[KLUG Members] sendmail relaying question

Robert G. Brown members@kalamazoolinux.org
Fri, 22 Nov 2002 12:33:11 -0500 

Bill Hollet writes:
>> So, although the ISP isn't technically an open relay....
The ISP is almost certainly not an open relay. 
We can turn this thread into a discussion of how mail servers authenticate
senders of incoming mail; that's an interesting side issue. Briefly put:
When you connect to your ISP via ppp or (on cable) pppoe and dhcp, the
DHCP server gives you an IP address, and a matching hostname is placed in 
their DNS.  Usually it looks something like a hashup of the assigned IP 
addres and some other information, like the dialup POP, maybe city name 
and POP id...like 211.166.17.45-kzo-su4.cheapisp.com

Many mail servers authenticate incoming mail by performing a reverse DNS
lookup on the sender. If the name fetched from DNS matches (or is a simple 
transfrom to) the hostname for that IP address, the mail is accepted for
processing. If it cannot be authenticated that way; the sender not being
in a DNS that is available, the message may indeed be bounced. There are
other checks, but you get the idea. THis is also why you can't use a
mail server that is not in your domain; mail servers accept only a confi-
gured set of domains, probably only the ones they wat to process mail for
AND for which they have complete DNS information.

There ARE methods of doing SMTP that runs across domain boundaries, but 
I suspect very few ISPs offer them. THe authentication is different as
well, and often requires special setups (like passowrds), or the config-
uration of these authentication schemes. I've seen authentication and 
encryption methods that work as extensions to mail servers and clients,
and are used to go across domains for outgoing mail.

>I still might get things blocked down the road because my sendmail box 
>isn't an "official" smtp server?
Not really. You might get blocked because your ISP decided not to allow 
anyone to set up mail transmitters that don't use their mail server. THis
is a policy choice they make, and it has nothing to do with how "official"
your mail server configuration is.

Adam Bultman writes:
>I run my own mail server at home on my cable-modem, and I've yet to be
>denied a single email based on the fact that I'm not a 'known mail
>server'.  
What kind of cable service do you have?
The reason I ask is that they come in two flavors:
1. "Consumer" cable, which uses DHCP or a similar mechanism to assign you
    a (non-static) IP address.
2. "Commercial" cable, which gives you a static IP and generally higher 
    higher bandwidth performance, on the upload side.

>I have correct (i think) DNS records, I'm not an open relay, and
>all that. ...
Do you have an MX record pointing to your mail server? Do you receive
your email via STMP (and not POP3)?

>I also serve up web stuff too, and I have nice uptimes. However, watch
>your usage..
How come?

						Regards,
						---> RGB <---