[Novalug] Internet email servers (maybe off topic)
James Ewing Cottrell 3rd
JECottrell3 at Comcast.NET
Wed Oct 21 18:23:34 EDT 2009
Well,if it was me, I'd use sendmail, because for all it's bugs and
exploits, I've been using it for 20 years, and I think most of the
exploits are behind us.
But I'm not sure I'd recommend that path to a newbie. You could ask your
ISP what they recommend. In fact, they might even give you a Standard
Customer MTA Gateway configuration file.
Brandon Saxe wrote:
> Again a disclaimer: I am no mail expert and this is my first attempt at setting up a legitimate SMTP outbound host to the internet.....
> And another note.... I have already set up DNS, rDNS, and an SPF record for my host vger.cadencequest.com with IP 18.104.22.168.
> And in response to your response......
> Which MTA do you recommend once I can get a Linux box doing this work instead of IIS/SMTP? Postfix or Exim?
> Do you know if either of these can drop the private IP and masquerade as the first sender. Take a look at this header when I send mail to my hosting provider (they use Exchange):
> Received: from p01c12m042.mxlogic.net (10.2.3.200) by
> in001.collaborationhost.net (10.2.0.48) with Microsoft SMTP Server (TLS) id
> 8.1.336.0; Tue, 20 Oct 2009 17:45:35 -0500
> Received: from unknown [22.214.171.124] (EHLO vger.cadencequest.com) by
> p01c12m042.mxlogic.net(mxl_mta-6.4.0-1) with ESMTP id
> 85e3eda4.0.145772.00-002.222450.p01c12m042.mxlogic.net (envelope-from
> <testing at cadencequest.com>); Tue, 20 Oct 2009 16:48:56 -0600 (MDT)
> Received: from [127.0.0.1] ([10.1.1.132]) by vger.cadencequest.com with
> Microsoft SMTPSVC(6.0.3790.3959); Tue, 20 Oct 2009 18:48:55 -0400
> Message-ID: <4ADE3E57.10204 at cadencequest.com>
> Date: Tue, 20 Oct 2009 18:48:55 -0400
> From: Testing <testing at cadencequest.com>
> User-Agent: Thunderbird 126.96.36.199 (Windows/20090812)
> MIME-Version: 1.0
> To: <bsaxe at cadencequest.com>
> Subject: test from inside to mx logic
> Content-Type: text/plain; charset="ISO-8859-1"; format=flowed
> Content-Transfer-Encoding: 7bit
> Return-Path: testing at cadencequest.com
> X-OriginalArrivalTime: 20 Oct 2009 22:48:55.0816 (UTC) FILETIME=[81092880:01CA51D7]
> X-Spam: [F=0.2727272924; B=0.500(0); spf=0.500; CM=0.500; MH=0.500(2009102041); R=0.600(109920135825); S=0.200(2009101401); SC=none]
> X-MAIL-FROM: <testing at cadencequest.com>
> X-SOURCE-IP: [188.8.131.52]
> X-AnalysisOut: [v=1.0 c=1 a=ZmihKUyoeEcUd3hiEwlvtA==:17 a=g7MP8qffo_0StfaZ]
> X-AnalysisOut: [RBAA:9 a=ZuWXvylsVc6KpnLI_VAyXBQydAoA:4]
> X-MS-Exchange-Organization-PRD: cadencequest.com
> X-MS-Exchange-Organization-SenderIdResult: SoftFail
> Received-SPF: SoftFail (AUSP01MHUB01.collaborationhost.net: domain of
> transitioning testing at cadencequest.com discourages use of 10.1.1.132 as
> permitted sender)
> X-MS-Exchange-Organization-SCL: 5
> X-MS-Exchange-Organization-PCL: 2
> X-MS-Exchange-Organization-Antispam-Report: DV:3.3.5705.600;SID:SenderIDStatus SoftFail;OrigIP:10.1.1.132
> I want to avoid this:
> I don't know why this receiving server is using the MUA sender as the OrigIP. It seems the source IP is what I would expect: X-SOURCE-IP: [184.108.40.206], but it is using OrigIP for the SPF check. Maybe the admin of this server has configured their SFP checker incorrectly?
