Mail system policies

All connections to our mail system undergo a certain level of scrutiny. The order we process an incoming connection is detailed here:

PTR Record Test

The first test our mail system does is to test for a PTR record relating to the IP address of the remote connection. If the connecting IP does not have a PTR record the connection is closed with a "501 Connecting IP must have valid PTR record" response.

RFC1912 (Informational) states that "For every IP address, there should be a matching PTR record in the in-addr.arpa domain." The PTR (short for Pointer, also refered to as Reverse DNS) record is the responsibility of the ISP providing the internet connection. ISP's comitted to following best practice will provide a generic PTR record by default. You should contact your ISP if Xtreme's mail system closes your connection due to a missing PTR record.

http://www.dnsreport.com and http://www.dnsstuff.com provides a helpful insight into this and other configuration information for your domain and connection.

Sending domain Test

Quite simply a test to verify that the sending domain exists. If the domain does not exist the connection is closed with a "501 <DOMAIN> is invalid or DNS says does not exist".

SPF Test

SPF (Sender Policy Framework) is a system where a DNS entrys states the IP addresses that are allow to send email for that domain. Xtreme Networks SPF rule allows all of Xtreme Networks address ranges and nowhere else to send email from xtreme.net.nz. If an SPF test produces a Failed result the connection is closed with a "550 <IP ADDRESS> does not pass SPF requirements for domain <DOMAIN>.

The SPF entry is ultimately the responsibility of the owner of the domain. More information on SPF can be found at http://www.openspf.org.

Greylisting

Greylisting is a method where we take the sender and recipient addresses and then close the connection with a "451 Greylisting enabled, try again in 1 minutes". After one minute we then accept the email, and any further emails from the same sender to the same recipient for a 24 hour period before dropping the pair from the database. The theory behind this test is that most spam and viruses will only make one delivery attempt then move on to another email address.

Most mail servers have retry policies that easily handle a one minute delay in delivery. We can exclude domains from greylisting. All .nz and .govt.au mail is excluded from Greylisting.

DNS-BL Lookup

DNS Black Lists are maintained by various organisations whereby domain names or IP addresses will be submitted as being a source of spam or viruses. Xtreme Networks only checks the following four lists as we find them to produce acceptable positive results with very few false positives. The response provided when a match is found will depend on the match. More information on these lists can be found at http://au.sorbs.net.

dul.dnsbl.sorbs.net
web.dnsbl.sorbs.net
socks.dnsbl.sorbs.net
http.dnsbl.sorbs.net


If an email is deemed to be spam our system rejects it during the SMTP session. The sender will receive a Non Delivery Report from their mail system.

 

DO NOT send mail to michael@xtreme.net.nz or danny@xtreme.net.nz or your legitimate mail will be blocked for one day as these are spam and virus traps.