Subj : Fwd: Re: [Weasel] 450 Errors In Weasel Pro To : robert wolfe From : mark lewis Date : Tue Mar 17 2015 17:55:06 * Forwarded (from: personal) by mark lewis using timEd/2 1.10.y2k+. * Originally from waldo kitty (1:3634/1000) to mark lewis (1:3634/12). * Original dated: Tue Mar 17, 13:24 -------- Forwarded Message -------- Subject: Re: [Weasel] 450 Errors In Weasel Pro Date: Mon, 16 Mar 2015 19:14:23 +1100 From: Peter Moylan Reply-To: weasel-list@os2voice.org To: weasel-list@os2voice.org On 16/03/15 16:46, Steven Levine wrote: > In <550664ED.9020001@pmoylan.org>, on 03/16/15 > at 04:06 PM, Peter Moylan said: > > Hi Peter, > >> The "return path not verifiable" usually means that the receiving server >> is trying to check that the claimed sender's address is a genuine mail >> account. Typically it does this by starting a "send mail" transaction to >> the address named in the MAIL FROM command, but aborting it before >> actually sending anything. If this attempt fails, it concludes that the >> send in the MAIL FROM command is a fake. > > Is this still true for a significant number of today's MTAs? I was under > the impression that these days most use SPF or one of its successors. I don't know how common each method is, but the wording "return path not verifiable" seems to me to point to a test of the return path rather than an SPF check. >> In this case, though, it appears to be checking the _recipient's_ >> address (robert.wolfe@winserver.us), and discovering that winserver.us >> will not accept mail for robert.wolfe. > > I don't read it this way. As I read the logs, it is the comcast > mailserver that is rejecting the MAIL FROM with a 450. > > Reading between the lines, the MAIL FROM is foo@os2bbs.org and the RCPT TO > is robert.wolfe@winserver.us. Thanks, I missed seeing that. In that case I think I know what the problem is -- see below. >> Maybe we need to see a longer section of the log to work this out. > > We also need to know what the senders MX record looks like. If we assume > that mail.os2bbs.org is the mx then the reject make sense if the comcast > mail server does SPF validation. Here's the problem, as I see it: [D:\Dev4\NumAnaly]nslookup -type=MX os2bbs.org Server: RTA1046VW.home Address: 192.168.1.1 Non-authoritative answer: os2bbs.org preference = 0, mail exchanger = mail.os2bbs.org Authoritative answers can be found from: mail.os2bbs.org internet address = 50.194.33.5 [D:\Dev4\NumAnaly]nslookup 50.194.33.15 Server: RTA1046VW.home Address: 192.168.1.1 Name: 50-194-33-15-static.hfc.comcastbusiness.net Address: 50.194.33.15 The problem is that the hostname 50-194-33-15-static.hfc.comcastbusiness.net does not match os2bbs.org. I used to run into similar problems before I configured Weasel to use my ISP's mail server as a backup relay. There are two possible solutions: (a) Convince comcastbusiness.net to put something into their nameserver to map 50.194.33.15 to os2bbs.org. Some ISPs will do this for you. Others will charge you for a static IP address but not follow through on the nameserver implications. (b) Configure Weasel to use a relay server as backup, to handle the mail that is rejected because of the reverse DNS lookup problem. -- Peter Moylan peter@pmoylan.org http://www.pmoylan.org -- This email was Anti Virus checked by Astaro Security Gateway. http://www.astaro.com ----------- To unsubscribe yourself from this list, send the following message to MajorMajor@os2voice.org unsubscribe weasel-list end -- This email was Anti Virus checked by Astaro Security Gateway. http://www.astaro.com * Origin: (1:3634/12) .