[Mailman-Users] New To Mailman
Stephen J. Turnbull
stephen at xemacs.org
Sun Aug 10 10:09:23 CEST 2014
Anthony (N2KI) writes:
> That is what I am currently doing with IS Mail. In order for the messages
> to be sent, IS Mail logs into my account and then sends the mail. I
> believe the problem could be related but not limited to reverse DNS
> authentication. My Ip resolves to my domain name via DYNDNS. I also have
> an MX record as well as a TXT record that is set to allow my domain to send
> email through my ISP account.
As with Mark and Carl, I think you are running into receiving domains
that are willing to do things to reduce spam received at even fairly
high cost in reliable delivery of desired mail. Specifically, they
are rejecting or discarding mail that is not authenticated merely
because of the lack of authentication.
The basic configuration should have an MX record that points to a host
with an A record (not a CNAME), and a PTR record that also points to
the same name as the A record. It sounds like you have that at the
ISP. Note that if your MX record points to the ISP, and all your mail
in and out goes through the ISP, it probably doesn't much matter (for
mail!) what your own host's DNS configuration is.
Now, I'm not sure what you mean by a TXT record. Perhaps it's SPF,
looking something like this:
example.com. TXT "v=spf1 +mx a:colo.example.com/28 -all"
(the "v=spf1" is what makes it SPF). For more about SPF TXT records,
see http://tools.ietf.org/html/rfc7208#section-3. (I don't recommend
reading the whole thing, if you're not familiar with RFC-ese already.)
If not, you should publish one. However, SPF only solves a minority
of authentication problems. Also, your SPF record should specify your
ISP's MX, as well as your own domain.
You should also sign outgoing messages according to the DKIM
protocol. This requires creating keypairs, and publishing them in the
DNS. I'm not comfortable trying to explain how this is done in an
email, though. You should ask your ISP if they do this/can do this
for you.
Finally, you should ensure that the DKIM-signed mail is never altered
in any way once signed. If your ISP provides SPF for itself and
DKIM-signs the mail for you, this condition is satisfied.
More information about the Mailman-Users
mailing list