Hotmail ve yahoo ya mail atamıyorum.
Sitede kesin bir sonuç bulamadığım için tekrar açmak istedim.
Turknet Datacenter dan Co-Location hizmeti alıyorum Merak Mail 9.4 versiyonu kullanıyorum. Herhangi bir black liste değiliz. Bütün kayıtlarımızda tamamdır mx,SPF,PTR,A ancak Hotmail ve yahoo.com a mail atamıyorum. loglardan bakınca hotmail.com bir takım güvenlik ilkelerine takıldığı için attığım mail gitmiyor. https://support.msn.com/eform.aspx?productKey=senderid&ct=eformts linkinden Senderid programına Domainimizi kayıt ettirdim. kaydı yapalı 3-4 gün oldu ancak değişen birşey olmadı.
[quote user="Fatih KARAALIOGLU"] Merhaba; ADSL olmayan bir net bağlantısı Mail sunucuları için büyük önem arz etmektedir. Bilindiği gibi ADSL hatları son kullanıcı ve küçük işletmeler için internet hizmet sağlayıcısı olarak kullanılmaktadır. ADSL hatları üzerinden Mail göndermek istediğimiz zaman bir çok mail sunucusu, firewall vb.. ürünler göndermiş olduğunuz maili kabul etmeyecek ve fazla uzun süre geçmeden Blok listelerine giriş yapacaksınız. ADSL hattı harici internet hatları pahalı 🙁 Exchange e diğer mail serverları şirketimizi için ihtyiaç. Bu ve benzeri ihtiyaçlar için geliştirilmiş olan çözümleri yani SMART HOST hizmetini, bu posta eklemekte fayda görmekteyim. [/quote]
fatih hocam ADLS hat üzerinden mail server barındırmıyorum. yukarıda dediğim gibi co-location hizmeti alıyorum
attığım mailler bu şekilde geri dönüyor.
550 SC-002 Mail rejected by Windows Live Hotmail for policy reasons. The mail server IP connecting to Windows Live Hotmail has exhibited namespace mining behavior. If you are not an email/network admin please contact your E-mail/Internet Service Provider for help. Email/network admins, please visit http://postmaster.live.com for email delivery information and support
Kayıtlarda sorun yok gibi spf, ptr hepsi var., aşağıdaki yerlerde black listedesiniz, hotmail sorunun çözümü için aşağıdaki şekilde spf girilmesini önermişi ISP ne diyor duruma ?
The problem that you have occurs because a new authentication in the hotmail servers (Sender ID)
To solve your problem, in your DNS add the following line:
yourdomain.com IN TXT “v=spf1 mx ip4:x.x.x.x mx:smtp.yourdomain.com –all”
yourdomain.com = is the domain used in your mails
smtp.yourdomain.com = is the smtp used to send mails
ip4:x.x.x.x = is the outgoing IP where the mails go out
Hoping this solve your problem!
|UCEPROTECTL2||127.0.0.2||"Net 188.8.131.52/17 is UCEPROTECT-Level2 listed because 222 abusers are hosted by ASTURKNET TurkNet Iletisim Hizmetleri A.S/AS12735 there. See: http://www.uceprotect.net/rblcheck.php?ipr=184.108.40.206 2"||http://www.uceprotect.net/en/index.php?m=7&s=1|
|UCEPROTECTL3||127.0.0.2||"Your ISP ASTURKNET TurkNet Iletisim Hizmetleri A.S/AS12735 is UCEPROTECT-Level3 listed for hosting a total of 853 abusers. See: http://www.uceprotect.net/rblcheck.php?ipr=220.127.116.11 2"||http://www.uceprotect.net/en/index.php|
DNSreport for apex.com.tr
|Parent||PASS||Missing Direct Parent check||OK. Your direct parent zone exists, which is good. Some domains (usually third or fourth level domains, such as example.co.us) do not have a direct parent zone ('co.us' in this example), which is legal but can cause confusion.|
|INFO||NS records at parent servers||Your NS records at the parent servers are:|
ns1.netone.com.tr. [18.104.22.168] [TTL=43200] [TR][These were obtained from ns5.nic.tr]
|PASS||Parent nameservers have your nameservers listed||OK. When someone uses DNS to look up your domain, the first step (if it doesn't already know about your domain) is to go to the parent servers. If you aren't listed there, you can't be found. But you are listed there.|
|PASS||Glue at parent nameservers||OK. The parent servers have glue for your nameservers. That means they send out the IP address of your nameservers, as well as their host names.|
|PASS||DNS servers have A records||OK. All your DNS servers either have A records at the zone parent servers, or do not need them (if the DNS servers are on other TLDs). A records are required for your hostnames to ensure that other DNS servers can reach your DNS servers. Note that there will be problems if your DNS servers do not have these same A records.|
|NS||INFO||NS records at your nameservers||Your NS records at your nameservers are:|
ns2.netone.com.tr. [22.214.171.124] [TTL=86400]
ns1.netone.com.tr. [126.96.36.199] [TTL=86400]
