请教如何解决向国外发送邮件被退回的PTR记录问题

scorte

另外要请教如何解决向国外发送邮件被退回的PTR记录问题
----- The following addresses had permanent fatal errors ----- <drfuch@st.net>

  ----- Transcript of session follows ----- .. while talking to mx1.comcast.net <<< 554 IMTA12.westchester.pa.mail.comcast.net comcast 121.**.**7.211 Comcast requires that all mail servers must have a PTR record with a valid Reverse DNS entry. Currently your mail server does not fill that requirement. For more information, refer to: http://www.comcast.net/help/faq/ ... ityMail_Policy18784
.. connection error: connection reset by peer/timeout

dirone

需要为你的IP做rDNS

scorte

rDNS？
我问过电信的，需要200元/月
有没有其他方法?

dirone

没,这是必须的 , 你连接的SMTP服务器需要提供rDNS

scorte

查了一下
钉子有篇文章
不过不知道具体如何操作
http://blog.5dmail.net/user1/1/20072323115.html
============================================
关于反向解析的一种可能的变通方法
钉子 发表于 2007-2-3 23:11:05

      世风日下，垃圾邮件的泛滥，各种反垃圾邮件的技术相继提出。而域名反向解析(RDNS)是最常见一种，现在要需要检查IP反向解析(PTR)记录的邮件服务器越来越多，尤其是国外的邮件服务器，很多时候被对方拒绝中继或不能发送被退信，都是因为没有反向解析造成的。比如Sina的以下错误代码：
错误代码：450 4.7.1 Client host rejected: cannot find your hostname [IP ]
错误原因：对方服务器未设置反向解析

      但是因为种种原因，比如反向解析收费太高，ISP根本不提供反向解析，甚至于ISP根本就不知道什么是反向解析。。很多邮件系统管理员没有办法做好PRT记录。怎么办？ 好了，这就是今天的重点，今天，我们提出一个可能的变通方式，请大家去测试，其实很简单，就一句话说完：将邮件系统的HELO域设定为你需要提供的PRT记录。比如你的IP是211.12.123.2，可以尝试将HELO域设定为如下格式：
2.123.12.211.in-addr.arpa

      这种方法叫做IP反向解析欺骗。有一些垃圾邮发送者使用了这种方式，据说可以逃过大多数的IP反向解析检查。当然，这不是全能的方法，只是在万不得已的情况下尝试，因为根据RFC821标准及RFC1035标准的规定，这样的HELO域并不规范（正常的HELO域正确无误的域名A记录），如果像Sina一样的策略，需要同时符合RFC821标准及RFC1035标准，并对IP反向解析和HELO信息进行检查。

备注：
既然写了就借这个机会，针对很多网友问到的反向解析相关的问题总结一下，关于反向解析的常见问题：

问题1.什么是域名反向解析:
答：其实作过DNS服务器的朋友一定会知道DNS服务器里有两个区域，即“正向查找区域”和“反向查找区域”，反向查找区域即是这里所说的IP反向解析，它的作用就是通过查询IP地址的PTR记录来得到该IP地址指向的域名，当然，要成功得到域名就必需要有该IP地址的PTR记录。

问题2.如何做反向解析:
答： 一句话，就是找你的上网线路(固定IP)提供商(ISP)，比如：中国电信，中国网通，中国联通等。这里有一个误区，很多管理员都以为是找域名注册商。其实这是错误的，因为他们IP反向解析，所以需要找提供IP给你的部门，当然，如查你有整个C段IP除外。将你的固定IP指向到你使用的邮件服务器的域名A 记录。生成形如如下的记录：
2.123.12.211.in-addr.arpa

问题3.如何查询反向解析记录：
答：一般我们可以通过以下两种方法：
A.可以直接使用nslookup命令来查询PRT记录，如：
nslookup -qt=prt 211.12.123.2 （替换成你的IP）

B.可以使用dnsstuff.com网站查询，如：
http://www.dnsstuff.com/tools/ptr.ch?ip=211.12.123.2 (替换成你的IP)

问题4：反向解析需要收费吗？
答：这个根据当地的ISP而定，据我自己的了解，有免费的，也有收费的，而且费用不定。一般是按年或是按月的收费方式。

问题5：我是做企业邮箱的服务商，我的邮件服务器为很多域名提供了邮箱服务，使用的是同一个IP,我需要为每一个域建一个PRT吗？
答：一般只需要针对主域（EHLO域）进行反向解析就可以了。

