Printable Version of Topic
Click here to view this topic in its original format
XMail Forum > Documentation and Knowledge Base > How Anti-Spam Tests work ..


Posted by: hschneider Jun 24 2004, 01:54 PM
This is a list of the tests which some of the most paranoid servers out there will run against you:

QUOTE

With your server's IP:
Query DNS for PTR record of ip (reverse lookup)
Does the PTR record exist?
No: reject mail.
Does the PTR record refer to the HELO / EHLO hostname?
No: reject mail.
Does the ip address's "PTR hostname" have an A record??
No: reject mail.
Does the ip address's "PTR hostname" have an MX record??
No: reject mail.
Is the ip address in Mail-Abuse.org's MAPS databases of black-holes, open-relays, or dial-ups?
Yes: reject mail.
Is the reverse delegation the existent and/or correct?
No: reject mail.

With the HELO / EHLO hostname:
Does the hostname resolve to an A record?
No: reject mail.
Does the hostname resolve to an MX record?
No: reject mail.
Is the hostname a FQHN: Fully Qualified Host Name ?
No: reject mail.
If there is an A record, is the ip address in Mail-Abuse.org's MAPS databases of black-holes, open-relays, or dial-ups?
Yes: reject mail.

With the MAIL FROM: @senderdomain:
Does the senderdomain resolve to an A record?
No: reject mail.
Does the senderdomain resolve to an MX record?
No: reject mail.
Is the senderdomain a FQHN: Fully Qualified Host Name ?
No: reject mail.
If there is an A record, is the ip address in Mail-Abuse.org's MAPS databases of black-holes, open-relays, or dial-ups?
Yes: reject mail.


How to harden your XMail server for this:
- Make sure, that HeloDomain in your server.tab contains a registered domain name and can be resolved by a RDNS query. See http://dnsstuff.org for some useful utilities.
- If your are on a dynamic IP range, delgate outgoing mails to your ISP's SMTP via smtpfwd.tab.

If you run your own DNS:
Make sure your DNS has been delegated with reverse authority for your ip blocks by a higher, wider authority DNS.
If your DNS is delegated with reverse zone authority, make sure your reverse zone is setup perfectly, at least for the ip addresses of your mail servers.
Check your reverse zone: Is it, or is it not, working? If you get no results or the results are not what you put in your db. reverse zone file, then your reverse zone is broken.

For every domain in your DNS, make sure the zone files contain at least these records:

$ORIGIN mydomain.com.
@ A ip.ad.re.ss
@ MX 10 mailhost.domain.com.

For every mail host (real and virtual) in your DNS, make sure the zone files contain at least these records:

$ORIGIN somedomain.com.
mailhost A ip.ad.re.ss
@ MX 10 mailhost.somedomain.com.
mailhost MX 10 mailhost.somedomain.com.

Also read this:
http://www.faqs.org/rfcs/rfc1912.html

If you have a dynamic IP address:
Then many servers will classify your mails as SPAM. Use smtpfwd.tab to delegate the sending task to a server on a fixed IP (your ISP's SMTP?). If this erver requires SMTP auth, then you'll have to setup MailRoot/userauth/smtp/name_of_forwarding_server.tab
See chapter USERAUTH in the XMail manual for details.

You have checked all this but you are still in trouble?
Use XQM ( http://xmail.marketmix.com ) to examine frozen messages in your mail queue. This will give you hints about the reason why deliver failed. In most cases a remote server's reply contains additional infos why a message was rejected.

Posted by: hschneider May 21 2005, 12:23 AM
AOL has added the obviously most psychotic test out there:

If your message content contains a mailformed URL, it will be rejected !
See http://postmaster.info.aol.com/errors/554hvunr.html for details.

E.g. http://www.marketmix.com will be accepted but http://www.marketmix.com/ will not !

Hope they will take this one offline soon ...

Posted by: hschneider May 21 2005, 12:26 AM
The complete list of AOL's anti-spam tests can be viewed here:

http://postmaster.info.aol.com/errors/

This is very interesting, because many of these rules are adopted by other servers out there.

Powered by Invision Power Board (http://www.invisionboard.com)
© Invision Power Services (http://www.invisionpower.com)