|PASS||Open DNS servers||OK. Your DNS servers do not announce that they are open DNS servers. Although there is a slight chance that they really are open DNS servers, this is very unlikely. Open DNS servers increase the chances that of cache poisoning, can degrade performance of your DNS, and can cause your DNS servers to be used in an attack (so it is good that your DNS servers do not appear to be open DNS servers).|
|PASS||Mismatched glue||OK. The DNS report did not detect any discrepancies between the glue provided by the parent servers and that provided by your authoritative DNS servers.|
|PASS||No NS A records at nameservers||OK. Your nameservers do include corresponding A records when asked for your NS records. This ensures that your DNS servers know the A records corresponding to all your NS records.|
|PASS||All nameservers report identical NS records||OK. The NS records at all your nameservers are identical.|
|PASS||All nameservers respond||OK. All of your nameservers listed at the parent nameservers responded.|
|PASS||Nameserver name validity||OK. All of the NS records that your nameservers report seem valid (no IPs or partial domain names).|
|FAIL||Number of nameservers||ERROR: You have less than two nameservers. You are required to have at least 2 nameservers per RFC 1035 section 2.2 (RFC2182 section 5 recommends at least 3 nameservers).|
|PASS||Lame nameservers||OK. All the nameservers listed at the parent servers answer authoritatively for your domain.|
|FAIL||Missing (stealth) nameservers||FAIL: You have one or more missing (stealth) nameservers. The following nameserver(s) are listed (at your nameservers) as nameservers for your domain, but are not listed at the parent nameservers (therefore, they may or may not get used, depending on whether your DNS servers return them in the authority section for other requests, per RFC2181 5.4.1). You need to make sure that these stealth nameservers are working; if they are not responding, you may have serious problems! The DNSreport will not query these servers, so you need to be very careful that they are working properly.|
ns2.netone.com.tr.This is listed as an ERROR because there are some cases where nasty problems can occur (if the TTLs vary from the NS records at the root servers and the NS records point to your own domain, for example).
|PASS||Missing nameservers 2||OK. All of the nameservers listed at the parent nameservers are also listed as NS records at your nameservers.|
|PASS||No CNAMEs for domain||OK. There are no CNAMEs for apex.com.tr. RFC1912 2.4 and RFC2181 10.3 state that there should be no CNAMEs if an NS (or any other) record is present.|
|PASS||No NSs with CNAMEs||OK. There are no CNAMEs for your NS records. RFC1912 2.4 and RFC2181 10.3 state that there should be no CNAMEs if an NS (or any other) record is present.|
|WARN||Nameservers on separate class C's||WARNING: All of your nameservers (listed at the parent nameservers) are in the same Class C (technically, /24) address space, which means that they are probably at the same physical location. Your nameservers should be at geographically dispersed locations. You should not have all of your nameservers at the same location. RFC2182 3.1 goes into more detail about secondary nameserver location.|
|PASS||All NS IPs public||OK. All of your NS records appear to use public IPs. If there were any private IPs, they would not be reachable, causing DNS delays.|
|PASS||TCP Allowed||OK. All your DNS servers allow TCP connections. Although rarely used, TCP connections are occasionally used instead of UDP connections. When firewalls block the TCP DNS connections, it can cause hard-to-diagnose problems.|
|INFO||Nameservers versions||Your nameservers have the following versions:|
|FAIL||Stealth NS record leakage||Your DNS servers leak stealth information in non-NS requests:|
Stealth nameservers are leaked [ns2.netone.com.tr.]!
This can cause some serious problems (especially if there is a TTL discrepancy). If you must have stealth NS records (NS records listed at the authoritative DNS servers, but not the parent DNS servers), you should make sure that your DNS server does not leak the stealth NS records in response to other queries.
|SOA||INFO||SOA record||Your SOA record [TTL=86400] is:|
Primary nameserver: ns1.netone.com.tr.
Hostmaster E-mail address: dnsadmin.netone.com.tr.
