[quoted text, click to view]

You can try to connect with telnet. Use nslookup to find the email server:

C:\>nslookup -type=MX domain.name

then:

C:\>telnet mail.domain.name 25

If you can't connect then the port may be blocked. If nslookup doesn't work,
then you DNS isn't working properly.

[quoted text, click to view]

Use TELNET.EXE ip_address [port#]

Telnet port is 23, but you can open port using the 2nd option.

All the internet protocols, HTTP, SMTP, POP3, FTP, etc, are all
conversational text based client/server protocols so you can use telnet to
test them all. You just need to know the "state machine" or the
conversation commands required for each.

For example, lets say you want to send mail to bill.gates@Microsoft.com

For SMTP, first, you need to look to get the MX host records microsoft.com,

To the the MX records of a email domain name, type:

nslookup -query=MX microsoft.com

Three comeback with equal preference (lowest first)

microsoft.com MX preference = 10, mail exchanger = maila.microsoft.com
microsoft.com MX preference = 10, mail exchanger = mailb.microsoft.com
microsoft.com MX preference = 10, mail exchanger = mailc.microsoft.com

In layman terms, these are the "post offices" at microsoft available to
receive mail. These can expand to more than 3. So technically, you need to
do another lookup for the A record for each one.

But for testing, you telnet to port 25 for one of these or the direct IP
address one of these, like so:

telnet maila.microsoft.com 25

If successful, you will get a 220 greeting line from the remote SMTP server:

220 IGR-IMC-02.redmond.corp.microsoft.com <Inbound SMTP Virtual Server>
Wed, 29 Dec 2004 03:55:34 -0800

Any other number than 220 is considered a failure or server not available
state.

If you don't see this, it means you will have trouble sending mail from your
machine. But it all depends.

1) A fast connect refuse usually means you are blocked,

2) A very long connection failure could mean that the remote server doesn't
exist,

3) Dynamic IP or Home based users.

For dynamic IP (usually home base accounts), a remote SMTP server might
connect with you but give you a NON-220 response showing that you are not
allowed as a dynamic IP machine. For example. I get this from my home
machine when you connect to a AOL.COM MX host.

554- (RTR:BB) http://postmaster.info.aol.com/errors/554rtrbb.html
554- AOL does not accept e-mail transactions from dynamic or residential
554- IP addresses.
554 Connecting IP: 65.2.204.201

Although AOL.OCM may say it is for anti-spam protection, technically, AOL is
not following and are voilating the RFC standards with this automatic
DYNAMIC IP rejection.

Why?

First, the SMTP RFC specifically says you MUST not reject mail based on a
IP/HELO authentication. Yes, ANTI-SPAM reseachers are trying to change
this, but this is the CURRENT rule.

Second, and more importantly, AOL pre-emptys the possibility of an ESMTP
AUTH (Login Authentication) session from taken place to authorize the
transaction. This automatic rejection at the greeting does not allow for
the possibility of a client issueing the Extended HELO (EHLO) and AUTH LOGIN
commands that could authorize the process.

So AOL.COM methods stops legitimate roaming users from using ESMTP AUTH to
connect. See #4.

4) ESMTP AUTH

Some ISPs will allow you to login on dynamic machines using ESMTP AUTH on
port 25 or the special port 587.

The latter port is part of the "Message Submission Protocol" RFC 2476, which
in short, basically enforces the otherwise optional ESMPT AUTH.

In other words, if you connect on port 25, then ESMTP AUTH is optional. If
you connect at port 587, the remote SMTP server will EXPECT a ESMTP AUTH
login session will take place.

In general, the big ISPs did not support ESMTP AUTH for roaming users, but
this is changing.

So look to see of your ISP supports ESMTP AUTH for dynamic IP users and/or
if your ISP supports the Message Submission Protocol.

Finally, what you might want to do is setup what is called a "Smart Host"

By doing what you did, you creating a router. Outlook sends to your local
machine and you want your local machine to sent out machine.

Well, never mind the fact, this is ANTI-SPAM 101, stuff we Anti-Spam
developers are specifically targeting in "regulating and controlling", if
you want to do it correctly, you should prepare your local machine SMTP
server to send all machine directly VIA your ISP or some "pre-arranged"
SMART HOST that understand who you are and authorizes you to do "relay"
machine thru their machine.

This is a traditional setup using a IP address, but since you are dynamic
IP, some SMTP servers will allow you to prepare a smart host using a ESMTP
AUTH login with username and password, just like you do for the "user based"
Outlook program called the MUA (Mail User Agent).

