On Tue, Nov 14, 2006 at 11:48:32AM +0900, Henry Nelson wrote:
>
>Okay, trying again to get them to "set up a static PTR record"  seems
>to be my best (if not only) option.  Thanks for giving me the correct
>wording for what I want to ask for.  It may help.
>

I'm just looking at the thread... but it sounds as
if the problem you have is a particular incoming
SMTP verification fail when you send mail to an isp
that uses their "bullet proof" verification. No?

In that case, a simple solution (assuming you don't
process several 1,000s of messages per day) may be
3rd party pfspamd service. Not something people are
advertising but probably a viable product (even in
the USA, lots of people have problem with proper
ISP/PTR/SMTP).

You need to find someone who can sell you an IP,
PTR DNS and pf service.  You change your MX record
to that IP, they optionally block 99% of spam (and
no false positives) with pfspamd and tcp forward
the remaining smtp connections to your ip. So, you
do the smtp transaction, the mail is detoured to
you through the 3rd party's gateway, with optional
filtering and the 3rd party's cost is running the
PTR DNS (which could be a NS record, so your server
is authoritative for the PTR record), pfspamd cpu
(nominal) and your incoming bandwidth.

Oh wait, those bullet proof ISPs probably can't
verify your SMTPD with a pfspamd front end, so you'd
need to add their testing IPs to the pfspamd accept
list (a la verizon).

It may be the case that your ip is "country code"
blocked by that ISP (I've done it for Korea and
China... http://galis.org/script/cc2netblock.sh to
lighten spamassassin load, before I used pfspamd)
in which case You'll need the third party IP/pf
forwarding for outgoing mail too.

Meanwhile, spammers just use the zombie computers to
send messages...

anyway, good luck.

// George


-- 
George Georgalis, systems architect, administrator <IXOYE><