Serial #: 2006010102
Default TTL: 86400
|PASS||NS agreement on SOA Serial #||OK. All your nameservers agree that your SOA serial number is 2006010102. That means that all your nameservers are using the same data (unless you have different sets of data with the same serial number, which would be very bad)! Note that the DNSreport only checks the NS records listed at the parent servers (not any stealth servers).|
|PASS||SOA MNAME Check||OK. Your SOA (Start of Authority) record states that your master (primary) name server is: ns1.netone.com.tr.. That server is listed at the parent servers, which is correct.|
|PASS||SOA RNAME Check||OK. Your SOA (Start of Authority) record states that your DNS contact E-mail address is: firstname.lastname@example.org. (techie note: we have changed the initial '.' to an '@' for display purposes).|
|PASS||SOA Serial Number||OK. Your SOA serial number is: 2006010102. This appears to be in the recommended format of YYYYMMDDnn, where 'nn' is the revision. So this indicates that your DNS was last updated on 01 Jan 2006 (and was revision #2). This number must be incremented every time you make a DNS change.|
|PASS||SOA REFRESH value||OK. Your SOA REFRESH interval is : 10800 seconds. This seems normal (about 3600-7200 seconds is good if not using DNS NOTIFY; RFC1912 2.2 recommends a value between 1200 to 43200 seconds (20 minutes to 12 hours)). This value determines how often secondary/slave nameservers check with the master for updates.|
|PASS||SOA RETRY value||OK. Your SOA RETRY interval is : 3600 seconds. This seems normal (about 120-7200 seconds is good). The retry value is the amount of time your secondary/slave nameservers will wait to contact the master nameserver again if the last attempt failed.|
|PASS||SOA EXPIRE value||OK. Your SOA EXPIRE time: 604800 seconds. This seems normal (about 1209600 to 2419200 seconds (2-4 weeks) is good). RFC1912 suggests 2-4 weeks. This is how long a secondary/slave nameserver will wait before considering its DNS data stale if it can't reach the primary nameserver.|
|PASS||SOA MINIMUM TTL value||OK. Your SOA MINIMUM TTL is: 86400 seconds. This seems normal (about 3,600 to 86400 seconds or 1-24 hours is good). RFC2308 suggests a value of 1-3 hours. This value used to determine the default (technically, minimum) TTL (time-to-live) for DNS entries, but now is used for negative caching.|
|MX||INFO||MX Record||Your 1 MX record is:|
10 mail.apex.com.tr. [TTL=86400] IP=188.8.131.52 [TTL=86400] [TR]
|PASS||Low port test||OK. Our local DNS server that uses a low port number can get your MX record. Some DNS servers are behind firewalls that block low port numbers. This does not guarantee that your DNS server does not block low ports (this specific lookup must be cached), but is a good indication that it does not.|
|PASS||Invalid characters||OK. All of your MX records appear to use valid hostnames, without any invalid characters.|
|PASS||All MX IPs public||OK. All of your MX records appear to use public IPs. If there were any private IPs, they would not be reachable, causing slight mail delays, extra resource usage, and possibly bounced mail.|
|PASS||MX records are not CNAMEs||OK. Looking up your MX record did not just return a CNAME. If an MX record query returns a CNAME, extra processing is required, and some mail servers may not be able to handle it.|
|PASS||MX A lookups have no CNAMEs||OK. There appear to be no CNAMEs returned for A records lookups from your MX records (CNAMEs are prohibited in MX records, according to RFC974, RFC1034 3.6.2, RFC1912 2.4, and RFC2181 10.3).|
|PASS||MX is host name, not IP||OK. All of your MX records are host names (as opposed to IP addresses, which are not allowed in MX records).|
|INFO||Multiple MX records||NOTE: You only have 1 MX record. If your primary mail server is down or unreachable, there is a chance that mail may have troubles reaching you. In the past, mailservers would usually re-try E-mail for up to 48 hours. But many now only re-try for a couple of hours. If your primary mailserver is very reliable (or can be fixed quickly if it goes down), having just one mailserver may be acceptable.|
|PASS||Differing MX-A records||OK. I did not detect differing IPs for your MX records (this would happen if your DNS servers return different IPs than the DNS servers that are authoritative for the hostname in your MX records).|
|PASS||Duplicate MX records||OK. You do not have any duplicate MX records (pointing to the same IP). Although technically valid, duplicate MX records can cause a lot of confusion, and waste resources.|
|PASS||Reverse DNS entries for MX records||OK. The IPs of all of your mail server(s) have reverse DNS (PTR) entries. RFC1912 2.1 says you should have a reverse DNS for all your mail servers. It is strongly urged that you have them, as many mailservers will not accept mail from mailservers with no reverse DNS entry. Note that this information is cached, so if you changed it recently, it will not be reflected here (see the 'Reverse DNS Tool' for the current data). The reverse DNS entries are:|
