Hi Levente,
Sorry, I had to copy this from the archive (http://lists.squeakfoundation.org/pipermail/box-admins/2016-January/002120.h...) because, as I said, I cannot get mail on my gmx account via the list.
Hi Tobias,
Only the SFC has access to the admin panel. But such record already exists: 42.104.246.173.in-addr.arpa. 3600 IN PTR xvm-104-42.ghst.net. And it points back to the IP as well: xvm-104-42.ghst.net. 1200 IN A 173.246.104.42 So, unless the servers of gmx are misconfigured, such change shouldn't have any effect.
No, that won't work for two reasons. First, Mailman (via qmail) names itself "box4.squeak.org"[1] in its HELO/EHLO phase but the PTR-RR says, as you stated, "xvm-104-42.ghst.net". This violates the SMTP RFC and hence we get blocked. We _could_ make qmail advertise "xvm-104-42.ghst.net" but this does not match our mx entries for squeakfoundation.org, and we would get blocked because of that.
Second, GMX explicitly forbids "hoster-generated PTR-RR records"[2]: The delivering email server must have a static IP address. Additionally, it has to be configured correctly and needs to provide a valid HELO, as well as MX, A, and PTR resource records (reverse DNS entry). >>The PTR-RR in particular must not correspond to the preset generic record of the host.<< (emphasis mine) So we have to change.
What we could do is to set up a strict SPF record, because we don't want any other sources to be considered valid senders by othe mailservers. I'm thinking about something like "v=spf1 mx -all".
I did this already: squeakfoundation.org. 86396 IN SPF "v=spf3 mx a ptr ip4:173.246.104.42/32 a:box4.squeakfoundation.org a:box4.squeak.org include:squeak.org ~all" squeakfoundation.org. 86400 IN TXT "v=spf1 mx a ptr ip4:173.246.104.42/32 a:box4.squeakfoundation.org a:box4.squeak.org include:squeak.org ~all"
Also I just found a Slack message from November that says: [22:57] craig @group: Bradley Kuhn from SFC says that box4 could disappear at any time if Gandi doesn't renew the donation, so we should get set up with Tony at Rackspace ASAP.
I don't know what that means in terms of effort or in terms of other service support, but I can imagine that setting up mailman again will be quite laborious.
Best regards -Tobias
[1]: that was "box4.squeakfoundation.org" until yesterday. [2]: http://postmaster.gmx.com/en/email-policy/
Levente
On Thu, 7 Jan 2016, Tobias Pape wrote:
Hi all,
who of the admins has access to the gandi control panel for box4? we need to set the RR-PTR for box4 so that, finally, GMX allows us to send mail again. I'd suggest putting box4.squeak.org in there.
Please reply directly, I cannot get ml-mail via GMX *grml*
best regards -Tobias