Mailing List CGatePro@mail.stalker.com Message #92527
From: Thom O'Connor <thom@communigate.com>
Subject: RE: SpamHaus listing of CommuniGate servers
Date: Fri, 07 Sep 2007 11:57:23 -0700
To: <cgatepro@communigate.com>
From:   "Bret Miller"
>> Our domain has been listed in SpamHaus CBL for incorrect HELO name
>> response. Is anyone else having this problem as well?
>>
>> Stalker support replied that "According to the RFC2821 the
>> HELO domain
>> and reverse DNS entry mismatch should be used only for logging
>> purposes", that SpamHaus was wrong and that nothing would be
>> changed in
>> Communigate Server (which means that we can not be delisted without
>> SpamHaus changing their policy).
>>
>> This is pretty critical and any help is appreciated.
>
> Yeah, and if there are any evaluators on the list, when you go to purchase your license, if it's single-server, you really should consider licensing it to the host FQDN instead of the domain name since there are many servers that violate the intent of the RFC and do reject mail when HELO doesn't match RDNS. With both sides being stubborn about their policies, it's just best to work around it.
>
> Bret

Heya -

Let's please be careful to note that the licensed (HELO) domain name
currently used at the discussed site probably has little, if anything,
to do with the listing at Spamhaus CBL. As some others noted, there are
some far more significant DNS problems at play here.

That said, Bret's statement is correct for technical as well as logical
and administrative reasons. It is good practice to license the server to
the server name, which becomes the Primary Domain Name; however, all
actual domains to be hosted on the server - especially in a multi-domain
environment - should be Secondary (or virtual) domains. The Primary
Domain then is used only for the default administrative accounts -
postmaster, pbx, etc. - while all "in-use" or hosted domains reside as
virtual domains which can have their own IPs assigned, certs, etc.

When running a cluster, this becomes even more true, as each server in
the cluster will have its own server name (e.g., be1.example.com,
fe1.example.com) , while the cluster as a whole will have its own name
"*.example.com", and all the domains actually hosted within the cluster
are setup as "cluster domains" available across all nodes in the cluster
(e.g., example.com, example.net, example.org, example.co.jp, etc.).

Cheers, have a good weekend,
 -t
Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster