X-Enigmail-Version: 0.95.1 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: questions@freebsd.org Subject: Re: is is able to setting up DNS server reverse lookup with DynamicIP? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 Jul 2007 13:14:06 -0000 vuthecuong wrote: > Olivier Nicole wrote: >>> But my postfix only can receive mails from freebsd-questions mailing >>> list, it can not send mail to this. >> >> There is another thing you have to consider. As it is explained in >> http://www.bsdforums.org/forums/showthread.php?p=265093#post265093 >> your dynamic IP has been black listed (the IP was used before by >> someone else who sent SPAM, so now the IP is in a list of bad guys and >> many mail server will refuse to receive emails from your IP). >> >> So it is really a better idea that you sent all your email thought FPT >> email server. >> >> Best regards, >> >> Olivier >> >> > OK I understood, this is one lession I learned today: In order to run > "real" mail server, > fixed IP address for forward and reverse DNS is must-have. > I will choose method of relaying through ISP though I prefer the first one. > Tnx you very much. The ISP who assigns you the IP from their allocated block are responsible for the reverse entry. You can create one locally, but the Internet as a whole will never look to anything you set up for an rDNS entry. I believe that every IP that is in use on a network, no matter what piece of infrastructure or computer it is assigned to should have a reverse entry. Most ISP's now are configuring rDNS entries for dynamic clients as such, with prefixes that include ppp, dynamic, dialin etc. Almost all of these such entries will cause mail blocks leading to blacklists due to the fact 99.99% of dynamic IP entries should never be sending mail directly to another MX to begin with. In your case, you can still run a fully functional email server at your end, however, instead of sending out directly, you use your upstream as your smart host as stated above. Aside from that, if you are a non-business client without static IP(s), your ISP should be blocking you from sending outbound 25 traffic into their network, except to their mail servers directly anyway. Of course, your ISP should also be blocking port 25 inbound into their network from the outside world, and outbound from their network to you (except to their own legit mail servers) to protect against exploitation of someone with an open relay. (You shouldn't be able to use yourself on the dynamic IP as an SMTP server from outside your own location). If they have implemented this, then you will have to use SMTP Auth on port 587. As a matter of fact, you should be using this anyway. This ISP uses SMTP Auth across the board for all of our users (ADSL, SDSL, dial-up etc). Only a very small handful are permitted to use port 25, and those clients would be the ones (like old Mac OS mail software) that do not have the ability to implement port 587. Cheers! Steve