What We Do Not Reject
We do not reject e-mail that is scored as spam. Instead, we place it in a separate ‘spam’ folder which you can review with any of the shell mailers, web-mail, or imap mail client. It is not possible to access the spam folder with a pop-3 client because the pop-3 protocol only supports your INBOX.
Reasons We Do Reject E-Mail
- Mail contains a virus
- We use Clam-AV to scan for viruses and do not accept any mail in which we detect a virus. The mail is rejected with a message explaining that it is infected and what virus it contains. We do this because we do not want to spread the virus further. This does not catch all viruses because there is a period of time between when a virus is released into the wild and found and then a signature developed for it. During this time a virus will go undetected.
- We are unable to determine the host name of the sender
- We require the inverse DNS, that is the resolution of an IP address into a host name, to be consistent with the forward DNS, that is the resolution of a host name to an IP address. The reason for this is that malicious people can map an IP address over which they have control to any domain name they want including your bank, mortgage company, paypal, etc, and then send e-mail forged as those companies that look legitimate. But they don’t have control over that companies domain so they can not map the domain back to the IP address. This is why we perform this check. The bounce message will say, “Host name not found or host lookup failed” with this type of misconfiguration.
- The host name given to the EHLO command is invalid.
- Any legitimate mail server should send the fully qualified domain name of their host in the EHLO command, but viruses rarely do. For this reason we require the EHLO command to be properly formatted. Most common mail server software in use automatically does this unless manually overridden. The exception to this is Microsoft Exchange. A frequent error made with Exchange is to set the EHLO command to the Windows domain instead of the Internet domain. This will also say host name not found but will also give the host name provided by the EHLO command.
Configuring One Host Name for Multiple IP Addresses and Servers
Occasionally administrators will want to map a host name to multiple servers and will do it incorrectly. The correct way to do it is to have separate host names for each server that point to each servers separate IP address and then map those IP addresses back to the individual server name and then, in addition, have a global server name that maps to all IP addresses. This way, one name can still map to multiple servers but each server will have consistent forward and inverse DNS mapping.