[Novalug] Internet email servers (maybe off topic)

James Ewing Cottrell 3rd JECottrell3 at Comcast.NET
Wed Oct 21 18:23:34 EDT 2009 

Well,if it was me, I'd use sendmail, because for all it's bugs and 
exploits, I've been using it for 20 years, and I think most of the 
exploits are behind us.

But I'm not sure I'd recommend that path to a newbie. You could ask your 
ISP what they recommend. In fact, they might even give you a Standard 
Customer MTA Gateway configuration file.

JIM

Brandon Saxe wrote:
> Again a disclaimer: I am no mail expert and this is my first attempt at setting up a legitimate SMTP outbound host to the internet.....
> 
> 
> And another note.... I have already set up DNS, rDNS, and an SPF record for my host vger.cadencequest.com with IP 66.95.81.102.
> 
> And in response to your response......
> Which MTA do you recommend once I can get a Linux box doing this work instead of IIS/SMTP? Postfix or Exim?
> 
> Do you know if either of these can drop the private IP and masquerade as the first sender. Take a look at this header when I send mail to my hosting provider (they use Exchange):
> 
> Received: from p01c12m042.mxlogic.net (10.2.3.200) by
>  in001.collaborationhost.net (10.2.0.48) with Microsoft SMTP Server (TLS) id
>  8.1.336.0; Tue, 20 Oct 2009 17:45:35 -0500
> Received: from unknown [66.95.81.102] (EHLO vger.cadencequest.com)	by
>  p01c12m042.mxlogic.net(mxl_mta-6.4.0-1)	with ESMTP id
>  85e3eda4.0.145772.00-002.222450.p01c12m042.mxlogic.net (envelope-from
>  <testing at cadencequest.com>);	Tue, 20 Oct 2009 16:48:56 -0600 (MDT)
> Received: from [127.0.0.1] ([10.1.1.132]) by vger.cadencequest.com with
>  Microsoft SMTPSVC(6.0.3790.3959);	 Tue, 20 Oct 2009 18:48:55 -0400
> Message-ID: <4ADE3E57.10204 at cadencequest.com>
> Date: Tue, 20 Oct 2009 18:48:55 -0400
> From: Testing <testing at cadencequest.com>
> User-Agent: Thunderbird 2.0.0.23 (Windows/20090812)
> MIME-Version: 1.0
> To: <bsaxe at cadencequest.com>
> Subject: test from inside to mx logic
> Content-Type: text/plain; charset="ISO-8859-1"; format=flowed
> Content-Transfer-Encoding: 7bit
> Return-Path: testing at cadencequest.com
> X-OriginalArrivalTime: 20 Oct 2009 22:48:55.0816 (UTC) FILETIME=[81092880:01CA51D7]
> X-Spam: [F=0.2727272924; B=0.500(0); spf=0.500; CM=0.500; MH=0.500(2009102041); R=0.600(109920135825); S=0.200(2009101401); SC=none]
> X-MAIL-FROM: <testing at cadencequest.com>
> X-SOURCE-IP: [66.95.81.102]
> X-AnalysisOut: [v=1.0 c=1 a=ZmihKUyoeEcUd3hiEwlvtA==:17 a=g7MP8qffo_0StfaZ]
> X-AnalysisOut: [RBAA:9 a=ZuWXvylsVc6KpnLI_VAyXBQydAoA:4]
> X-MS-Exchange-Organization-PRD: cadencequest.com
> X-MS-Exchange-Organization-SenderIdResult: SoftFail
> Received-SPF: SoftFail (AUSP01MHUB01.collaborationhost.net: domain of
>  transitioning testing at cadencequest.com discourages use of 10.1.1.132 as
>  permitted sender)
> X-MS-Exchange-Organization-SCL: 5
> X-MS-Exchange-Organization-PCL: 2
> X-MS-Exchange-Organization-Antispam-Report: DV:3.3.5705.600;SID:SenderIDStatus SoftFail;OrigIP:10.1.1.132
> 
> I want to avoid this:
> SoftFail;OrigIP:10.1.1.132
> 
> I don't know why this receiving server is using the MUA sender as the OrigIP. It seems the source IP is what I would expect: X-SOURCE-IP: [66.95.81.102], but it is using OrigIP for the SPF check. Maybe the admin of this server has configured their SFP checker incorrectly?
> 
> When I send the same mail to gmail or yahoo, it uses my internet facing server with IP of 66.95.81.102 and passes SPF just fine, which is what I expected to happen. 
> 
> I want the MTA to make it look like the original sender is always my mail server with the public IP address if this is possible.
> 
> TIA,
>   Brandon
> 
> 
> 