> When I send the same mail to gmail or yahoo, it uses my internet facing server with IP of 220.127.116.11 and passes SPF just fine, which is what I expected to happen.
> I want the MTA to make it look like the original sender is always my mail server with the public IP address if this is possible.
> --- On Tue, 10/20/09, James Ewing Cottrell 3rd <JECottrell3 at Comcast.NET> wrote:
>> From: James Ewing Cottrell 3rd <JECottrell3 at Comcast.NET>
>> Subject: Re: [Novalug] Internet email servers (maybe off topic)
>> To: "Brandon Saxe" <brandon20va at yahoo.com>
>> Cc: novalug at calypso.tux.org, "Nick Danger" <nick at hackermonkey.com>
>> Date: Tuesday, October 20, 2009, 1:02 PM
>> Make your Smart Hosts a pair of Linux
>> Boxes, one for inbound, one for outbound, each backing the
>> other up. You don't need to run SMTP Auth inside your LAN.
>> And the Linux Host shouldn't rewrite any Headers, even if it
>> does SMTP Auth to your ISP's relays.
>> Never Let a M$ MTA talk to the Internet.
>> Brandon Saxe wrote:
>>> I wish I could do that, but it doesn't seem to work
>> that way. When I set up the IIS SMTP relay the way it is
>> currently, it only allows to send email from one address.
>>> I have a mailbox set up on the provider with address
>> noreply at domain.com.
>> This is also the user name for SMTP-AUTH. When I send emails
>> to this relay, the FROM: mail address also has to be noreply at domain.com
>> (same as the primary email on the mailbox) or else the auth
>> rejects the mail.
>>> I want to be able to send mail from multiple email
>> addresses such as:
>>> -noreply at domain.com
>>> -backupserver at domain.com
>>> -support at domain.com
>>> -so on and so forth.
>>> Currently, the only supported address is noreply at domain.com
>> because that is the addresss associated to the smtp-auth
>> account. My company's provider seems to be pretty lame so
>> far in helping me with this. In fact, they don't even
>> support my using this mailbox as a relay account as it is.
>> Of course, I only chatted with first level support. If I
>> can't get resolution I'll be forced to talk to some
>>> Any other thoughts/ideas?
>>> --- On Tue, 10/13/09, Nick Danger <nick at hackermonkey.com>
>>>> From: Nick Danger <nick at hackermonkey.com>
>>>> Subject: Re: [Novalug] Internet email servers
>> (maybe off topic)
>>>> To: novalug at calypso.tux.org
>>>> Date: Tuesday, October 13, 2009, 8:19 PM
>>>> On Tue, 13 Oct 2009 16:56:07 -0700
>>>> Brandon Saxe <brandon20va at yahoo.com>
>>>>> Are my assumptions correct? Will this work? Is
>> there a
>>>> better way
>>>>> (aside from my dumping my provider or hosting
>>>> Cant you just set up a single host on your lan to
>> be a
>>>> smart relay?
>>>> That host would accept the email from all the
>> other hosts
>>>> on your lan
>>>> (including those old ones that cant do smtp-auth)
>> then the
>>>> smart host
>>>> would send all the mail via smtp-auth through your
>>>> How would that work?
>>>> Novalug mailing list
>>>> Novalug at calypso.tux.org
>>> Novalug mailing list
>>> Novalug at calypso.tux.org
>>> No virus found in this incoming message.
>>> Checked by AVG - www.avg.com Version: 8.5.421 / Virus
>> Database: 270.14.12/2431 - Release Date: 10/12/09 13:01:00
>> No virus found in this incoming message.
>> Checked by AVG - www.avg.com
>> Version: 8.5.423 / Virus Database: 270.14.24/2449 - Release Date: 10/20/09 18:42:00
More information about the Novalug