Re: Mail Server
> My mail server is blocked again and again by
> various anti-spam black lists and It's driving me mad.
well... in most cases, DNSBLs (anti spam lists) may show
you WHY your server (your IP) is blocked; and that may
give you some hints; sure, knowing your server's IP would
be of help, since I and others here may perform some checks
and could be able to better help you
> - I ensured that relaying on my server is allowed
> only for domain users.
> - I blocked smtp outgoing connections on my firewall
> except those established by my proper mail server (IP).
ok... start here
http://www.abuse.net/relay.html and check that
your SMTP isn't really allowing others to relay messages; if
the server passes all the tests then the relay isn't an issue and
you'll have to look elsewhere, so here's a checklist
Ensure port 25/tcp is blocked at the firewall and that only your
SMTP server is allowed to contact external hosts through it;
to check that, login at a regular workstation on your network
and then try using telnet to connect to an external SMTP host
for example run "telnet mx1.hotmail.com 25", if you'll see an
error message then .. all ok, if otherwise you'll see the hotmail
SMTP server banner, then you'll have to revise your firewall
settings
Next, you'll need to ensure that your DNS setup is correct; let's
say your mailserver is "mail.domain.com", now, set aside the
DNS MX entry (which should be there <g>), you'll also need to
ensure that the both the forward and reverse DNS resolution
(and I mean *public* DNS resolution) are coherent with your
MX name and with the name your mailserver uses to present
itself to the world; I mean
1) a "telnet mail.domain.com 25" should result in a message
carrying "mail.domain.com" and NOT something like "mail"
or "mail.local" or the like; in case, check the settings of your
SMTP server and correct that
2) assuming your mailserver public IP is 1.2.3.4, issuing an
"nslookup -type=PTR 4.3.2.1.in-addr.arpa." should result
in a "mail.domain.com" answer otherwise you'll have to
manage to correct your public reverse DNS entry
assuming all the above is ok or has been fixed, you'll also
have to look at your network setup; publishing a mail server
on the SAME IP which all the LAN users use to reach the
internet is a BAD idea, since any "nasty" exiting from such
an IP would cause that IP (which is the SAME as the one
used by your mail server) to get into a blacklist, so, better
publishing the server on a different IP, if that isn't possible
then you'll have to setup the mailserver to use an external
SMTP smarthost to send e-mails; in such a case, it would
be a good idea to create a so called "SPF record" into
your DNS; such a record is basically a TXT DNS record
carrying some "special content"; in general, using something
like "v=spf1 a mx -all" should do; but, in case you're using
a smarthost (as for above) you may want to include the IP
and/or the name of the smarthost into your SPF record,
for further infos see
http://www.openspf.org/
HTH