Autor: Simon Hobson Data: Dla: dng Temat: Re: [DNG] ..devuan to the rescue? Easiest possible newbie email
server setup, ideas?
Alessandro Vesely via Dng <dng@???> wrote:
>> IIRC the specific complaint wasn't that they checked for rDNS, but that they matched it against the domain of the sender. That makes no sense at all, it prevents running more than one domain on one mail server. > Why would it? A configurable mail server, Courier-MTA for example, lets you use multiple domains and multiple IPs.
You mean, like in the web hosting days before hostname headers where you needed a different IP address for each hosted domain name ? That's very 20th century and not a luxury most of us have.
> However, unless you send many thousands messages per day, I would suggest to stick to one domain name and one outgoing IP address.
There's no problem running mail for multiple domain names through one mail server, as you say, just a matter of setting the MX records for each domain and configuring the server. But as I recall how I read the message that kicked this subthread off, a couple of ISPs were checking the sender domain of the email against teh DNS name for the mail server - so for example if I were to use one of my other email addresses, they would reject mail because the sender domain (i.e. not thehobsons.co.uk) didn't match the domain name of the mail server in the DNS (patsy.thehhobsons.co.uk) -that's just plain dumb.
> And it is key to get an IP address without poorly reputed neighbors —check talosintelligence.com.
I have no choice over the neighbours !
> As Mark said, it does make deliverability easier to send via one established SMTP server.
It depends on your criteria. In my experience, it can easily be the reverse - especially if that email server isn't really really tight on controlling what it's users send.
>> I also use lack of rDNS as a check. I also check it for obvious misconfigurations like (from memory) : it's an IP literal (not allowed by RFC),
>
> Currently, the RFC allows anything in the HELO name.
Without looking it up, I'm sure there are some constraints. In any case, there are some thing it makes sense to block - so-one else should be running a mail server and claiming to be in my domain, stuff like that. Some basic protocol checks block a good proportion of spam - and very cheaply in terms of resources needed.