> --- On Tue, 10/20/09, James Ewing Cottrell 3rd <JECottrell3 at Comcast.NET> wrote:
> 
>> From: James Ewing Cottrell 3rd <JECottrell3 at Comcast.NET>
>> Subject: Re: [Novalug] Internet email servers (maybe off topic)
>> To: "Brandon Saxe" <brandon20va at yahoo.com>
>> Cc: novalug at calypso.tux.org, "Nick Danger" <nick at hackermonkey.com>
>> Date: Tuesday, October 20, 2009, 1:02 PM
>> Make your Smart Hosts a pair of Linux
>> Boxes, one for inbound, one for outbound, each backing the
>> other up. You don't need to run SMTP Auth inside your LAN.
>> And the Linux Host shouldn't rewrite any Headers, even if it
>> does SMTP Auth to your ISP's relays.
>>
>> Never Let a M$ MTA talk to the Internet.
>>
>> JIM
>>
>> Brandon Saxe wrote:
>>> I wish I could do that, but it doesn't seem to work
>> that way. When I set up the IIS SMTP relay the way it is
>> currently, it only allows to send email from one address.
>>> I have a mailbox set up on the provider with address
>> noreply at domain.com.
>> This is also the user name for SMTP-AUTH. When I send emails
>> to this relay, the FROM: mail address also has to be noreply at domain.com
>> (same as the primary email on the mailbox) or else the auth
>> rejects the mail.
>>> I want to be able to send mail from multiple email
>> addresses such as:
>>> -noreply at domain.com
>>> -backupserver at domain.com
>>> -support at domain.com
>>> -so on and so forth.
>>>
>>> Currently, the only supported address is noreply at domain.com
>> because that is the addresss associated to the smtp-auth
>> account. My company's provider seems to be pretty lame so
>> far in helping me with this. In fact, they don't even
>> support my using this mailbox as a relay account as it is.
>> Of course, I only chatted with first level support. If I
>> can't get resolution I'll be forced to talk to some
>> management.
>>> Any other thoughts/ideas?
>>>
>>> Thanks!
>>>
>>> --- On Tue, 10/13/09, Nick Danger <nick at hackermonkey.com>
>> wrote:
>>>> From: Nick Danger <nick at hackermonkey.com>
>>>> Subject: Re: [Novalug] Internet email servers
>> (maybe off topic)
>>>> To: novalug at calypso.tux.org
>>>> Date: Tuesday, October 13, 2009, 8:19 PM
>>>> On Tue, 13 Oct 2009 16:56:07 -0700
>>>> (PDT)
>>>> Brandon Saxe <brandon20va at yahoo.com>
>>>> wrote:
>>>>
>>>>> Are my assumptions correct? Will this work? Is
>> there a
>>>> better way
>>>>> (aside from my dumping my provider or hosting
>> mail
>>>> myself)?
>>>>
>>>> Cant you just set up a single host on your lan to
>> be a
>>>> smart relay?
>>>> That host would accept the email from all the
>> other hosts
>>>> on your lan
>>>> (including those old ones that cant do smtp-auth)
>> then the
>>>> smart host
>>>> would send all the mail via smtp-auth through your
>> current
>>>> provider.
>>>>
>>>> How would that work?
>>>>
>>>> Nick
>>>> _______________________________________________
>>>> Novalug mailing list
>>>> Novalug at calypso.tux.org
>>>> http://calypso.tux.org/mailman/listinfo/novalug
>>>>
>>> _______________________________________________
>>> Novalug mailing list
>>> Novalug at calypso.tux.org
>>> http://calypso.tux.org/mailman/listinfo/novalug
>>>
>>>
>>>
>> ------------------------------------------------------------------------
>>>
>>> No virus found in this incoming message.
>>> Checked by AVG - www.avg.com Version: 8.5.421 / Virus
>> Database: 270.14.12/2431 - Release Date: 10/12/09 13:01:00
>>
>> ------------------------------------------------------------------------
>>
>>
>> No virus found in this incoming message.
>> Checked by AVG - www.avg.com 
>> Version: 8.5.423 / Virus Database: 270.14.24/2449 - Release Date: 10/20/09 18:42:00
>>

More information about the Novalug mailing list