Hope these tips help

Happy Holidays

---
Hector Santos
WINSERVER "Wildcat! Interactive Net Server"
WCSAP "Wildcat! Sender Authentication Protocol"
http://www.winserver.com/sslinfo
support: http://www.winserver.com
sales: http://www.santronics.com

[quoted text, click to view]

Two other points:

CBV and SPF

Verizon.net is not blocking the dynamic IP address as I can connect via my
home computer.

telnet relay.verizon.net 25

220 sc022pub.verizon.net MailPass SMTP server v1.1.1 - 121803235448JY
ready Wed,
29 Dec 2004 06:34:59 -0600

This means I can connect to and send mail to a LOCAL verizon.net user. I
can only send to a REMOTE user from this server IF and ONLY IF I
authenticate (login with ESMTP AUTH). Since I am not a verizon.net
customers, by SMTP RFC standards, it must allow me to send to local users
(this is the essence of the ANTI-SPAM problem).

But I do know that verizon.net will do a CBV (Callback Verification) to test
your sender address to make sure it is legit.

For example, I am going to send you a message using a FAKE address. The C:
lines are my commands, the S: lines are the server responses:

220 sc016pub.verizon.net MailPass SMTP server v1.1.1 - 121803235448JY ready
Wed,
29 Dec 2004 06:40:22 -0600
HELO HDEV1
250 sc016pub.verizon.net
MAIL FROM: <foobar@foobar.com>
550 You are not allowed to send mail:sc016pub.verizon.net

As you can see here, Verizon.net did a check on the MAIL FROM: address and
found it is not legit.

Lets do this again with a good address:

220 sc009pub.verizon.net MailPass SMTP server v1.1.1 - 121803235448JY ready
Wed,
29 Dec 2004 06:43:41 -0600
EHLO HDEV1
250-sc009pub.verizon.net
250-8BITMIME
250 SIZE 8388608
MAIL FROM: <winserver.support@winserver.com>
250 Sender <winserver.support@winserver.com> OK

Now, let me connect to my company network to show you the log of what
verizon.net need to CALLBACK to my system to check that address:

**************************************************************************
Wildcat! SMTP Server v6.0.451.3
SMTP log started at Wed, 29 Dec 2004 07:42:24
Connection Time: 20041229 07:42:24 cid: 000D4FD8
SSL Enabled: NO
Client IP: 206.46.170.188 (unknown)
07:42:24 S: 220-winserver.com Wildcat! ESMTP Server v6.0.451.3 ready
07:42:24 S: 220-************** WARNING: FOR AUTHORIZED USE ONLY!
**********************
07:42:24 S: 220-* THIS SYSTEM DO NOT AUTHORIZE THE USE OF ITS PROPRIETARY
COMPUTERS *
07:42:24 S: 220-* AND COMPUTER NETWORKS TO ACCEPT, TRANSMIT, OR DISTRIBUTE
UNSOLICITED *
07:42:24 S: 220-* BULK E-MAIL SENT FROM THE INTERNET. THIS SYSTEM WILL
RESTRICT ACCESS *
07:42:24 S: 220-* TO CAN-SPAM (US S. 877) COMPLIANT CLIENTS ONLY.
*
07:42:24 S: 220
************************************************************************
07:42:24 C: HELO sc009pub.verizon.net
07:42:24 S: 250 winserver.com, Pleased to meet you.
07:42:24 C: MAIL FROM:<>
07:42:24 S: 250 <>... Sender ok.
07:42:24 C: RCPT TO:<winserver.support@winserver.com>
07:42:29 ** WCX Process: wcsap ret: -1
07:42:29 S: 250 <winserver.support@winserver.com>... Recipient ok
07:42:29 C: QUIT
07:42:29 S: 221 closing connection

The above log shows the CBV verizon.net performed to validate my address.

So this is one thing you have to watch for.

The second and more inportant is SPF. This is more complex and I refer you
to http://spf.pobox.com support site.

SPF is fastly becoming the industry standard for protecting domain names.
What it means in that in the near future you will not be able to use your
local machine to send mail DIRECTLY to systems. You will have to either
have a SPF record in DNS or use a SPF ready smart host.

VERIZON.NET is not SPF ready. But AOL.COM and other big ISPs are. If
VERIZON.NET was SPF ready, then it would not allowed me to use my HOME
machine to send mail because my HOME machine is not an SPF protected domain.

Micosoft's SenderID is a cloned and borrowed SPF technology. So before you
can use a Microsoft SenderID supportive system, you have to be a SPF ready
site as well. Fortunately, most systems will probably not support
SenderID since its extends SPF and is based on allowing you to send mail
first to later check all the information AFTER the mail is accepted. This
mode of operation is a big taboo in the anti-spam research area and most
advanced ANTI-SPAM systems are not going to allow you to send mail without
checking your credentials before hand. Any system or ISP who claims to
support SenderID is doing so for "marketing reasons" only.

---
Hector Santos
WINSERVER "Wildcat! Interactive Net Server"
WCSAP "Wildcat! Sender Authentication Protocol"
http://www.winserver.com/sslinfo
support: http://www.winserver.com
sales: http://www.santronics.com