On lördag, maj 24, 2003, at 12:25 Europe/Stockholm, Jim Reid wrote:
W domain of the hostmaster email is not an openrelay
Ed> That's beyond DNS. A real concern, but if I just want to test Ed> DNS, then I don't want to do those tests.
I agree. Checking and suppressing open relays is a Noble Thing. But it's orthogonal to whether some domain has been set up correctly on decent DNS infrastructure.
What I do is to check that the email address "works": - Look up all MX for the domain in SOA email (or all A for SOA email) - Look up all A records for each MX - Look up all IP addresses for each A - Try to connect to port 25 for every A (every A must respond, but only one IP address per A) - Try EHLO and email address -> Warning if this doesn't work, fall back to HELO - Send empty envelope from address -> Warning if this doesn't wor, fall back to use some email address (the one in the settings) - Send rcpt to: email address in SOA -> ERROR if this is not resulting in a 2xx response I personally find this being part of "correct DNS configuration", i.e. I only see "ERRORS" being needed to be fixed. paf