There are several email servers refusing connections of clients with public dynamic IP addresses. For example many smtp servers receiving emails only accept connections to clients having static IP adresses to avoid spam emails which are directly sent from computers having dynamic IP addresses.
When I looked for answers using google I only found information saying it is impossible to distinguish between static/dynamic addresses. So how do the email servers do it? Are there any databases providing information for specific IP ranges?
Have a look at the MX records of t-online.de (one of the largest German email providers). Try to connect to mx00.t-online.de:25 using Putty (raw mode) on a computer having a dynamic IP address. The mail server immediately closes the connection and does not even allow the client to send any command, while a connection of a server having a static IP is not refused.
Or have a look at the following extract of a SMTP session:
220 mailin.rzone.de [joses mi173] ESMTP RZmta 29.19 ready
EHLO Home-PC
250-mailin.rzone.de [joses mi173] greets 87.179.163.89
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-PIPELINING
250-DELIVERBY
250-SIZE 104857600
250 HELP
MAIL FROM:<sender#example.com>
250 2.1.0 <sender#example.com> Sender ok
RCPT TO:<recipient#example.org>
550 5.7.1 87.179.163.89 is a dynamic IP
This is the email server for customers of Strato, a German hosting company, which also denies access to clients having a dynamic IP address. Email addresses have been changed. I used a recipient address which is acceptable for mailin.rzone.de, so there is no relay issue.
Also http://whatismyipaddress.com/blacklist-check states the following:
Just because the IP is listed with a particular blacklist does not
mean that you are sending spam, just that particular blacklist
suggests not to accept mail directly from that IP address. Most
residential Cable/DSL IP addresses that are dynamically assigned will
indicate that they are blacklisted, meaning you should be sending from
your ISP's mail server, not a mail server running on your own internet
connection.
This is probably the result of using a DNS blacklist based on ISP-provided information about which of their IP addresses are authorized to send email directly. See Spamhaus' Policy Block List for an example.
The information isn't independently discoverable. Participating ISPs must provide the DNSBL services with information about their network.
However, in the case of some of these lists, like Spamhaus, the information is queryable by the general public under certain conditions. You couldn't detect whether IPs are static or dynamic directly, but could still check any particular IP.
You mentioned that whatismyipaddress.com incorrectly lists your current IP address as static. Using their blacklist check tool with your IP, 87.179.190.52, I see that they currently incorrectly show it as unlisted by Spamhaus' PBL (among others). The IP I'm connecting from is both correctly described as dynamic, and listed in the PBL, hinting that that might be what they're basing their information on.
I believe those email servers you're referring to only do a reverse DNS check so as long as you have a PTR record for that IP address, I think it should be OK.
Bottom line, I don't think dynamic IP allocation is an issue with mail servers.
Regarding the question, the only way I can think of is by looking at the WHOIS information, there's a field called NetType. Obviously, you cannot rely on it but at least it can give you an idea if the ISP did provide that information.
Static/public ip addresses are listed by some ISP's as follows
123.123.123.4 static.yourisp.isfine.com
WHILE dynamic are listed:
123.123.123.5 dhcp.mx1.coldservice.com
see?
Related
I have Postfix/Devocet Email server in a US location, and I would like to create a second email server in the India region but the domain name should be XXYYZZ.COM for both the servers. In the API we are finding the user's location, based on the location I will redirect the Emails.
If the user from US/India tries to create an Email box, India user mails need to redirect to the India server and US user mails need to redirect to the US server using a single domain user1#xxyyzz.com.
Bonjour Nanda,
I understand what you are looking for and it is perfectly possible via proxying which dovecot itself can do.
All you need is extra servers which will act as proxy in front of those you use as backend (US server and India server).
Since I have not much information about your backend, I suggest you read about:
Dovecot proxy (https://doc.dovecot.org/configuration_manual/authentication/proxies/)
IMAP+POP proxying (https://wiki1.dovecot.org/HowTo/ImapProxy)
LMTP proxying (https://doc.dovecot.org/configuration_manual/protocols/lmtp_server/).
If the user from US/India tries to create an Email box
By explicitly setting a "host" attribute for each user in your passdb backend (at account creation), you should be able to redirect all requests to a specific host.
I want a geocode a street address in NodeJS, but the the google API deny the request, because of the IP address. I have dedicated IP address on my server, I generated API key used this IP address. My request looks like this:
https.get('https://maps.googleapis.com/maps/api/geocode/json?address=MY_ADDRESS&key=MY_KEY', function(response){...........});
I registered my currently public IP address of my computer just for to try the API and if I send a request from my computer it is working fine.
I found the following instruction on google developer site:"Every API request is generated by software running on a machine that you control. Per-user limits will be enforced using the address found in each request's userIp parameter, (if specified). If the userIp parameter is missing, your machine's IP address will be used instead."
Does it mean that I can add userIp parameter like this?:
https.get('https://maps.googleapis.com/maps/api/geocode/json?address=MY_ADDRESS&key=MY_KEY&userIp=MY_IP', function(response){...........});
I tried this on as well, but still not working. Has anyone an idea what I doing wrong?
Well, I think it takes some time to active the rule after you set that up.
If you are using it to test your app, you can set a server key which allow the ip 0.0.0.0/0, which in other terms, any ip address.
and I do not think you can override the request ip address. thetest you're referring to is about Per-user limits.
