Question

Locked

SMTP Auth and relay blocking

By ivandd ·
Hi all

I have a theory question related to the following scenario on spam control.

My email is eg: body@somebody.com my smtp server is not on this domain but somewhere else on the internet e.g. smtp.elsewhere.com. I smtp auth to this server to send mail. When the receiving server gets the mail it does a reverse query on body@somebody.com to smtp.elsewhere.com if the receiving server does not get on acknowledgement that somebody.com can send mail from smtp.elsewhere.com then the mail is rejected but this normally does not happen.

The question:
How does smtp.elsewhere.com store a sender address to answer reverse queries when the sender don't exist on managed domains.
Or am I miss understanding how reverse smtp checks work.

Hope someone can answer or direct me to a document to explain.

Thanks
Ivan

This conversation is currently closed to new comments.

4 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Answers

Collapse -

mx record

by Triathlete1981 In reply to SMTP Auth and relay block ...

it's in the mx record. if the mx record says smtp.elsewhere.com is the legit server for somebody.com, than all's good. otherwise, if i'm spoofing a somebody.com address, trying to send from smtp1.elsewhere.com, it won't go.

does that make sense?

Collapse -

SMTP

by Nimmo In reply to SMTP Auth and relay block ...

When you send email it contains a header field which along with other bits of infomation it contains the senders IP address.

If for example you have an exchange box (mymail.com.au) and it is using your ISP's server to route email (myisp.com.au) then the receiving host (xxx.com)

when the recipitant(xxx.com) receives email will do a reverse lookup and find that the IP address (mymail.com.au) it is resolving doesn't match the domain to which the email came from (myisp.com.au).

I have found that some *nix boxes that use certian firewalls (sorry can't remember of the top of my head which ones) really hate this kind of setup and to fix the issue you will need to have your mail server use DNS to do the routing, instead of having mail forwarded to your ISP's mail servers.

(you'd be pretty hard up trying to tell and administrator to change his setting to allow your email to get through, considering it is only your mail bouncing LOL).

Collapse -

Reverse Query (PTR)

by Churdoo In reply to SMTP Auth and relay block ...

Reverse query is taking an IP address and querying for the hostname registered to that IP. For a successful reverse query, a PTR record must exist in the zone for the IP address.

When SMTP servers communicate, they exchange their hostnames. A receiving mail server may do a reverse query of the connected server's IP address to see if the resultant PTR record matches the name the server says it is. This does not necessarily mean that the server is authorized to send email for somebody.com, it's just a check to see if the server is who it says it is.

There are several sites where you can do a reverse query manually for your own learning and information. I like to go to http://arin.net and enter an IP in the whois search box.

So to answer your example question, smtp.elsewhere.com doesn't answer any reverse queries. As an email message traverses the SMTP servers along its path, each one adds its info to the headers of the email, and the receiving servers use common resources like PTR lookups and/or SPF lookups and/or DNS Blacklists to try to validate the server or servers that the email has passed through.

I don't have a link for one site that explains the various checks and current best practices for SMTP and SPAM control, but hopefully another poster knows a good link.

Hope this helps.

Back to Networks Forum
4 total posts (Page 1 of 1)  

Related Discussions

Related Forums