Topic: Recommedations regarding reverse dns and smtp?

[holck]

With my small server, I've the last few days had problems delivering emails to yahoo.dk, waoo.dk, and a few other domains. I get messages like

Code: [Select]

554_5.7.1_Client_host_rejected:_cannot_find_your_reverse_hostname and

Code: [Select]

Messages_from_80.209.65.118_temporarily_deferred_due_to_unexpected_volume_or_user_complaints_-_4.16.55.1.

As far as I can see, the IP address (80.209.65.118) isn't blacklisted anywhere.

I guess I can pay my Internet-provider to setup reverse DNS for me. But I guess I can also find some remote smtp server allowing me a access. I'll be glad to hear your thoughts about this.

 Jesper Holck
Denmark

[ReetP]

The big boys are effectively trying to shut down small players and force you to use their paid services.

Getting rDNS set correctly by your ISP may not be easy, and in any event you may still get blocked if it's classed as in a residential IP block.

Most ISPs have offloaded complicated/resource intensive mail services inc Smart Hosts to...... the same bastards trying to shut us all down.

It can also be a struggle if you set up your own small VM as your own SMTP server online eg vultr, digital ocean etc. Yes you can set rDNS, but may find the IP you are given has poor reputation. Some of the spam filtering services are total bastards if they suspect you of spamming, even if you are totally innocent. Blocked, and destroying your business, with little recourse. Another minefield.

Alternative is to find a paid for SMTP Smart Host.

None of it is easy, or free. By design.

Email really needs disrupting. Unfit for purpose eg security, hacks to attach media etc. I guess federated chat systems will be the way eventually, but sure they'll try to control that too.

<sigh> I need to retire.

[mmccarn]

There's a section on DNS including PTR records in the admin manual (mostly 15 years old, but...):
https://wiki.koozali.org/SME_Server:Documentation:Administration_Manual:Appendix#PTR_Records

If you have a dynamic IP you are going to have problems with spam filters that block dynamic IPs no matter what -- you need to get a fixed IP or relay your email through an off-site service.

If you have a fixed IP you need to figure out what your PTR record is, then figure out how to configure a DNS entry for the result.

Code: [Select]

# get the arpa address (reverse the IP, and add ".in-addr.arpa")
curl -s ipinfo.io/ip | awk -F\. '{print $4 "." $3 "." $2 "." $1 ".in-addr.arpa"}'

# display the ptr name for the arpa record
PTR=$(curl -s ipinfo.io/ip | awk -F\. '{print $4 "." $3 "." $2 "." $1 ".in-addr.arpa"}')
nslookup -type=ptr $PTR

# assign the ptr name to a variable
PTR=$(curl -s ipinfo.io/ip | awk -F\. '{print $4 "." $3 "." $2 "." $1 ".in-addr.arpa"}')
NAME=$(nslookup -type=ptr $PTR |grep name |sed 's/.*= //')

# check the forward lookup for the PTR name
PTR=$(curl -s ipinfo.io/ip | awk -F\. '{print $4 "." $3 "." $2 "." $1 ".in-addr.arpa"}')
NAME=$(nslookup -type=ptr $PTR |grep name |sed 's/.*= //')
nslookup $NAME


[holck]

My ISP apparently cannot offer Reverse DNS right now. They say it will require a new subscription and a new fiber-connection

I've found out that mailersend.net offers paid-for smtp-access, and it seems to work. At their web site they let me add dns-domains for which they will offer smtp, when I use STARTLS and login with a given user name and password. But the user names and passwords are different for each domain.

Will SME allow login to an upstream SMTP server (mail.mailersend.net), using different user names and password for each domain? So, if the mail comes from @ibsgaarden.dk, SME will login with user name "someuser@ibsgaarden.dk" and password "XYS", but if the mail comes from @di-vers.dk, user name "otheruser@di-vers.dk" and password "DzA" instead?

[Jean-Philippe Pialasse]

not out of the box, but the perl script could be hacked to do that. 

[holck]

not out of the box, but the perl script could be hacked to do that. 

Thanks, good to know. The script to hack, will that be

Code: [Select]

/usr/local/sbin/smtp-auth-proxy.pl?

Where the lines

Code: [Select]

  $prop->{Userid} = $smtp_proxy_rec->prop('Userid');
 $prop->{Passwd} = $smtp_proxy_rec->prop('Passwd');would need to be expanded, allowing different Userids and Passwds, depending on domain? Where the domain in question comes from

Code: [Select]

my $domain_name = $self->get_property('DomainName');


[Jean-Philippe Pialasse]

Good pick. This is indeed this script. 

