Mailing List CGatePro@mail.stalker.com Message #106022
From: Bill Cole <cgp-2015@billmail.scconsult.com>
Subject: Re: cox.net being rejected redux
Date: Sat, 12 Mar 2016 15:30:54 -0500
To: CommuniGate Pro Discussions <CGatePro@mail.stalker.com>
X-Mailer: MailMate (1.9.4r5232)
On 9 Mar 2016, at 13:42, lgrosenthal@2rosenthals.com wrote:

Hi, guys...

James, have a look at the domain report from mxtoolbox.com.

Please don't. It just encourages them.

I see a few issues, including a mismatched RDNS PTR / SMTP banner.

That is NEVER a problem. It's an invented issue by the scammers at mxtoolbox.com.

The source of your trouble is likely there, in the DNS records and some bit of CGP configuration.

Entirely unlikely. A MUA connecting to a MTA for submission doesn't normally care about obscure DNS & meaningless RFC adherence issues and Apple Mail definitely doesn't.

A MUA MIGHT care about a MTA requiring the use of the non-standard port 465 for "wrapper-mode SMTPS" using a self-signed cert with a name mismatch relevant to the name used for the connection, since it is reasonable to be a bit pickier about cert  issues when using that mode. However, that sort of failure would obviate the whole EHLO step: if a client doesn't trust that the server is who it expects to be talking to, it should be terminating the session without talking on it. I would not expect Apple Mail to be this picky in this way without giving the user a chance to accept a doubly-invalid (untrusted signer, wrong hostname) certificate, but I don't have any system using the port 465 botch so I can't readily test for that oddity.

If you want to fully eliminate potentially obscure corner-case issues with certs, just get free ones that will be widely trusted. StartCom has been offering them for years and they even allow multiple subject alternate names now (YAY!)  LetsEncrypt is up and running in late beta (i.e. they've already had the BIG oopsies caught...) if you would rather not be subjected to yearly sales pitches while renewing your certs.

I've been watching for signs of similar failures over here, particularly as we're both running 5.4.10 (or close), but have not seen anything. Sorry for the slow follow-up.

From the 1st message in this thread:

On 8 Mar 2016, at 15:06, James Moe wrote:

hello,
  cgate-pro v6.1.9
  linux 4.1.15-8-default x86_64
  sending MUA: Apple mail (fairly recent version)
Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster