Is my email being blocked?
Affected domains include aol.com and others.
My website is on the following ip:
65.19.178.[not shown]
I have tried searching but I can't seem to find out where this ip range may be blocked…
Can anyone help?
Thanks,
PM
24 Replies
# telnet mailin-03.mx.aol.com smtp
Trying 64.12.137.249...
Connected to xa.mx.aol.com.
Escape character is '^]'.
220-rly-xa04.mx.aol.com ESMTP mail_relay_in-xa4.4; Mon, 21 Mar 2005 02:49:55 -0500
220-America Online (AOL) and its affiliated companies do not
220- authorize the use of its proprietary computers and computer
220- networks to accept, transmit, or distribute unsolicited bulk
220- e-mail sent from the internet. Effective immediately: AOL
220- may no longer accept connections from IP addresses which
220 have no reverse-DNS (PTR record) assigned.
helo mydomain.com
250 rly-xa04.mx.aol.com OK
mail from: <>
250 OK
rcpt to: <jsmith@aol.com>250 OK
quit
221 SERVICE CLOSING CHANNEL
Connection closed by foreign host.</jsmith@aol.com>
In this case, the 250 OK tells us everything went fine. A code in the 500s means a permanent failure, and a code in the 400s means a temporary failure.
If I had to guess what your problem is, I'd say it's the reverse DNS that the greeting says may be required. Do you have reverse DNS set up?
@Xan:
If I had to guess what your problem is, I'd say it's the reverse DNS that the greeting says may be required. Do you have reverse DNS set up?
Even if you don't set up reverse DNS, caker provides a default of the form li?-???.members.linode.com where the '?'s are digits.
Worth checking it's actually there in your case.
Adam
@adamgent:
AOL have also started to require SPF entries for the domain.
Adam
Thanks for the response. Sorry if this has been covered elsewhere, but how would I go about checking for and setting SPF entries?
Thanks!
@pclissold:
@Xan:If I had to guess what your problem is, I'd say it's the reverse DNS that the greeting says may be required. Do you have reverse DNS set up?
Even if you don't set up reverse DNS, caker provides a default of the form li?-???.members.linode.com where the '?'s are digits.Worth checking it's actually there in your case.
Thank you. How exactly would I go about checking to see if my reverse DNS is working / configured?
I appreciate any help you can offer, or point me in the right direction if this has been covered.
Paul
@adamgent:
AOL have also started to require SPF entries for the domain.
If AOL require SPF entries then they are losers big time. Well, nothing new there! If AOL take advantage of SPF, if it's available, then good good good!
The SPF specs say that no SPF entries count as "unknown"; anyone rejecting mail based purely on that are losers.
SPF is easy to set up if you have control of your zone, and can add TXT records. I highly recommend it. It won't stop spam, but if everyone were to use SPF, it would certainly stop the from-address forging.
@pmmenneg:
How exactly would I go about checking to see if my reverse DNS is working / configured?
dig -x aaa.bbb.ccc.ddd
where 'aaa.bbb.ccc.ddd' is the IP address whose reverse DNS you want to check. If you get an answer containing something like:
aaa.bbb.ccc.ddd.in-addr.arpa. 86400 IN PTR your.domain.com.
then RDNS is working. If the reply doesn't contain an in-addr-arpa record, then RDNS is either not configured or broken.
and enter the IP address of your mail server.
If you see any positive matches, means you're on someone's RBL list.
I believe one of Linode's upstream ISPs (ThePlanet, specifically) is on the FIVETEN RBL, so you will have at least one hit… but should not be on more than one RBL list.
Anyone else want to email HE and tell them if they don't get the scum
off their netblocks we don't want to deal with them directly or indirectly?
Even if we don't mean it they may do something.
As far as I can tell, it checks against about 50 blacklists, so it should cover a lot. And as the page says, input your IP address, click the button, red means you're listed, green means you're not listed, yellow means unknown, the results are sorted with the red listings on top.
Can you post the section of your maillog that shows your mail being rejected?
That will give us more clue what is going on.
@sednet:
pmmenneg,
Can you post the section of your maillog that shows your mail being rejected?
That will give us more clue what is going on.
OK, more information. dig returns a valid reverse dns, so that looks to be working. No blocking taking place, so that is cool.
I did find something in the mail log for every single
<code>Mar 23 15:15:38 localhost postfix/smtp[5071]: 0CF3417575: to=<user@aol.com>, relay=mailin-04.mx.aol.com[64.12.137.184], delay=6, status=bounced (host mailin-04.mx.aol.com[64.12.137.184] said: 550 REQUESTED ACTION NOT TAKEN: DNS FAILURE)</user@aol.com></code>
Any ideas? It looks like it is saying that it couldn't resolve the name, but my IP address does resolve back to mydomain.com. Could it be that mail is being sent by Postfix from mail.mydomain.com? (it appears like this in the log)
I have another entry that might indicate this…
Mar 21 18:39:09 localhost postfix/smtp[950]: E78591758D: to=<user@cox.net>, relay=mx.east.cox.net[68.1.17.3], delay=9, status=bounced (host mx.east.cox.net[68.1.17.3] said: 553 mail.mydomain.com does not exist)</user@cox.net>
I am not sure where postfix got the mail.mydomain.com from… any suggestions? Does this look like it could be the problem? I am using zoneedit to do dns routing for my domain. Do I need to add a mail.mydomain.com CNAME entry to handle and resolve this?
Thanks again everyone, you have been extrememly helpful.
Take a look through main.conf, you will probably find it in there, update it to the correct domain.
Adam
@adamgent:
mydomain.com is one of the examples in the default postfix files.
Take a look through main.conf, you will probably find it in there, update it to the correct domain.
Adam
It is he correct domain… I was using mydomain.com in place of my real domain, as I didn't want to spam my domain here looking for attention.
Anyone else know why mail. is getting appended to my outgoing mail?
postconf | grep '^myhostname|^smtp_helo_name'
Parameter myhostname defaults to the value obtained from the gethostname() function (the value in /etc/hostname dot concatenated with the value in /etc/dnsdomainname, on most systems).
Parameter smtpheloname defaults to the same as myhostname.
Whatever names you have for these two parameters need to be resolvable in the DNS.
Thanks everyone!
The RFC's say use A records and if you don't some mailers
will not exchange mail with you.
Never heard a good argument as to why not.
@Jay:
Or, you can use A records for everything, like me.
Never heard a good argument as to why not.
Ok, I can't resist.
Suppose you have a web server that serves a large number of websites on the same IP. They are different sites for different people. You need to change the IP of your server for whatever reason.
If you use A records only you have to make a lot of dns changes to fix this.
Anyone can write a one liner to change a hundred instances of
increment the serial, HUP named, and your done.
If you have a hundred DNS zone files you can write a little loop to do the same thing to each file.
But, what if you don't control all the zonefiles. What if you need to email or phone a hundred different people to get the changes made to their zonefiles. In that case using CNAMES would save you quite a lot of time.