Linode.com Forum

[pmmenneg]

Email sent from my website is not arriving to a few key memebrs of a site I run, yet arrives perfectly at others.
Affected domains include aol.com and others.

My website is on the following ip:

65.19.178.[not shown]

I have tried searching but I can't seem to find out where this ip range may be blocked...

Can anyone help?

Thanks,

PM

[Xan]

You can always test mail acceptance using telnet. Example:

Code: # telnet mailin-03.mx.aol.com smtp
Trying 64.12.137.249...
Connected to xa.mx.aol.com.
Escape character is '^]'.
220-rly-xa04.mx.aol.com ESMTP mail_relay_in-xa4.4; Mon, 21 Mar 2005 02:49:55 -0500
220-America Online (AOL) and its affiliated companies do not
220-     authorize the use of its proprietary computers and computer
220-     networks to accept, transmit, or distribute unsolicited bulk
220-     e-mail sent from the internet.  Effective immediately:  AOL
220-     may no longer accept connections from IP addresses which
220      have no reverse-DNS (PTR record) assigned.
helo mydomain.com
250 rly-xa04.mx.aol.com OK
mail from: <>
250 OK
rcpt to: <jsmith@aol.com>
250 OK
quit
221 SERVICE CLOSING CHANNEL
Connection closed by foreign host.


In this case, the 250 OK tells us everything went fine. A code in the 500s means a permanent failure, and a code in the 400s means a temporary failure.

If I had to guess what your problem is, I'd say it's the reverse DNS that the greeting says may be required. Do you have reverse DNS set up?

[pclissold]

Xan wrote: If I had to guess what your problem is, I'd say it's the reverse DNS that the greeting says may be required. Do you have reverse DNS set up?
Even if you don't set up reverse DNS, caker provides a default of the form li?-???.members.linode.com where the '?'s are digits.

Worth checking it's actually there in your case.

[adamgent]

AOL have also started to require SPF entries for the domain.

Adam

[pmmenneg]

adamgent wrote: AOL have also started to require SPF entries for the domain.

Adam

Thanks for the response. Sorry if this has been covered elsewhere, but how would I go about checking for and setting SPF entries?

Thanks!

[rjp]

This page has information on how to set up SPF.

[pmmenneg]

pclissold wrote: Xan wrote: If I had to guess what your problem is, I'd say it's the reverse DNS that the greeting says may be required. Do you have reverse DNS set up?
Even if you don't set up reverse DNS, caker provides a default of the form li?-???.members.linode.com where the '?'s are digits.

Worth checking it's actually there in your case.

Thank you. How exactly would I go about checking to see if my reverse DNS is working / configured?

I appreciate any help you can offer, or point me in the right direction if this has been covered.

Paul

[sweh]

adamgent wrote: AOL have also started to require SPF entries for the domain.
If AOL _require_ SPF entries then they are losers big time. Well, nothing new there! If AOL take advantage of SPF, if it's available, then good good good!

The SPF specs say that no SPF entries count as "unknown"; anyone rejecting mail based purely on that are losers.

[NecroBones]

AOL doesn't require SPF. They use it themselves and block if valid SPF rules exist and they prove the incoming message is forged.

SPF is easy to set up if you have control of your zone, and can add TXT records. I highly recommend it. It won't stop spam, but if everyone were to use SPF, it would certainly stop the from-address forging.

[pclissold]

pmmenneg wrote: How exactly would I go about checking to see if my reverse DNS is working / configured?

Code: dig -x aaa.bbb.ccc.ddd where 'aaa.bbb.ccc.ddd' is the IP address whose reverse DNS you want to check. If you get an answer containing something like: Code: aaa.bbb.ccc.ddd.in-addr.arpa. 86400 IN     PTR     your.domain.com. then RDNS is working. If the reply doesn't contain an in-addr-arpa record, then RDNS is either not configured or broken.

[pclissold]

I believe the confusion over AOL using / requiring SPF arises because they are using it for incoming mail but are about to require it for senders on their global whitelist.

[tronic]

To see if you're on any of the ~30 RBL lists, go to:

http://www.openrbl.org

and enter the IP address of your mail server.

If you see any positive matches, means you're on someone's RBL list.

I believe one of Linode's upstream ISPs (ThePlanet, specifically) is on the FIVETEN RBL, so you will have at least one hit... but should not be on more than one RBL list.

[sednet]

Hurricane Electric seems to be listed by blackholes.us and spews level 2.
http://spews.org/html/S2100.html is quite interesting.

Anyone else want to email HE and tell them if they don't get the scum
off their netblocks we don't want to deal with them directly or indirectly?
Even if we don't mean it they may do something.

[NeonNero]

You can check your IP against a long list of RBLs here as well:
http://rbls.org/

As far as I can tell, it checks against about 50 blacklists, so it should cover a lot. And as the page says, input your IP address, click the button, red means you're listed, green means you're not listed, yellow means unknown, the results are sorted with the red listings on top.

[sednet]

pmmenneg,

Can you post the section of your maillog that shows your mail being rejected?

That will give us more clue what is going on.