Qmail will send to Earthlink but not AOL or Hotmail 1

[robmainella]

My Qmail will not send to some domains but will send to others. At first I wasn't able to send at all, after patching dns.c I was only able to send to Earthlink/Mindspring accounts, but I cannot send to AOL, Hotmail, Comcast, etc...

my log shows the error:
Sorry,_I_wasn't_able_to_establish_an_SMTP_connection._(#4.4.1)

I'm not sure if it makes a difference, but my ISP is Earthlink

 

[thedaver]

Sounds like you either have a DNS problem (nothing outside of Earthlink), you have an smtproutes file that is doing something you don't expect, or you are trying to use a banned IP. Most likely the first two at this point.

Can you use "dig MX aol.com" from your command line? What do you get?

Also, check if you have a file
/var/qmail/control/smtproutes

If so, post it's contents here.

Hosting Solutions for Home or Business.

http://www.surfinbox.com/hosting/

 

[robmainella]

When I dig MX aol.com I get the following:


; <<>> DiG 9.2.1 <<>> MX aol.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37628
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 4, ADDITIONAL: 18

;; QUESTION SECTION:
;aol.com. IN MX

;; ANSWER SECTION:
aol.com. 314 IN MX 15 mailin-01.mx.aol.com.
aol.com. 314 IN MX 15 mailin-02.mx.aol.com.
aol.com. 314 IN MX 15 mailin-03.mx.aol.com.
aol.com. 314 IN MX 15 mailin-04.mx.aol.com.

;; AUTHORITY SECTION:
aol.com. 314 IN NS dns-07.ns.aol.com.
aol.com. 314 IN NS dns-01.ns.aol.com.
aol.com. 314 IN NS dns-02.ns.aol.com.
aol.com. 314 IN NS dns-06.ns.aol.com.

;; ADDITIONAL SECTION:
mailin-01.mx.aol.com. 244 IN A 205.188.159.57
mailin-01.mx.aol.com. 244 IN A 64.12.137.89
mailin-01.mx.aol.com. 244 IN A 64.12.138.57
mailin-01.mx.aol.com. 244 IN A 205.188.156.185
mailin-02.mx.aol.com. 106 IN A 64.12.138.89
mailin-02.mx.aol.com. 106 IN A 205.188.156.249
mailin-02.mx.aol.com. 106 IN A 205.188.159.217
mailin-02.mx.aol.com. 106 IN A 64.12.137.121
mailin-03.mx.aol.com. 87 IN A 64.12.137.152
mailin-03.mx.aol.com. 87 IN A 64.12.137.249
mailin-03.mx.aol.com. 87 IN A 64.12.138.120
mailin-03.mx.aol.com. 87 IN A 205.188.158.121
mailin-04.mx.aol.com. 87 IN A 64.12.138.152
mailin-04.mx.aol.com. 87 IN A 64.12.138.185
mailin-04.mx.aol.com. 87 IN A 205.188.157.25
mailin-04.mx.aol.com. 87 IN A 64.12.137.184
dns-01.ns.aol.com. 991 IN A 152.163.159.232
dns-02.ns.aol.com. 17573 IN A 205.188.157.232

;; Query time: 22 msec
;; SERVER: 207.69.188.187#53(207.69.188.187)
;; WHEN: Sun Dec 12 09:21:43 2004
;; MSG SIZE rcvd: 507


I dont't have a file /var/qmail/control/smtproutes

Thanks for your Help,
Rob

 

[thedaver]

What happens if you do
"telnet mailin-02.mx.aol.com 25"

When I do it I from my home DSL get this...
"Trying 205.188.159.217...
Connected to yh.mx.aol.com.
Escape character is '^]'.
554- (RTR:BB)

http://postmaster.info.aol.com/errors/554rtrbb.html

554- AOL does not accept e-mail transactions from dynamic or residential
554- IP addresses.
554 Connecting IP: 68.22.195.145
Connection closed by foreign host."

When I try it from my "legitimate" server IP, I get this.
"Trying 64.12.138.89...
Connected to mailin-02.mx.aol.com.
Escape character is '^]'.
220-rly-xl04.mx.aol.com ESMTP mail_relay_in-xl4.10; Sun, 12 Dec 2004 21:30:51 -0500
220-America Online (AOL) and its affiliated companies do not
220- authorize the use of its proprietary computers and computer
220- networks to accept, transmit, or distribute unsolicited bulk
220- e-mail sent from the internet. Effective immediately: AOL
220- may no longer accept connections from IP addresses which
220 have no reverse-DNS (PTR record) assigned."

This tells me that AOL has gotten strict and that my initial third option of you running from a "banned" IP address is more accurate.






Hosting Solutions for Home or Business.

http://www.surfinbox.com/hosting/

 

[robmainella]

When I try to telnet to aol's mail server i get

telnet mailin-02.mx.aol.com 25
Trying 64.12.137.121...
telnet: connect to address 64.12.137.121: No route to host
Trying 64.12.138.89...
telnet: connect to address 64.12.138.89: No route to host
Trying 205.188.156.249...
telnet: connect to address 205.188.156.249: No route to host
Trying 205.188.159.217...
telnet: connect to address 205.188.159.217: No route to host

I would assume my IP address would be considered a residential IP although it is a static address and the domain name is registered properly so how can AOL tell the difference.

If I need to set up a PTR record in my DNS how do I go about that?

Thanks again

 

[thedaver]

No route to host means that you have something wrong in your routing tables. I wouldn't be surprised if you were blocked on port 25 by your ISP

Hosting Solutions for Home or Business.

http://www.surfinbox.com/hosting/

 

[robmainella]

Thanks, your right, my ISP is blocking port 25. Is there an addon for qmail that will allow mail to be sent through an external mail server (like "smart host" in sendmail) using authentication? I didn't see anything on the qmail web site, do you know of anything that might help?

 

[thedaver]

Yes, that's basic relaying out. You'll need to insert an "smtproutes" file into /var/qmail/control

The language in that file says how to deliver to 0.0.0.0 IPs via another host.

This works out of the box using IP trust on the other host. Meaning, the other SMTP relay would trust your qmail by its IP address alone and wouldn't require authentication - which requires a patch at the very least.

The largest problem you have is that this still requires an outbound connection on port 25 which is still blocked.

You can, luckily, change the port you are contacting as well in the smtproutes file:

http://www.die.net/doc/linux/man/man8/qmail-remote.8.html

NOW, the only problem you have is configuring the "other guy" to listen on another port, probably a high port to avoid any further messiness with your ISP. qmail can be taught to do that via the /var/qmail/supervise/qmail-smtpd/run file by using tcpserver to bind qmail-smtpd to another port. But that assumes that your other host is running qmail and that you have the privileges to make the change.

Of course, more simply, you could petition your ISP to cut you some slack and open port 25 to avoid all this crap.




Hosting Solutions for Home or Business.

http://www.surfinbox.com/hosting/