[Cialug] Administrivia

Nicolai nicolai-cialug at chocolatine.org
Fri Apr 8 21:14:03 CDT 2011 

Hello all,

This is a long message but you can skip over it if the following items
don't apply to you:

1. Forward-confirmed reverse DNS for your mailserver, which will soon be
required for sending mail to cialug.org.  (Let me know if this applies
to you!)

2. A description of small changes I've made to the cialug.org mail config.

3. Posts from non-subscriber addresses.  (Let me know if you do!)

First, I want to remind folks that they will soon need to have proper
DNS records for machines sending mail to cialug.org.

Who this mainly applies to: people who run their own mail servers.  It
should not affect many people.

This requirement will apply only to DNS records, not to your mail server
config.  And if you don't run your own mail server, it's exceedingly
unlikely this applies to you at all.

What this entails:

This means having matching PTR and A records, also known as
Forward-confirmed reverse DNS.  See:

https://secure.wikimedia.org/wikipedia/en/wiki/Forward-confirmed_reverse_DNS

For example, your trusty cialug.org server sits on 67.224.64.36, which
resolves to mail.cialug.org, which in turn resolves to 67.224.64.36.  A
perfect match.  The great majority of spamcannons lack matching DNS
records, and virtually all legitimate mailservers have them.  And any
legit server should be able to get them, if they don't already.

How to verify if your mail server has matching DNS records:

1. Find its (public, if necessary) IP address.
2. Resolve it via the command dig -x <ip>, ie,

   dig -x 67.224.64.36

3. Resolve the hostname you got from step #2, if applicable, via
dig <hostname>, ie,

   dig mail.cialug.org

If the records match, you're good to go.

However if you get NXDOMAIN for either query, or if the records don't
match, you'll need to talk to your ISP.  Explain that you need
Forward-confirmed reverse DNS to talk to cialug.org, as described in RFC
1912, specifically section 2.1:

  "Every Internet-reachable host should have a name.  The consequences
   of this are becoming more and more obvious.  Many services available
   on the Internet will not talk to you if you aren't correctly
   registered in the DNS.  Make sure your PTR and A records match.  For
   every IP address, there should be a matching PTR record in the
   in-addr.arpa domain."

If you don't know if this applies to you, send me a private mail with
your mail server's IP address and I'd be happy to check for you.


SECOND, Postfix is now using sbl-xbl.spamhaus.org and is blocking
significant amounts of spam.  (Including messages from the forged bryan@
botnet of recent fame.)  We don't see this spam on the list but the list
admins get copies of it in our mailboxes and have to wade through it
while maintaining mailman.  Currently it's 50 - 100 spam messages a day,
every day, and would presumably grow much larger as spam levels return
to normal after post-Rustock botnet spam levels normalize.

Third, I would prefer to simply discard all non-subscriber posts.  Does
anyone actually post from a non-subscriber address?

Nicolai

More information about the Cialug mailing list