0

Is it possible to filter incoming spam when the mail server is hosted on a dynamic IP. Static IP is not an option at the moment. Outgoing mail is relayed through a third party service which works great, but I am not sure how I could filter incoming mail within Domino. Has anyone figured out how to do achieve this? Or I am limited to what Domino has to offer to control spam and doing it manually by creating mail rules?

Update: I am using DDNS service (dnsmadeeasy) to manage my DNS. So everytime my IP changes DNS is updated (which is not often - it's normally whenever router is restarted - which is only every couple of months). This part works fine. I am also using SMTP Authentication service from dnsmadeeasy to relay my outgoing mail and again this part works. What I now need to do is figure out how I can filter incoming mail as described above.

pipalia
  • 235
  • 1
  • 10

2 Answers2

2

First and foremost bug your ISP to give you a static IP.

You can not expect to reliably send or receive email from a dynamic IP. Sending may be less of an issue since you use a 3rd party to relay your outgoing email. However incoming email will become a problem every time your ISP changes your IP. Then you have to change DNS records accordingly or you may not be receiving email anymore.

The reason is that MTAs (aka email servers) use DNS in order to find the destination server. Say your server is at mail.example.com and someone is trying to send email to name@example.com. The outgoing MTA will look up the MX record(s) of example.com (and lacking any MX records may fall back to try and resolve example.com instead) and then tries to find the IP(s) those MX records resolve to and then contacts that server, if you have multiple MX records it will try them either based on priority or round robin (if priorities are equal).

If the IP has changed it can not contact your server and will fail to deliver your email, I believe this normally should be a temporary failure, becoming a permanent one when the problem persists.

Based on it being a temporary failure there may be a work around, but it is flaky at best. If you set your nameserver's TTL to half a day or an hour or so, then when your ISP changes your IP you can then change that in your nameserver(s) and the internet may pick it up within a few hours. Since the email protocol (SMTP) has built in redundancy email servers will retry for a while before permanently failing (normally in 5 days give or take).

However, your TTL may be ignored and nameservers will keep using the old IP until they think it's time to refresh, if ever. So this method is pretty much a lame stopgap until you managed to get a static IP.

Update: With regards to running a nameserver. The way I have done it when I ran just one nameserver (and moved to two nameservers) is to create 2 entries, say ns1.example.org and ns2.example.org and just have them resolve to the same IP where your nameserver is running. Then tell your registrar you manage your own domains and submit the 2 nameserver addresses. If ever you get a second nameserver it's just a matter of changing the IP in the DNS records, so you could change ns2.example.org to point to the new IP.

aseq
  • 4,610
  • 1
  • 24
  • 48
  • Thanks aseq for your response. Static IP is not available on a residential connection, and I don't want to pay double each month if I can avoid it for a business broadband for the same download and upload speed therefore looking for alternatives with what I have and learning a lot in the process of doing so. I am using DDNS service - DNSMadeEasy to update my DNS instantly everytime it changes with a low TTL - this part works and updates almost instantly due to low TTL. Even though the IP is dynamic, it only changes when the router is restart, so doesn't change that often! – pipalia Mar 30 '12 at 23:49
  • 1
    I don't know what provider you use. But it may be worth while to look into using a local provider who may be willing to assign you a static IP for a nominal fee (a few $s a month). I am using a local small provider who does exactly that, whereas the big ones only assign you a static IP if you change to a "business" plan. – aseq Apr 01 '12 at 10:43
  • I am with BT and they just started business service in my area for the fast broadband connection, so I think I might just go with them and get a static IP. You are right not all records are updated instantly with all ISPs' nameservers - I have this issue right now where A record is updated but CName doesn't resolve via ping by my ISP even after using DDNS service!! – pipalia Apr 02 '12 at 19:53
  • 1
    Good idea to move to a plan with a static IP. It will help a lot. I would also suggest to run your own nameserver. It may be a steep learning curve, but once it's set up it just works. Requires very little maintenance and you have all the control. – aseq Apr 02 '12 at 20:00
  • Thanks! I will look into running my own nameserver - that's an interesting idea - but what about the nameserver from DDNS service such as dnsmadeeasy - it does the job for me!! – pipalia Apr 02 '12 at 20:03
  • 1
    I can't comment on these services. However I do think it is important to be able to control certain things yourself and be less reliant on 3rd parties. It also gives you a nice sense of empowerment. You're trying to run your own email server at home, running your own nameserver would be a welcome and sensible addition (to the learning experience). I am doing it myself for many years now at home and in combination with virtual servers to create redundancy (though a home connection can be surprisingly stable). – aseq Apr 02 '12 at 20:14
  • They won't allow me to post a generic question on nameserver - so my apologies for continuing the conversation on here - can I use a single server and standard windows DNS services to setup my own nameserver and have two IPs point to the same server? I don't really want to run a second server just to have a redundant nameserver on it?? – pipalia Apr 02 '12 at 20:26
  • 1
    See my updated answer. – aseq Apr 02 '12 at 22:48
2

So, you're essentially using the dynamic DNS entry as your MX? Can you clarify that?

To do filtering of incoming mail, you can contract with some service to do it for you. Mailroute, I guess Postini, etc. You would set the MX record to point at their service, so they see the mail before you do. I assume that clean mail would then be routed to your current server using the dynamic DNS name.

You can also roll your own: set up a VPS or an EC2 instance with Elastic IP, run a simple Postfix on it with Amavisd/SpamAssassin/ClamAV and so on. Once Amavisd cleans it up, it can send it along to your current server.

For that matter, run your own Linux box at your current location, have it do the Postfix/Amavisd thing, with final delivery to the Domino server sitting next to it. It depends on how much hassle you want to go through.

The advantage for the first two scenarios is that you would have a static IP that would receive the mail, even if it's not at your physical location. The third scenario might be a little cheaper. It'd depend on your budget and how much you care.

cjc
  • 24,916
  • 3
  • 51
  • 70
  • Thanks cjc, I am going to use Postini or Mailfoundry - both of them don't require static IP for filtering incoming email. Hopefully I can still use relaying through Domino for outgoing email. Yes I am using dynamic DNS entry as my MX record. Budget is not an issue, I can even get a dedicated server, but the whole point of running a business is reducing outgoing costs and that's exactly what I am trying to achieve here. I don't believe in paying double just so I could get a static IP on a business connection, which essentially is same as the current connection and speed I achieve! – pipalia Mar 31 '12 at 15:26