Hello first thing I would like to say is thanks for all the help and
suggestions so far, sorry for the delay in replying but I was trying to
understand all the suggestions.
I will add a few things to clarify what is actually happening.
I have a website www.pousada.com.br in Brazil. It is hosted on Godaddy
servers and also the Godaddy mail servers.
Now basicly when I send an email directly from my email address there does
not seem to be a problem.
When I send an email directly through my booking system it is getting
blocked by many spam filters, being put into Yahoo mail filter, quarentined
ect ect.
I have set up a test Pousada (bed and Breakfast) for you to try, if you do a
test booking you can see the headers ect. The Pousada is here
http://www.pousada.com.br/index.php?pid=345&user=det
I have also put together all the suggestions and I am not sure where to
start. Any help would be greatly appreciated.

Below is all the suggestions I have been given.

>> > Having an PTR like ip-72-167-52-118.ip.secureserver.net does not
>> > look like someone had the intention to run a mailrelay on.
>> >
>> > With such an PTR you will not just be blocked by
>> > UCEPROTECT-Appliances, you can expect wide delivery problems out
>> > there.
>> >
>> > So my suggestion to you is to get individual PTR's for IP's you
>> > want to use as mailservers.

> --------------
>
> Can someone help him along form here? He isn't really an email guy,
> so "PTR record" doesn't tell him how to fix things. Remember this is
> Brasil, so there may be difficulties in getting things set up
> properly. Perhaps someone from there could offer some suggestions?


The explanation you're quoting is pretty good - the mailserver is on
ip-72-167-52-118.ip.secureserver.net. which just does not look like a
mail-server.
He really needs to start by getting 'secureserver.net' to setup a
proper reverse mapping :

72.167.52.118 pointing to 'mail.pousada.com.br'.

This is also called a PTR record.

He has to contact secureserver.net in order to obtain a better PTR record.
The best one would be the one matching the name its server uses in
announcing to remotes. In example, if it announces as mx1.beb.br, then that
would be the best fq name for the PTR record.

But I believe this is not a mandatory requirement in SA, since it at most
checks for dialup and residential PTRs as well as for the contacting IP
matching the resolved MX-announced name (no PTR check here). However, many
ISP may enforce this kind of check in their AS facilities.

> It looks to me like dynamic 72.167.52.118 submitted mail to its smtp
> server 64.202.189.102. Why is that bad?
>
>


My understanding is that his server _is_ 72.167.52.118. his From
indicates pousada.com.br:
$ host -t mx pousada.com.br
pousada.com.br mail is handled by 10 mail.pousada.com.br.
$ host mail.pousada.com.br
mail.pousada.com.br has address 72.167.52.118

so he has a generic rDNS:
$ host 72.167.52.118
118.52.167.72.in-addr.arpa domain name pointer
ip-72-167-52-118.ip.secureserver.net

and this will cause delivery problems nowadays.

In addition, his server helos with Pousada.com.br.secureserver.net which
does not resolve.

and
$ telnet 72.167.52.118 25
....
220 Pousada.com.br.secureserver.net ESMTP

so the hostname in the banner seems to be another one:
$ host Pousada.com.br.secureserver.net
Host Pousada.com.br.secureserver.net not found: 3(NXDOMAIN)

oops.

I use secureserver.net to host my domain name and I also run my own MTA.
I don't suffer from this problem, so if he rearranges his setup so it is
similar to mine the chances are the problem will go away.

As I said, Secureserver.net is my domain host. Apart from having the
definitive DNS records it does just two things for me:
- it forwards e-mail to my ISP's mail server
- it forwards web requests to my website host.

I run Postfix as my MTA. Its configured to forward all outgoing mail to
my ISP's mail server with a 'relay_host' directive. Other MTAs will
probably have equivalent rules available. This way my sending IP doesn't
appear in dynamic/residential blacklists.

He could try a similar setup fairly easily. My guess is that he's using
the same system as me to receive mail but is failing to direct outgoing
mail through his ISP's MTA.

He is apparently relaying via k2smtpout06-01.prod.mesa1.secureserver.net
which looks like an "official" godaddy server.




Martin Gregorie-2 wrote:
>
> On Wed, 2008-04-02 at 21:03, mouss wrote:
>> He is apparently relaying via k2smtpout06-01.prod.mesa1.secureserver.net
>> which looks like an "official" godaddy server.
>>

> In that case I'm confused: I thought his problem was described as being
> due his MTA sending mail from a residential block of IPs.
>
> The message I'm replying to came through
> smtp01-02.prod.mesa1.secureserver.net on its way here. I'd would not
> expect any of secureserver.net's outgoing MTAs to be blacklisted. They
> evidently supply domain hosting and mail forwarding services to a number
> of domain registrars: my registrar is not GoDaddy and is not AFAIK
> associated with them.
>
> Martin
>
>
>
>
>
>
>


--
View this message in context: http://www.nabble.com/Help-for-Bed-n...p16533183.html
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.