Thanks Al, I appreciate your thorough answer. RFC 821 is pretty loose in terms of the semantic requirements of the SMTP "conversation," and your explanation clarifies very well why. I guess a discussion of the SMTP protocol is outside the realm of this list, but I'll let it suffice to say that until the more recent RFCs (such as 2505) carry more weight with software developers and administrators, or until a better protocol is developed, UCE will continue to plague us. Greg Lara IT Department Anti-Defamation League 823 UN Plaza New York, NY 10017 (212) 885-7764 (voice) (212) 885-5807 (fax) glara@xxxxxxx Use the ADL Helpdesks: IT: http://www.webhelpdesk.com/cgi-bin/WebObjects/HostedHelpdesk.woa/wa?id=25 Development: http://www.webhelpdesk.com/cgi-bin/WebObjects/HostedHelpdesk.woa/wa?id=49 ---------------------------------------------------------------------------- --------------------------- This e-mail message may contain privileged, confidential and/or proprietary information intended only for the person(s) named. If you are not the intended recipient, please destroy this message, and any attachments, and notify the sender by return e-mail. If you are not the intended recipient(s), or the employee or agent responsible for delivering the message to the intended recipient(s), you are hereby notified that any dissemination, disclosure or copying of this communication is strictly prohibited. ---------------------------------------------------------------------------- --------------------------- -----Original Message----- From: Mulnick, Al [mailto:Al.Mulnick@xxxxxxxxxx] Sent: Thursday, August 12, 2004 9:34 AM To: [ExchangeList] Subject: [exchangelist] RE: can't send to yahoo.com http://www.MSExchange.org/ Thanks Greg. That helps out and you are correct that I inferred the thought from the phrases used. To answer your question: In your example, the sending domain is houstonjewish.org. The sending MTA is sbserver.JFED.local. I see absolutely nothing wrong with that in the SMTP world at all. Wouldn't be too different for my own domain which hosts + 150 domains but only has one for the FQDN of the host. Hosting organizations would do likewise, right? ISP's, ASP's, etc. that host other domains (could anyway). That would be a single host responsible for many domains. It still complies with the RFC since it identifies the 'sender-SMTP' or sending MTA a.k.a. 'the client' to the receiving MTA. I'm of the opinion that this is in the RFCs more for troubleshooting and returning undeliverable mail than anything else. Keep in mind that when the RFC's were written by J. Postel, they had a lot of other competing technologies. Some are still out there. The networks were not nearly as prevalent nor as good and name resolution was a new concept (DNS) still being worked out. To get an email from one host to another reliably was a major accomplishment. To do so repetitively was almost impossible. At the time, there were other mailers out there as well and you had to play nicely with them. That's one reason Sendmail is so prevalent IMHO - it was good at working as glue with different mailers. IBM and DEC were the biggest players at the time and they each had a different product that was competing for email dollars. It was possible (still is) to route a message through different hosts to get to the destination vs. a lot of the smaller companies today that put a single mailer up and talk to other small companies that have a single mailer. Having those mailers identified in the headers was a big deal since you may have to figure out which host decided it couldn't deliver mail to the next in the route. Hence, SMTP was designed as store and forward meaning that each host was expected to 'own' the message once it accepted it. The concept of client and server is used many times to describe SMTP and it should be noted that a client is the host that submits a message to the server; a user interaction is not required nor is a UA. A host on the route to final disposition is a server at one point in the routing and a client later when it submits it to the next mailer and so on until final disposition. The SMTP user agent (UA) is responsible for identifying the sending domain in the message upon initial submission and mailers MUST NOT change that (not that they don't, but...) in the headers strictly speaking. The hosts will strike up a conversation with each other and identify each other, but whether the sending domain is the same in the message as the host that sent it is not a