Re: Anyone tri-homed SBS2003?
From: Javier Gomez [SBS MVP] (javier_gomez_at_REMOVE.THIS.engineer.com)
Date: 10/11/04
- Next message: Andrew Carra: "RE: Share Point Central fails after Exchange SP1 installed on SBS2"
- Previous message: Ray H: "Connection manager download extraction error"
- In reply to: Chris: "Re: Anyone tri-homed SBS2003?"
- Next in thread: Thomas L. Goodson: "Re: Anyone tri-homed SBS2003?"
- Reply: Thomas L. Goodson: "Re: Anyone tri-homed SBS2003?"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 11 Oct 2004 18:37:21 -0400
Hi Chris!
The exact verification procedure depends on the ISP (step #4), but for the
purpose of explaining how this works I'm going to talk about AOL (which in
my opinion is one of the most restrictive ones).
This is what happens (simplifyied, of course):
1) You relay an email destined to someone@aol.com to smtp.comcast.net (the
"from to" address can be whatever@example.com).
2) Comcast mailservers make a DNS query to obtain the MX records of aol.com
3) Comcast mailservers establishes a connection to the hostname on #2 and
sends an SMTP greeting (i.e EHLO mailserver.comcast.net) and tries to relay
the email to AOL.
4) AOL checks what is the IP of their mailserver and looks for the PTR entry
of that IP and finds out that x.x.x.x is mailserver.comcast.net. Since the
PTR record matches the EHLO greeting then mail is accepted (if you pass the
other tests too, like open relay, dynamic IP, etc.).
As you can see the "from to" address is not used in the verification process
at all. In fact, many ISPs don't even check if they match they simply check
that the record exists and thats all.
As a side note... this is the reason why ISPs are eager to implement SPF
(sender policy framework) because then the owner of the domain has to
authorize the mailservers that are responsable for your mail... but that is
another story for some other time :-)
Is this clearer now? Let us know.
-- Javier [SBS MVP] << SBS ROCKS!!! >> "Chris" <anonymous@discussions.microsoft.com> wrote in message news:014c01c4afdc$9a098e80$a601280a@phx.gbl... >I understand how a smart host works. What I don't > understand is how a reverse lookup on SMTP.Comcast.net is > going to return a PTR record for mydomain.com. For > instance, if I ping SMTP.Comcast.net I get IP > 216.148.227.125. Then I go to DNSStuff.com and do a > reverse lookup to get the PTR record for that IP. It > retruns smtp.comcast.net not mail.mydomain.com. Now how > am I going to convince Comcast to add a PTR record to map > to mydomain.com? Remember this is a reverse lookup on the > IP, not the domain name. > > Chris >>-----Original Message----- >>Hi Chris! >> >>I think you are misunderstanding how a smarthost works. > If you use Comcast >>mailservers you can relay mail from *any* address and > there is no chance >>that your mail will be rejected because dynamic IPs, > rDNS or Open Relay >>Blacklist (unless Comcast is blacklisted, which > shouldn't happen). The issue >>is that Reverse DNS lookups doesn't work in the way you > described. >> >>To learn more about DNS vs. Smarthosts check this out: >>http://www.sbslinks.com/DNS_Smarthost.htm >> >>I would be more than happy to explain to you the details > of blocking spam >>using Reverse DNS lookups (if you still have questions > after reading the >>aformentioned document). If you still don't believe > me... and people say >>"seeing is beliving", then you can send me an email and > I will reply to it >>using my home server (you can then examine the headers > by yourself and see >>that what I'm telling you is true). >> >>It will work... just try it. :-) >> >>-- >>Javier [SBS MVP] >> >><< SBS ROCKS!!! >> >> >>"Chris" <anonymous@discussions.microsoft.com> wrote in > message >>news:013701c4afd6$4efc5b80$a601280a@phx.gbl... >>> That might work for Comcast email addresses, but it > will >>> fail when companies do reverse lookups on the IP or my >>> domain name. Then mail will then be kicked out as spam >>> since the IP doesn't resolve to my domain name. >>> >>> Chris >>>>-----Original Message----- >>>>BTW-> You don't even need to authenticate (because you >>> are in their >>>>network). >>>> >>>>-- >>>>Javier [SBS MVP] >>>> >>>><< SBS ROCKS!!! >> >>>> >>>>"Javier Gomez [SBS MVP]" >>> <javier_gomez@REMOVE.THIS.engineer.com> wrote in >>>>message news:Oowt8N9rEHA.4008@TK2MSFTNGP14.phx.gbl... >>>>>> ISP is Comcast - no smarthost available. >>>>> >>>>> Hmmm... I think you probably are confusing what a >>> Smarthost is. I use >>>>> Comcast at home as a smarthost... no issues (use >>> smtp.comcast.net). >>>>> >>>>> -- >>>>> Javier [SBS MVP] >>>>> >>>>> << SBS ROCKS!!! >> >>>>> >>>> >>>> >>>>. >>>> >> >> >>. >>
- Next message: Andrew Carra: "RE: Share Point Central fails after Exchange SP1 installed on SBS2"
- Previous message: Ray H: "Connection manager download extraction error"
- In reply to: Chris: "Re: Anyone tri-homed SBS2003?"
- Next in thread: Thomas L. Goodson: "Re: Anyone tri-homed SBS2003?"
- Reply: Thomas L. Goodson: "Re: Anyone tri-homed SBS2003?"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