242.36.154.212.in-addr.arpa mail.apex.com.tr. [TTL=85872]
|PASS||Connect to mail servers||OK: I was able to connect to all of your mailservers.|
|PASS||Mail server host name in greeting||OK: All of your mailservers have their host name in the greeting:|
mail.apex.com.tr:<br /> 220 mail.apex.com.tr ESMTP IceWarp 9.4.2; Tue, 09 Feb 2010 15:56:49 +0200 <br />
|PASS||Acceptance of NULL <> sender||OK: All of your mailservers accept mail from "<>". You are required (RFC1123 5.2.9) to receive this type of mail (which includes reject/bounce messages and return receipts).|
|PASS||Acceptance of postmaster address||OK: All of your mailservers accept mail to email@example.com (as required by RFC822 6.3, RFC1123 5.2.7, and RFC2821 4.5.1).|
|PASS||Acceptance of abuse address||OK: All of your mailservers accept mail to firstname.lastname@example.org.|
|INFO||Acceptance of domain literals||WARNING: One or more of your mailservers does not accept mail in the domain literal format (email@example.com). Mailservers are technically required RFC1123 5.2.17 to accept mail to domain literals for any of its IP addresses. Not accepting domain literals can make it more difficult to test your mailserver, and can prevent you from receiving E-mail from people reporting problems with your mailserver. However, it is unlikely that any problems will occur if the domain literals are not accepted (mailservers at many common large domains have this problem).|
mail.apex.com.tr's firstname.lastname@example.org response:<br /> >>> RCPT TO:<email@example.com><br /> <<< 550 5.7.1 <firstname.lastname@example.org>... we do not relay <> <br />
|PASS||Open relay test||OK: All of your mailservers appear to be closed to relaying. This is not a thorough check, you can get a thorough one here.|
mail.apex.com.tr OK: 550 5.7.1 <Not.abuse.see.www.DNSreport.com.from.IP.184.108.40.206@DNSreport.com>... we do not relay <> <br />
|PASS||SPF record||You have an SPF record. This is very good, as it will help prevent spammers from abusing your domain. Your SPF record (I don't check to see if it is well designed!) is:|
"v=spf1 a mx ptr mx:mail.apex.com.tr ip4:220.127.116.11 ~all" [TTL=86400]
|WWW||FAIL||WWW Category||ERROR: I couldn't find any A records for www.apex.com.tr. But I did find a referral to ns1.netone.com.tr. (and maybe others). If you want a website at www.apex.com.tr, you will need an A record for www.apex.com.tr. If you do not want a website at www.apex.com.tr, you can ignore this error.|
Mesut hocam UCEPROTECL2, UCEPROTECL3 Level 2 ve Level3 de mail atmada sıkıntı olmuyor aslında ISP ile görüşmedim. SenderID programınada domain i kayıt ettirdim belkide biraz beklemek gerekecek başka olabilecek birşey de aklıma gelmiyor
Spf Recordu oluşturduktan sonra bu linkten Senderid programına domain kaydını yaptırdım. umarım.doğru yapmışımdır 🙂 daha sonra bununla ilgili bana aşağıdaki mail geldi burda bir hata varmıdır hocam birde ona bakarsanız sevinirim
Thank you for writing to the Sender ID Management Team. My name is Jaycee and I am responding to your request for the enrollment to the Sender ID program. I appreciate your interest in joining this program.
We have added your apex.com.tr domain to the Sender ID program. This may take up to 2 business days to be fully replicated in our systems. If you have any questions regarding this please let me know.
We reviewed your SPF record and note that it includes the "ptr" or reverse DNS lookup mechanism. The specification for SPF records (RFC 4408) discourages use of "ptr" for performance and reliability reasons. This is especially important for Windows Live Mail, Hotmail and other large ISPs as a result of the very high volume of mail we receive each day. We highly recommend you remove the "ptr" mechanism from your SPF record and, if necessary, replace it with other SPF mechanisms that do not require a reverse DNS lookup, such as "a", "mx", "ip4" and "include." This will help ensure that Sender ID validation is performed as accurately as possible, maximizing your email deliverability while protecting your domain from spoofing.
You do not need to notify us when you make this or any revision to your SPF record since we will automatically pull the current record from the DNS daily. Thanks again for your support in improving online trust and confidence.
Thanks again for your support in improving online trust and confidence.
Sender ID Management Team
SPF kaydınız var ancak onların önerdiği yapı bu şekilde; “v=spf1 mx ip4:x.x.x.x mx:smtp.yourdomain.com –all”
Sizin spf kaydında fazladan a ve ptr ibareleri mevcut. Özellikle ptr ı kaldırmanızı öneriyorlar, yukarıdaki satıra uygun spf yi yeniden oluşturup dns yayılması tamamlandıktan sonra sonucu bizimle de paylaşırsanız memnun oluruz.
Arkdaşlar Sorunu Ip bloğunu değiştirerek çözdüm.