AOL blocking MailScanner messages!

[Steve Thomas]

On Thu, Dec 04, 2003 at 11:36:24PM -0800, John Rudd is rumored to have said:
>
> 1) So why can't you route all of your outgoing mail through your ISP?

We don't want or need to. We pay for business class service and run all our own services. The only outside services we rely on are the root DNS servers.


> (I know, some people do, and some people don't ... I don't, but my
> reverse DNS works, so I don't need to ... but, that IS what you're
> supposed to be doing, so if you're having problems, why not do what
> you're supposed to be doing instead?)

We're not having problems - I simply pointed out a scenario that is entire possible. And why is relaying through our ISP what we're "supposed to be doing"??!! I thought that what we were "supposed to be doing" is using our Internet connection in any way that pleases us as long as we're not violating our ISPs TOS or breaking any laws.


> 2) If you don't control the in-addr for your IP block, then presumably
> it's your ISP's -- so make them fix their in-addr allocation.  The
> problem isn't that the in-addr information has to match your mail
> domain, it just has to _exist_ (mail always comes from hosts that don't
> match the mail domain indicated).  If it doesn't, and it's not your
> block to host on your DNS server, then your ISP isn't doing their job.
> Make them fix it, or switch to an ISP that isn't broken.

Again, it's not broken. I only posed a hypothetical scenario.


> 3) If they wont fix it, then ask them to delegate those addresses to
> you with NS records (which can be done on a per-IP addr basis, it
> doesn't have to be done in full class-C blocks).

I think it's pretty clear at this point that you either didn't read or didn't understand my original message.

Steve



> On Dec 4, 2003, at 5:01 PM, Steve Thomas wrote:
>
> >
> > On Thu, Dec 04, 2003 at 06:37:34PM -0600, Mike Kercher is rumored to
> > have said:
> >>
> >> If not, admins on the other end need to get off their ass and make
> >> their
> >> networking correct, complete and in compliance with the RFC's.
> >
> > I've only been skimming this thread, so this may have been stated
> > already. If so, I apologize...
> >
> > You're forgetting that reverse dns is a totally different animal than
> > forward, and that just about anyone with less than a /24 (and many
> > with a /24 or larger) don't have the reverse zones delegated to their
> > servers. If I own foo.com, I can easily create any forward entry in
> > the foo.com domain, but making something in the in-addr.arpa domain
> > point to mailserver.foo.com is not nearly as easy.
> >
> > As a for instance, the machine I'm sending this message from is on a
> > RoadRunner network. We've got a block of addresses allocated to us and
> > despite repeated assurances that they would delegate the in-addr.arpa
> > zone for our netblock to our dns server, it's never happened. Now if
> > RR managed to have a corrupt zone file, forgot to generate PTR records
> > for our netblock or for some other reason wasn't on the ball, I'd be
> > "an admin who was sitting on my ass not making my network correct"? I
> > think not. My dns server is properly configured to serve requests for
> > the /28 we've been allocated but RR is still in control of the zone.
> >
> > Then there's network outages, software failures, fiber cuts, DDoS
> > attacks, etc, etc to consider. You'll reject mail just because the DNS
> > server serving the in-addr.arpa zone for the connecting machine is
> > unreachable?
> >
> > I can see adding a warning header or something innocuous like that,
> > but outright rejecting mail from machines without RDNS properly
> > configured is overkill, IMHO.
> >
> >
> > Steve
> >
> >
> > --
> > "Blessed is the man, who having nothing to say, abstains from giving
> > wordy evidence of the fact."
> > - George Eliot (1819-1880)

--
"Don't be so humble - you are not that great."
- Golda Meir (1898-1978) to a visiting diplomat