requirement or even possible in many instances. That's an afterthought that people try in order to cope with UCE. But since SMTP is architected to be open, it's got issues at the core with matching the sender's domain with the server's domain. There is no reasonable expectation that this is the case and that is what the major failing of reverse DNS is in this scenario. However, reverse DNS is used because it makes it more difficult to spoof the client ip address in the SMTP conversation and you at least have a shot at tracking a message back to the originating host with some sort of accuracy; makes obscurity harder. It doesn't work well at stopping UCE/spam and it has a significant cost overhead (in terms of computing costs) if it has to decompose each piece of email and then compare that to the DNS .in-addr.arpa resource records of the submitting host. As in the example above, it can also disrupt legitimate mail transfer especially in organizations with more than one mailer in their realm of responsibility. Reverse DNS does often interrupt the expected workings of SMTP mail as can other items designed to filter legitimate from non-legitimate mail. We've seen plenty of that lately in the form of militant and liberal use of SPF which is likely no better than reverse DNS for the same reasons noted above. On that note, I notice that the internet draft from pobox.com is about to expire and is no longer listed anywhere official other than their own website. Does anyone have the story on that? I notice there are some drafts from Sendmail and Microsoft separately that look like they are similar, but can't tell what happened with the SPF stuff. Makes me curious. :) Al -----Original Message----- From: Lara, Greg [mailto:GLara@xxxxxxx] Sent: Wednesday, August 11, 2004 4:28 PM To: [ExchangeList] Subject: [exchangelist] RE: can't send to yahoo.com http://www.MSExchange.org/ Al, I'm not suggesting the RFC says MUST in referring to this technique, but perhaps you inferred that when I used the phrase 'adherence to the RFCs,' which is understandable. And as I said, we found out pretty quickly that this isn't a reliable method of identifying spam, so we gave it up. I may have been mixing my mail server configuration issues, so let me clarify my statements about Exchange misconfigurations. Our SMTP relays generate reject warnings when the hostname sent in the helo statement isn't "valid". Take the following log entry (it will be wrapped, but it's one line): Aug 11 19:05:18 relay postfix/smtpd[64170]: 955B2259A86: reject_warning: RCPT from mail.houstonjewish.org[68.88.10.185]: 550 <sbserver.JFED.local>: Helo command rejected: Invalid Hostname; from=<xxxx@xxxxxxxxxxxxxxxxx> to=<xxxxx@xxxxxxx> proto=ESMTP helo=<sbserver.JFED.local> Their DNS states that their mail server is mail.houstonjewish.org, but when the server connects to another relay, it greets it with sbserver.JFED.local. From RFC 821: "HELLO (HELO) This command is used to identify the sender-SMTP to the receiver-SMTP. The argument field contains the host name of the sender-SMTP." Would you say that the above SMTP transaction to complies with this RFC? Given that the mail and external domains are houstonjewish.org, I'd say no. So I'd say that this Exchange server isn't configured correctly. I see a lot of these. Greg Lara IT Department Anti-Defamation League 823 UN Plaza New York, NY 10017 (212) 885-7764 (voice) (212) 885-5807 (fax) glara@xxxxxxx Use the ADL Helpdesks: IT: http://www.webhelpdesk.com/cgi-bin/WebObjects/HostedHelpdesk.woa/wa?id=25 Development: http://www.webhelpdesk.com/cgi-bin/WebObjects/HostedHelpdesk.woa/wa?id=49 ---------------------------------------------------------------------------- --------------------------- This e-mail message may contain privileged, confidential and/or proprietary information intended only for the person(s) named. If you are not the intended recipient, please destroy this message, and any attachments, and notify the sender by return e-mail. If you are not the intended recipient(s), or the employee or agent responsible for delivering the message to the intended recipient(s), you are hereby notified that any dissemination, disclosure or copying of this communication is strictly prohibited. ---------------------------------------------------------------------------- --------------------------- -----Original Message----- From: Mulnick, Al [mailto:Al.Mulnick@xxxxxxxxxx] Sent: Wednesday, August 11, 2004 3:19 PM To: [ExchangeList] Subject: [exchangelist] RE: can't send to