Re: [dns-wg] lameness and unreachability

[Patrik Fältström <]

On lördag, maj 24, 2003, at 12:25 Europe/Stockholm, Jim Reid wrote:

> > > W domain of the hostmaster email is not an openrelay
>     Ed> That's beyond DNS.  A real concern, but if I just want to test
>     Ed> DNS, then I don't want to do those tests.
>
> I agree. Checking and suppressing open relays is a Noble Thing. But
> it's orthogonal to whether some domain has been set up correctly on
> decent  DNS infrastructure.
What I do is to check that the email address "works":

- Look up all MX for the domain in SOA email (or all A for SOA email)
- Look up all A records for each MX
- Look up all IP addresses for each A
- Try to connect to port 25 for every A (every A must respond, but only
  one IP address per A)
- Try EHLO and email address -> Warning if this doesn't work, fall
  back to HELO
- Send empty envelope from address -> Warning if this doesn't wor,
  fall back to use some email address (the one in the settings)
- Send rcpt to: email address in SOA -> ERROR if this is not resulting
  in a 2xx response

I personally find this being part of "correct DNS configuration", i.e. 
I only see "ERRORS" being needed to be fixed.

    paf