I am using our email server at [mydomainhere].com to send emails through a web site UI. I just used the UI to send an email from [myemail]#yahoo.com. And received an Undeliverable message at my yahoo email address.
mta1400.mail.ne1.yahoo.com rejected your message to the following e-mail addresses:
[myemail]#yahoo.com
mta1400.mail.ne1.yahoo.com gave this error:
Message not accepted for policy reasons. See http://postmaster.yahoo.com/errors/postmaster-28.html
More information can be found here:
http://www.pcworld.com/article/2141120/yahoo-email-antispoofing-policy-breaks-mailing-lists.html
Any help would be appreciated.
Yes Allan, you are correct in assuming that the anti-spoofing that Yahoo (and now AOL) have turned on is permanent. The technology they are using is called DMARC. Yahoo has published a DMARC record in their DNS:
$ dig TXT _dmarc.yahoo.com. +short
"v=DMARC1; p=reject; sp=none; pct=100; rua=mailto:dmarc-yahoo-rua#yahoo-inc.com, mailto:dmarc_y_rua#yahoo.com;"
Every mail server that supports DMARC will look up that record in Yahoo's DNS and apply Yahoo's p=reject policy. In effect, what Yahoo has done is stated to the world, "if the email does not originate from this list of IPs (SPF) or bear this crytographic signature (DKIM), then reject (p=reject) it." Since your mail server is not in their list of mail servers IPs nor are the messages signed with Yahoo's DKIM key, a substantial and growing portion of the mail servers on the internet are going to reject it or deliver it to the Spam folder (Gmail).
In addition to the SPF & DKIM checks, DMARC also introduces the concept of alignment. In addition to passing SPF checks (which apply to the Envelope Sender), DMARC requires that the domain in the messages 'From' header passes SPF. This prevents you (and bad actors) from sending messages with a header From domain of Yahoo.com and an Envelope Sender domain of attacker.com, which the recipient will never see. This alignment also extends to the DKIM signature, requiring not just that the message is signed with DKIM, but also that the dkim signature domain (d= property) matches the From header domain.
we will just have to prevent users from using their yahoo email address in the sender email field
Coding in a check for the yahoo.com domain is a hack that won't last long. AOL has already joined the thousands of domain owners with DMARC p=reject policies. They won't be the last of the Very Large Email providers to publish p=reject DMARC policies. A much safer approach is to evaluate SPF against your mail servers public IP and the domain in the users selected email address. If the SPF check fails, then choose an option:
Inform the user that their choice of domains doesn't permit 3rd party senders and they should choose another.
Alter the From header to send from a domain you control:
From: "user#yahoo.com via" <my-app#my-domain.com>
As already stated, you could define Reply-To if you wish for replies to expose the senders real email address.
Set up local usernames that forward to the sender's real email address. If you've used Craigslist, you're familiar with the idea. You maintain a mapping of local addresses and the email address they forward to.
Based on what you've said about your web application, it seems like #2 is the best fit.
I have had a similar problem with mailing lists that I maintain (e-mails with a From address something#yahoo.com bounced). I solved my problem by changing the From, Reply-to and Errors-to fields of the e-mails' headers as follows:
From: Organization name <no-reply#somedomain.org>
Reply-to: my-email-address#yahoo.com
Errors-to: my-email-address#yahoo.com
I suspect that similar changes will fix your problem.
I am a newcomer at the web part of programming and I was given a host. I uploaded a simple index.html file with one header(It is correct). If I then try to connect with the nameserver/ip (gotten with PuTTy) , I get an 404 error. I have tried many different stuff about folders , but I could not fix anything
The nameserver IP address is almost certainly not your hosting IP address. The nameserver is the server (probably owned by your host - but possibly an outsourced service) that converts the human readable domain name (such as www.domain.com) to an IP address the computer can connect to (such as 198.252.206.16 - the IP 4 address I get for www.stackoverflow.com). It acts as a giant lookup list of domain names and IP addresses, much like a telephone book or Yellow Pages.
Moreover, as your host will almost certainly be hosting many domains (tens or possibly hundreds) per server, you will need to use a domain name when attempting to connect to your web page - this will be needed for Apache or IIS to know how to route the request/which content to return to the browser. It will do this using the request header sent by the browser when requesting the page. If you are testing locally then localhost/127.0.0.1 will be good enough if you have a single site registered/single set of content in a wwwroot directory (or equivalent). Similarly a virtual server or dedicated server may well respond to requests by IP address if it is the only site/application registered on the server.
To use another real-world analogy, it is a bit like addressing an item of post to a town or village - without including the recipient name, street or house number - and then expecting it to be received and to get a response.
Some hosts provide temporary domain names for you to use before you purchase your domain name or whilst the domain name details are propagated to DNS servers around the world. This usually looks something like-
http://your-user.your-host.com/ or http://server.your-host.com/your-username/
If your host offers such a service then this should normally be detailed in their self-help pages, or the admin area where you set up the site. Clearly such a domain is not intended for "production" use, and you should purchase a domain name before using the site for anything other than testing - if only to allow you the flexibility to move to a new host in the future.
This is not a question for StackOverflow users though, and I strongly suggest you consult your host's documentation or contact them for further assistance.
I am doing a Networks course and as I was reading about SMTP I thought about the following matter:
If a user sends an email to user1#example.com, user2#example.com, user3#example.com, does it take the same amount of time to send the emails separately as it does to send it as a multi-recipient email?
Or when the first one is sent, the next two are easier to send since the connection is already established with that server? Or does the connection close immediately thus making no difference?
What about when the emails belong to different domains?
It depends on how the MTA is programmed. The SMTP protocol allows the sender to send multiple RCPT TO commands, to list all the recipients of a message, and any reasonably-designed MTA will make use of this to consolodate them.
For the multiple-domain case, your mail client will use a single connection to upload the message to its submission server. That server will then use one connection per destination domain for the recipients.