yahoo.com http://www.MSExchange.org/ No, realistically you need to look closer at the reason the message wasn't delivered or was delayed. The reporting MTA is the important field for this at the moment as is the NDR code if there is one; can you post those? Note that delays are not uncommon, especially when viruses are mucking around on the internet. Non-delivery on the other hand would be something to be concerned about. AOHELL for example seems to be causing some issues lately with their implementation of SPF records although they say they have not implemented them yet. Possibly some other system that's not happy to get mail for all I know. Not sure how that fits into Greg's world though, since SPF is only an RFC draft from what I've heard (http://spf.pobox.com/spf-draft-200406.txt). Greg, how about showing me the RFC that discusses the MUST use reverse DNS PTR RR's?? I'm having trouble finding an RFC that says I MUST use them. You may be referring to rfc2505, but last I checked it said, "9) SHOULD be able to verify "MAIL From:" domain (using DNS or other means)." vs. MUST indicating that not everyone can or should use this method to identify spam or UCE. That's a far cry from the blanket statement you made or your survey of Exchange admins vs. other mailer admins. Can you show me the RFC? I'm interested since I've apparently missed that in my RFC reading and I hate to miss something like that. -Al -----Original Message----- From: luke levis [mailto:luke.levis@xxxxxxxxxx] Sent: Wednesday, August 11, 2004 3:02 PM To: [ExchangeList] Subject: [exchangelist] RE: can't send to yahoo.com http://www.MSExchange.org/ so the MX record matches the FQDN, and still no go do I need to stop and restart services.... once Greg pointed me to the MX record thing my FQDN was the servername.smginc.com not the same as the MX record so I added a record in our internal DNS and changed the FQDN to match the MX record and clicked the "Check DNS" button and it said it's valid, but still can't send to certain ISP's -----Original Message----- From: Lara, Greg [mailto:GLara@xxxxxxx] Sent: Wednesday, August 11, 2004 2:18 PM To: [ExchangeList] Subject: [exchangelist] RE: can't send to yahoo.com http://www.MSExchange.org/ You wouldn't. That error indicates that the message was received, but not yet delivered to the recipient. It's quite possibly an internal problem that yahoo or the recipient is having, and has nothing to do with your configuration. Greg Lara ---------------------------------------------------------------------------- --------------------------- This e-mail message may contain privileged, confidential and/or proprietary information intended only for the person(s) named. If you are not the intended recipient, please destroy this message, and any attachments, and notify the sender by return e-mail. If you are not the intended recipient(s), or the employee or agent responsible for delivering the message to the intended recipient(s), you are hereby notified that any dissemination, disclosure or copying of this communication is strictly prohibited. ---------------------------------------------------------------------------- --------------------------- -----Original Message----- From: luke levis [mailto:luke.levis@xxxxxxxxxx] Sent: Wednesday, August 11, 2004 2:12 PM To: [ExchangeList] Subject: [exchangelist] RE: can't send to yahoo.com http://www.MSExchange.org/ it says 220 YSmtp mta399.mail.scd.yahoo.com ESMTP service ready and I don't see anything in the queue waiting to go to yahoo.com -----Original Message----- From: Mark Fugatt [mailto:mark@xxxxxxxxx] Sent: Wednesday, August 11, 2004 2:06 PM To: [ExchangeList] Subject: [exchangelist] RE: can't send to yahoo.com http://www.MSExchange.org/ Ahh, so the message has not failed, its been delayed, if you look at your SMTP queues do you see a lot of mail sitting in the queues, if you goto your Exchange server and open a command prompt and type: TELNET mx1.mail.yahoo.com 25 What happens? Mark Fugatt MCSE, MCT, Microsoft Exchange MVP Pentech Office Solutions Inc Rochester, NY Tel: 585 586 3890 Cell: 585 576 4750 http://www.4mcts.com http://www.exchangetrainer.com -----Original Message----- From: luke levis [mailto:luke.levis@xxxxxxxxxx] Sent: Wednesday, August 11, 2004 2:00 PM To: [ExchangeList] Subject: [exchangelist] RE: can't send to yahoo.com http://www.MSExchange.org/ my FQDN is the same as my MX record.. we use sprint as our ISP should I give them a call.. or will they tell me to go pound sand.. also one of our (ab)users