You need to change this part indeed to make it to check for from header of the email to send, then get the domain from there (not from a db command) and then get the password for this domain.

 I would suggest to store the user and password in the db domains and to default to the one in config db if no entry is available for this domain.

The main question there is how do we get the from field

[bunkobugsy]

I've found out that mailersend.net offers paid-for smtp-access, and it seems to work.

However the free account is limited to one domain.

For simplicity and peace of mind I'd go with clean fiber,
set up external DNS correctly and the rest is done by SME.

[ReetP]

For simplicity and peace of mind I'd go with clean fiber,

If you can get it, and a static IP - that isn't in a residential IP block, and set rDNS.

In 2022 that's not easy from a ISP.

And that has forced many to paid for services like M$ & Google (who are the ones who will block on the above!)

We recently sent a mailer to our signed up clients.

Google has blocked the IP and no matter what I do I can't get it unblocked inspite it saying "temporarily rate limited". It's a complete lie. Waited with zero mail for over a fortnight - routed via another IP which was tricky, filled in their unblock form, and still blocked. Bastards.

/rant off & back to holiday

[Jáder]

With my small server, I've the last few days had problems delivering emails to yahoo.dk, waoo.dk, and a few other domains. I get messages like

Code: [Select]

554_5.7.1_Client_host_rejected:_cannot_find_your_reverse_hostname and

Code: [Select]

Messages_from_80.209.65.118_temporarily_deferred_due_to_unexpected_volume_or_user_complaints_-_4.16.55.1.

As far as I can see, the IP address (80.209.65.118) isn't blacklisted anywhere.

I guess I can pay my Internet-provider to setup reverse DNS for me. But I guess I can also find some remote smtp server allowing me a access. I'll be glad to hear your thoughts about this.

 Jesper Holck
Denmark

I used to work for a local ISP and we have a test page to verify DNS reverse = https://mail.terra.com.br/postmaster/
even if you do not undestand Portuguese, just past your IP, press "Verificar" button and let page check for you. It's easy: GREEN is good!
There are several other pages on web to do this also. This is quicker to me just that!

You must ASK (no sure about PAY) to your ISP to register you reverse DNS .

[ReetP]

YMMV.

Tried to get it set with my UK ISP years ago without success.

That started my move to cloud servers.

[holck]

The main question there is how do we get the from field

Would something like this work, do you think?

Code: [Select]

use strict;
use warnings;
my $line;
# Find the domain this message comes from
my $from_domain;
while (<STDIN>) {
  $line = $_;
  if ($line =~ /^From: /) {
    ($from_domain = $line) =~ s/^.*\<.+@//;
    $from_domain =~ s/\>$//;
    last;
  }
}
# Start reading STDIN from the top again
seek (STDIN, 0, 0);


[Jean-Philippe Pialasse]

I do not think you can rewind and reread stdin .....

give it a try on a test machine, but my understanding is you will not have anything left to send at sending time....

the logic of the whole script might be changed to read all the STDIN, store it, get what you want, and then do the usual things, except when sending not using the stdin but the stored content.
This might also result in a performance impact too.


checking the problem under a different angle ....
 /var/qmail/control/smtproutes is filled using
/etc/e-smith/templates/var/qmail/control/smtproutes/10delegateMailServer
/etc/e-smith/templates/var/qmail/control/smtproutes/20SMTPSmartHost (for the current script we are discussing)

however this works based on destination, but not based on sender Host http://wiki.qmailtoaster.net/index.php/Smtproutes


also to understand the STDIN content:  https://manpages.ubuntu.com/manpages/bionic/man8/qmail-remote.8.html

[holck]

Thanks again for leading me on the way. Here's a new script version

Code: [Select]

#!/usr/bin/perl
use strict;
use warnings;
my ($line, $buffer, $from_domain);

# Read one line at a time from standard input, in order to find the domain this message comes from
# The lines are collected in $buffer

$buffer = "";
while ($line = <STDIN>) {
  $buffer .= $line;
  if ($line =~ /^From: /) {
    ($from_domain = $line) =~ s/^.*\<.+@//;
    $from_domain =~ s/\>$//;
    last;
  }
}

# OK, now we can login to the external server
# ...
# ...
# And then send the buffer and remaining lines in standard input

print $buffer;
while (defined($line = <STDIN>)) {
  print "$line"
}
Can you help me to fit this into the original script?