问题6：动态IP可以做反解解析吗？
答：不能。

dennishan

可以用中继服务

scorte

原帖由 dennishan 于 2007-11-26 09:23 发表
可以用中继服务

请教如何设置？？？
我附上图
请指点

dennishan

一般用发不通走中继方式最佳，
先选择第一个图的使用中继服务，输入下列格式：<username>:<password>@<MyISPhostname>
然后再勾选，发不出去尝试中继，最后再将前面的使用中继服务变更为按DNS查询。
按路由转发每个域必须手工添加，不建议。

scorte

原帖由 dennishan 于 2007-11-26 21:18 发表
一般用发不通走中继方式最佳，
先选择第一个图的使用中继服务，输入下列格式：
然后再勾选，发不出去尝试中继，最后再将前面的使用中继服务变更为按DNS查询。
按路由转发每个域必须手工添加，不建议。

<username>:<password>@<MyISPhostname>
username和password是本地邮箱的帐户？？？如果是，那么我有很多用户岂不是要一一指定
MYISPhostname呢？我的是电信的
请解析一下
谢谢

[ 本帖最后由 scorte 于 2007-11-26 23:10 编辑 ]

scorte

根据提示google了一下
查到了Merak中的说明：

http://support.icewarp.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=513

Relay if direct delivery fails, redirecting to some destinations if you can’t connect to them via another SMTP (Routing)

Nowadays , unfortunately, it is not rare for a remote system to reject emails from you. If you check the SMTP logs, you will not that right after you connect to a remote system to send an e-mail, you are disconnected, which usually indicates the remote system is blocking your IP. Other times, your server’s IP might be listed on some DNSBL. There are even systems that block emails from an entire country, based on their IP.

Merak has two options which are very useful. First of all, it's important to note that Merak is usually set up to send out mail using DNS lookups (Use DNS Lookup), as see in screen below:

SMTP service -> General -> Use DNS lookup

This means that Merak will query the DNS servers specific in System/Internet connection to find out remote system’s MX and connect to it directly, to send outbound mail.

If you are using this method, but your ISP is blocked at a specific destination, you can route all emails to that specific destination/domain through another SMTP server, which has a different outgoing IP. This is done with an option called Routing, found in Mail Service/SMTP Service/Routing, as seen below:

Mail service -> SMTP service -> Routing

The best way to set up SMTP routing is by clicking on the Edit file button, so you are editing the configuration file directly with notepad. On the top part of the Window, you should see comments and a comment button, so you can show/hide comments. Note the included examples.

If you want to route all emails destined to @aol.com via another SMTP server (let’s say relay.isp.com), the syntax is:

aol.com=%%alias%%@aol.com;;relay.isp.com

If you want to redirect all emails to yahoo.com via SMTP server relay.isp.com, just change the line shown above, replacing the 2 places where aol.com appears with yahoo.com.

Note that, for this to work, relay.isp.com must be set to accept message relaying for your main server’s IP (which is sending out mail using relay.isp.com for this specific domain only). If it’s a Merak at relay.isp.com, it has to have the main Merak’s IP in Mail Service/Security/Trusted IPs.

An alternative is to use SMTP AUTH, so you can basically send out mail using any account that you have on an ISP, for example, that accepts SMTP authentication. The syntax is as follows if your ISP requires you to authenticate with just your username (what is to the left of the @ sign):

company.com=%%alias%%@company.com;;user:pwd@relay.isp.com

If your authentication is done with full email, the syntax is:
company.com=%%alias%%@company.com;;username%domain.com:passwd@relay.isp.com

After you do the changes described above, be sure to restart the SMTP service (System/Service) and check your SMTP logs to be sure emails to these destinations are being relayed correctly.

Another nice option in Merak is the possibility to try to send all messages that were not successfully sent by your main mail server, through another SMTP server. To use this option, in Mail Service/SMTP Service/General, keep the radio button Use DNS lookup active, however, fill out an alternative mail server in the Use relay server field and mark the checkbox “Deliver messages via relay server when direct delivery fails”.

This means that all messages which couldn’t be sent by your main server, such as mailbox full at destination, account doesn’t exist or blocked on a DNSBL, are sent to the relay server, so it can try.

In this field, you can specify an IP, however, it must that IP/relay server must be set to accept connections/relaying from your Merak. You can also SMTP AUTH. The syntax if you want to SMTP AUTH with just your username is:
<username>:<password>@<MyISPhostname>

So, for example: joe:password@smtp.isp.com

If you need to SMTP AUTH with your full email, the syntax is:

<username%domain.com>:<password>@<MyISPhostname>


So, for example: joe%domain.com:password@smtp.isp.com

If the syntax above does not work, replace the % after word username with a @.

Check your SMTP logs and CLICK HERE *** (link to other FAQ about how to detect spammer attack using demo accounts, etc) to understand how SMTP authentication works and how to decode it.

After doing these changes, restart your SMTP service and be sure to check your logs and your relay server’s logs, to be sure messages are being sent our correctly.

KB2007220606

试试先