told me he can't email aol.com, and hp.com, and I get these back This is an automatically generated Delivery Status Notification. THIS IS A WARNING MESSAGE ONLY. YOU DO NOT NEED TO RESEND YOUR MESSAGE. Delivery to the following recipients has been delayed. psupeb@xxxxxxxxx burghfansc@xxxxxxxxx -----Original Message----- From: Lara, Greg [mailto:GLara@xxxxxxx] Sent: Wednesday, August 11, 2004 1:08 PM To: [ExchangeList] Subject: [exchangelist] RE: can't send to yahoo.com http://www.MSExchange.org/ I have to say that we have seen this problem with many exchange sites. A lot of admins (damn newbies) don't know to set their SMTP FQDN to the same as their MX record in DNS, which is cause for an increasing number of ISPs to reject mail, and for good reason. Greg Lara ---------------------------------------------------------------------------- --------------------------- This e-mail message may contain privileged, confidential and/or proprietary information intended only for the person(s) named. If you are not the intended recipient, please destroy this message, and any attachments, and notify the sender by return e-mail. If you are not the intended recipient(s), or the employee or agent responsible for delivering the message to the intended recipient(s), you are hereby notified that any dissemination, disclosure or copying of this communication is strictly prohibited. ---------------------------------------------------------------------------- --------------------------- -----Original Message----- From: Rich Tibbets [mailto:rtibbets@xxxxxxxxxxxxxxxx] Sent: Wednesday, August 11, 2004 12:50 PM To: [ExchangeList] Subject: [exchangelist] RE: can't send to yahoo.com http://www.MSExchange.org/ Could you send the NDR, I just had a problem with my users not being able to send to AOL users. It turned out to be DNS issue reverse DNS lookup issue. Once my ISP corrected this we could send to our AOL clients again. Rich Tibbets -----Original Message----- From: Lara, Greg [mailto:GLara@xxxxxxx] Sent: Wednesday, August 11, 2004 11:55 AM To: [ExchangeList] Subject: [exchangelist] RE: can't send to yahoo.com http://www.MSExchange.org/ Luke, is the NDR coming from your exchange server or from yahoo? Greg Lara -----Original Message----- From: luke levis [mailto:luke.levis@xxxxxxxxxx] Sent: Wednesday, August 11, 2004 11:47 AM To: [ExchangeList] Subject: [exchangelist] can't send to yahoo.com http://www.MSExchange.org/ we recently upgraded our network to active directory and are running windows 2003 server with Exchange server 2003 and for some reason now everytime someone tries to send to and addres @yahoo.com they get and NDR, and in our previous environment we had no restrictions on who you could send it to.. and I am about 2 weeks into using E2k3 so I might as well have a blind fold on.. any help is appreciated Luke ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this MSEXchange.org Discussion List as: luke.levis@xxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Report abuse to listadmin@xxxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this MSEXchange.org Discussion List as: mark@xxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Report abuse to listadmin@xxxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this MSEXchange.org Discussion List as: luke.levis@xxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Report abuse to listadmin@xxxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this MSEXchange.org Discussion List as: glara@xxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Report abuse to listadmin@xxxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this MSEXchange.org Discussion List as: luke.levis@xxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Report abuse to listadmin@xxxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this MSEXchange.org Discussion List as: al.mulnick@xxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Report abuse to listadmin@xxxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this MSEXchange.org Discussion List as: glara@xxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Report abuse to listadmin@xxxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this MSEXchange.org Discussion List as: al.mulnick@xxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Report abuse to listadmin@xxxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this MSEXchange.org Discussion List as: glara@xxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Report abuse to listadmin@xxxxxxxxxxxxxx