postfix/mail: server blacklisted -- what have I done wrong?

Fri Mar 24 19:29:41 UTC 2006

Hi Robert, thanks for the mail, responses inline:

On Fri, 2006-03-24 at 18:55 +0000, Robert Slade wrote:
> On Fri, 2006-03-24 at 11:03 -0500, Matt Price wrote: 
> > On Fri, 2006-03-24 at 16:37 +0100, Lea Gris wrote:
> > > Matt Price a écrit :
> > > > Hi folks,
> > > > 
> > > > On a very small server running postfix and apache under breezy, I seem
> > > > to have gotten into some kind of trouble.  A mail sent this morning from
> > > > the system was bounced back from gmx.de with the following message:
> > > > 
> > > > host mx0.gmx.net[213.165.64.100] said: 550-5.7.1 {mx016}
> > > >     The IP address of the server you are using to connect to GMX is
> > > > listed in
> > > >     550-5.7.1 the Composite Blocking List (CBL). 550-5.7.1  550-5.7.1For
> > > >     additional information, please visit 550-5.7.1
> > > >     http://cbl.abuseat.org/lookup.cgi?ip=128.100.34.8  and 550 5.7.1 (
> > > >     http://www.gmx.net/serverrules ) (in reply to RCPT TO command)
> > > > 
> > > > -----------------
> > > > so, I followed the link, which ultimately led me to this page about HELO
> > > > misconfiguration:
> > > > http://cbl.abuseat.org/lh.html
> > > > 
> > > > Still wish I knew what "HELO" was about, but at least it helps.
> > > > Turns out that I I had been having some trouble in the last few weeks
> > > > with rejected mail complaining about "localhost.localdomain".  Finally
> > > > fixed it a few days ago by editing /etc/postfix/main.cf 
> > > > ----
> > > > # myhostname = localhost.localdomain
> > > > myhostname = a.legitimate.domain.name
> > > > ----
> > > > 
> > > > so a couple of questions follow for me:
> > > > 
> > > > 1 - is this the likely cause of the problem?  THat is, have I already
> > > > fixed a problem that has only just now arisen?
> > > > 2 - If localhost.localdomain is ALWAYS a broken value for myaddress, how
> > > > does it come about that this is even a configuration option?  SHould I
> > > > for instance file a bug?
> > > 
> > > not a bug.
> > > 
> > > The right thing to do is configure a Postfix RelayHost to your Internet
> > > Provider smtp relay such as smtp.myprovider.tld
> > > 
> > > or
> > > 
> > > edit
> > > /etc/postfix/main.cf
> > > relayhost = smtp.whateveryourispmailrelayis.tld
> > > 
> > 
> > in my case there is no relay, so I use an address which has been
> > assigned to this machine (which is directly visible on the internet --
> > an unusual situation I know).  I'm hoping this is the right solution.  
> > 
> > What I still don't understand is, under what circumstances is
> > localhost.localdomain actually a permissible setting?
> > 
> > matt
> > > 
> > > -- 
> > > Léa Gris
> 
> Matt,
> 
> 
> Running a mail server is not an easy job. Unless you are conversant with
> what responsibilities you are taking on then you shouldn't do it. In
> particular there is the issue of spammers using it to send out their
> payloads, worms, fraud attempts etc
> 

sure.  though it's also the case that until dapper postfix was part of
the default ubuntu install and sendmail (postfix) still is the only way
to use e.g. mutt to send mail.  So I guess it would be good if the
config questions for postfix helped along the competent-but-inexpert
user a bit more -- which I guess is why I suppose the
loclahost.localdomain default setting seems like a bad idea.  

> Let me try and answer the questions you posed and some you should have
> asked.
> 
> A HELO is what a mail server uses to identify itself if you look at the
> header of a mail you sent to this list you will see:
> 
> pc08.hist.utoronto.ca ([128.100.34.8] helo=www.racesci.org)
> 
> sent the mail now there is a couple of things still wrong with this:
> 
> 1. www says that there should be a web server at 128.100.34.8, but the
> dns entry for that IP is pc08.hist.utoronto.ca which I guess is the name
> allocated to your machine by your ISP. You should get the reverse DNS to
> point to the same name. Some ISPs will not accept mail from mail servers
> whoes DNS entries don't match. 
> 

ok.  sounds like a rather stringent requirement as of course various
addresses can point to the same machine, but since this header isn't
user-directed I suppose it doesn't matter much.

> 2. The mail records for racesci.org say your mail should be handled by
> racesci.org not www.raceci.org which indicates a misconfiguration - you
> could use www.racesci.org.

or alternatively I suppose I could just reconfigure postfix to send out
a helo of "racesci.org" (as these are all the same machine)?  But in any
case you suggested above the HELO should say pc08.hist.utoronto.ca, so
sounds like that's a better solution.  

> 
> 3. Are you sure that your server is secure? That is not an open relay so
> it will send on mail from any address? 

yes, that at least I know, and the dpkg conf questions are somewhat
clearer on this point.  
> 
> 4. Lea suggested that you use a relay to send your mail. This is your
> ISPs mail server are you sure they do not run one?
> 

they do run one but it actually has lots of difficulties, including
substantial delays and pretty frequent breakdowns, so since I'm on a
fixed, exposed address it is not obvious to me that I shouldn't run my
own, despite your helpful concerns.  Surely it should be possible to run
a simple mailserver without being a mail expert -- or is that the
veritable expert's nightmare?

> 5. the localhost.localdomain is a default setting it means that you have
> not set the name & domain on  your ubuntu box and when postfix was
> configured it looked up the name and domain etc it got localhost etc.
> 
in fact of course I did set it up during the default install, but the
installer generated the following line in /etc/hosts:
127.0.0.1 localhost.localdomain localhost www.racesci.org

which perhaps should be rewritten to:
127.0.0.1 www.racesci.org localhost localhost.localdomain

> 6. One further though have you set your firewall correctly? the
> questions you are asking are so naive that they makes me think that the
> setup of your machine is not as it should be.
> 

well, I hope so.  I guess one is never sure.  

> I suggest that you really need to do some reading up on mail servers
> etc, they can get you thrown off the Internet by your ISP.
> 
> Sorry to sound so negative but your mail worried me.
> 

it's cool, I can understand why.  It's true I know very little about
this. 
Matt