Differences between version 4 and predecessor to the previous major change of SMTPBestPractices.
Other diffs: Previous Revision, Previous Author, or view the Annotated Edit History
| Newer page: | version 4 | Last edited on Tuesday, November 23, 2004 2:28:10 pm | by DanielLawson | Revert |
| Older page: | version 1 | Last edited on Sunday, August 22, 2004 2:34:48 pm | by PerryLorier | Revert |
@@ -16,11 +16,15 @@
Try not to put your mail server in what people might consider a "dynamic IP" range.
Make sure that you are not using a [CNAME] to deliver to. For example mail to "foo@fishbowl.example.com" will not work if "fishbowl.example.com" is a [CNAME] to some other machine.
-Don't set an [MX] to point to an IP address! It won't work. MX's must point to a record which contains an A RR. Not a [CNAME], not anything else.
+Don't set an [MX] to point to an IP address! It won't work. MX's must point to a record which contains an A or an AAAA
RR. Not a [CNAME], not anything else.
Make sure that the reverse lookup of your outgoing mailserver exists, make sure has a matching forward record, and where possible, make sure that your [HELO]/[EHLO] name matches the reverse. Note, that this usually doesn't match the name of the domain you want to recieve mail for.
+
+Don't use _ in your domain name for mail, in your HELO/EHLO or 250 server greeting. Mail will get dropped.
+
+Make sure you send mail from a domain that exists, and has at least an A/AAAA or MX record. If you use an internal email domain that doesn't actually exist, and mail from this internal domain somehow gets onto the Internet, you will lose mail.
Use http://dnsreport.com/ to verify that your DNS is in good healthy working order.
Attempt to publish a [SPF] record for your domain.
@@ -31,12 +35,16 @@
Be aware that spammers regularly send to secondary [MX]'s directly to avoid aggressive [RBL] checks on the primary mailserver. This can be exploited by having a secondary [MX] that always returns a 400 series code (temporary failure), or is __stricter__ with it's [RBL] checks. Another trick is to list your primary mx again as the highest number mx (so that spammers hit that one first)
Regularly check that your backup [MX] still correctly relays, you won't notice a backup [MX] rejecting mail until the first time your primary goes down and all your mail is immediately bounced (not retried later).
-
+!!!Mail accounts
+Make sure you have a postmaster@ and abuse@ email addresses that have the least number of filters (spam, virus etc) on them. If your machine is broken then people may try to send you mail explaining the issue so you can fix it. If people can't email you because you treat all mail from their machine as invalid, they won't be able to contact you.
!!!Virus and spam filtering
TODO
+
+!!!Misc
+Try to run an ident server on your mail server. Several mail servers still try to check ident by default. If you don't have ident enabled, then make sure you don't just drop packets to the ident port, or you will cause other mail servers to wait for a time out before they let you send any email, thus slowing everything down.
----
CategoryBestPractices
