ChangeIP.com

[pipsey]

As I currently have it set up, all email going outward is sent through ChangeIP as a SMART_HOST. Now that that much works, I'd like to have only AOL go through ChangeIP to save me a bit on storage (one of my friends is running a website that sells photography on my server, and so sending large amounts of pictures all through ChangeIP will hurt me pretty badly). It's been mentioned to me that this is possible.. but is it easy to set up?

[sam]

There are a few options for this.

1) If your server supports it then just use that option. For instance, exchange 5.5 (and maybe 2000?) have an option on the delivery tab that allows smart hosts per outbound domain. Simply enter aol.com and smtp.ChangeIP.com to allow that delivery to occur. Make sure though that it is sending SMTP auth or pop before smtp authentication.

2) Query for the MX records of AOL.COM. Then specify in your HOSTS file an entry for each of those MX record names and point them to our mail server IP address. This is a manual process and needs maintaining, but accomplishes the task.

3) if you are running a local DNS server for caching you can enter the MX records for AOL as our servers. This accomplishes the same thing as #2 but is at the server level.

4) If not, let me know which software you are running and we'll find a solution.

Sam

[pipsey]

I'm using sendmail, and I'm not quite sure what to put into sendmail.mc to use a smart host only for specific outgoing email =/

[sam]

hmmm... I'm not too familiar with sendmail and its config. I would think there is a way to do it with sendmail since it can do almost anything else on the planet. The easiest workaround might be simply changing the hosts file so that it sees the AOL MX records as ours...

[pipsey]

ok, that sounds reasonable, but now for a stupid question: how do I query AOL's MX records?

[sam]

Try this:

[url]http://www.changeip.com/tools/nslookup.vbs.asp?domain=aol.com&type=15&server=63.210.161.5&class=1&port=53&timeout=5000&go.x=12&go.y=10[/url]

The very bottom of that page will list all of the records for their mail servers. They have a lot so be prepared to enter all of em

If you are using a local DNS caching server you could enter new MX records for them... and just create 1-2. If you are using the HOSTS file method you will need to take into account an entry for each of theirs.

Sam

[sam]

Here is the entries you would want to copy and paste into your hosts file:

# Begin AOL.COM MX record repointing.
66.185.165.75 mailin-01.mx.aol.com
66.185.165.75 mailin-02.mx.aol.com
66.185.165.75 mailin-03.mx.aol.com
66.185.165.75 mailin-04.mx.aol.com
# End

[spyros]

Sam (above) was not sure if this could be done in Exchange 2000. Yes, it can. To configure E2K so that it sends only mail for AOL recipients to ChangeIP.com, and all other mail it just goes out through normal SMTP, go to (assuming you are running in native mode, default setup, etc):

Exchange System Manager
- Administrative Groups
- First Administrative Group
- Routing Groups
- First Routing Group
- Connectors

Create a connector for AOL (e.g. named "relay for company AOL deploying reverse lookup based anti spam measures", and set address space = aol.com, and on the General tab set "forward all mail through this connector to the following smart host" to smtp.changeip.com. On the advanced tab, click the Outbound Security button and enter your access info.

Spyros

[achapman]

But not been able to send out through smtp.changeip.com

My mail server (Domino 6) is set to divert AOL and Compuserve mail out through a relay, while those to the more civilised 95% of the world get sent direct. Great.

Unfortunately, smtp.changeip.com requires authentication - which I can't send.

Is there a way to get smtp.changeip.com to check the domain name and ip address the mail's coming from off against the lists it uses for relaying inbound? Mail for me happily comes INTO smtp.changip.com and gets relayed to me - so it's referencing the list of domains for spam prevention already.

Luckily my cable ISP's SMTP server will let me - although with NTL's reputation, I don't hold out much hopes of delivery...

[spyros]

SMTP hosts (like smtp.changeip.com) can do just about anything they want if they have the source code... if they are using a COTS package, it depends what the package supports. Don't know what changeip.com is using, but I guess one could poke and find out.

Anyway, it is probably irrelevant. (Sorry if you already know all this, but others reading the post may not.) The way to prevent an SMTP host from getting onto the list of 'bad guys' that allow spammers to relay is to accept incoming mail (to its domains) from anyone, but to deny outgoing mail (to domains other than its own) to any client that does not meet certain criteria. The most commonly supported criterion is 'can authenticate'. If you want changeip.com to remove the 'can authenticate' condition, they would have to add another that was also pretty restrictive. They can't afford to simply to a domain lookup against the bad guys, because new bad guys turn up regularly and smtp.changeip.com would be 'discovered' pdq I suspect. Packages such as Microsoft Exchange Server also allow criteria such as 'mail coming from specific IP address ranges', so changeip.com might be able to change from 'can authenticate' to 'comes from xyz IP range' - but that is a problem since it does not dole out IP address ranges (your ISP or telco provider does), so it does not have a way to confirm that the IP address range is good. So they are probably stuck with 'can authenticate'.

I think your easiest solution is to find an open relayer yourself for your outbound mail, or switch out your SMTP software. Good luck!

[sam]

Our SMTP server works off of 2 authentication methods. The first is the standard SMTP authentication. This means that the sending SMTP server will pass along the username / password during the relay and we know who you are, how much you can relay, etc.

The second method of authentication is POP before SMTP. This works for many people who cannot get their mail server to provide smtp authentication. POP before SMTP works like this: Your server checks a POP3 mailbox on our server - this mailbox is the relay account you've setup on our site. Once you've authenticated using POP3 you are now allowed to send, from that same IP address, within the next 60 minutes. So, if you have a little utility that checks the pop3 mailbox once per hour you can relay outbound.

I've helped many people with Exchange 5.5 get this working. Since Exchange 5.5 does not include any SMTP authentication methods then we have them run the little client utility. There is a nice one here: [URL=http://www.icewarp.com/Download/notify.zip]Notify.zip[/URL]

This utility runs on windows and simply checks a pop3 mailbox at a specified interval. This will keep your IP address open for relay using our server. Please do not set the interval for this utility for anything more than every 20 minutes or so since the time to live for the authentication is 1 hour anyhow.

I am familiar with quite a few mail servers out there and there is always a way to make them work - sometimes you just have to perform some stunts to trick em

Also - we have the ability to enter an allowed IP range - although this defeats the purpose of what we are trying to provide. Allowed IP ranges do not get placed under the quota limits - and they also can be potential spam avenues. We work hard to not let our IP blocks get listed in these RBL and other lists so that you can continue to enjoy the quality smtp services we offer. Many other ISPs and providers like us get listed in RBLs and such and then it affects all other clients using that service.

Thanks!
Sam