On Fri, 21 Nov 2003, Jay Hennigan wrote:
In our case it's at the IP level. Our mailserver gets "connection refused" from their "business" mail servers at "bizmailsrvcs.net". We got someone on the phone who was supposed to look into it a week or so ago.
Have a look at the logs on your primary MX. Part of their "anti-spam" solution seems to be a connection back to your primary MXer to check if the envelope from is valid or not. If you don't reply in the (very short) timeout period, the mail is rejected with a *permanent* failure.
VZ was unable to tell me why we were initially blocked, but we were for a number of days. Not at the IP level, but at the envelope level; meaning that if you issued a "mail from:" with the domain in question, you'd get the "550 You are not allowed to send mail:sc004pub.verizon.net" message.
They couldn't tell us either.
It's a horrible design. It's useless for them on MTAs that just accept everything into the queue and work it from there (qmail, ?) and a pain to the sender if you happen to have your primary mx swamped in a spam attack when they try to query it. From what I can see, the timeout is *very* short and they do not try anything other than the primary mxer. There also does not seem to be a whitelist for problem sites (which we apparently are) so the problem never really goes away, it just gets better and worse as a direct parallel to your mxers load... They also block mail to their postmaster and abuse addresses, so you have to do some work to get in touch with someone there. Charles
-- Jay Hennigan - CCIE #7880 - Network Administration - jay@west.net WestNet: Connecting you to the planet. 805 884-6323 WB6RDV NetLojix Communications, Inc. - http://www.netlojix.com/