DynDNS's MailHop Relay

[tmetro-blu-5a1Jt6qxUNc at public.gmane.org (Tom Metro)]

I read through their FAQ and other documents and found a few answers...

Tom Metro wrote:
>> * Virus elimination with ClamAV
> 
> I've never found virus scanning of email particularly useful. Can this 
> be disabled?

They have a screen shot of the UI showing a checkbox to enable virus 
scanning, so yes, it can be disabled.


>> * User lists block mail to non-existent addresses
> 
> How is this list of valid users maintained?

It looks like they accomplish this in one of two ways:

1. You don't set an explicit list. Instead, the MailHop Relay queries 
your server in real-time as a message is being received and checks to 
see if the recipient address is valid. If not, the message is rejected 
at the RCPT TO stage. This depends on your MTA being set properly to 
return a 5xx error code for invalid users, rather than a 4xx temporary 
failure. And if your server is not reachable, MailHop Relay queues all 
messages.

2. You set an explicit list, which the documentation depicts as a simple 
text box on a web form. It also explains that it makes no assumptions 
about address extensions, so you have to list all address and extension 
combinations individually.

One big down-side to option #2 is that they say it can take up to 15 
minutes for the change to propagate. So if you're filling out some web 
form and you want to create a new address extension for use with that 
vendor, before you hit the submit button you have to create the 
extension locally, login to DynDNS and update the list, then wait 15 
minutes.

Seems like option #1 is more flexible and faster, providing your server 
is available most of the time. You will, however, incur a lot of SMTP 
protocol traffic, as the first stage of MailHop's filtering chain is to 
validate the recipient address.


> Do they provide access to the discarded messages so you can check for 
> false positives?

I found no answer to this, except that as far as the SpamAssassin 
filtering was concerned, you could choose to adjust the discard 
threshold to pass through all messages, and locally use the SpamAssassin 
tagging to trigger a filter that puts the messages in a spam folder.

Messages rejected at other stages of the filter would be unavailable for 
examination. If they provide logs, that may be a reasonable approach.


> Is there a mechanism to provide feedback to the statistical scanner when 
> it misclassifies spam or ham?
> 
> Can you obtain the logs for your domain so you can spot problems and 
> generate statistics?
> 
> The page also says they "filter spam through heuristics," but they don't 
> elaborate on that.

These questions remain unanswered by the documentation.

Additionally, they mentioned that if your server is down, they queue 
messages and tag them with the server name and port number used to 
connect to your server. Later when delivery is attempted from the queue, 
those tags are used to determine where to direct the message. 
Consequently, if your server DNS name changes or port changes, those 
queued messages will become stranded.

While I can see how this architectural shortcut might have came about to 
optimize the efficiency of their system, and for most local server 
disruptions this poses no problem, it would be a significant problem for 
someone who is having a "bad breakup" with their ISP and needs to work 
around blocked ports or change domains (if they foolishly used an ISP 
provided subdomain for their mail server).

Their FAQ also cautions users of dynamic IP addresses that this service 
will happily forward mail to any computer answering on the configured 
port at the cached (per DNS rules) IP address. They recommend using an 
alternate port and/or their "Offline URL" functionality (I gather a 
feature of their Dynamic DNS service that lets the user explicitly mark 
a host as down; dhis.org can accomplish the same thing automatically).

What's disappointing about that note is that they don't offer secure 
SMTP as an alternative solution for that problem.


David Hummel wrote:
> To date I've only used the MailHop Outbound service (which works as
> exactly as advertised), so sorry I can't elaborate on your questions
> about this service.  I'd also want these answers before investing in
> it ...

I was hoping maybe Cole Tuininga could dig up some answers for us, but 
the signature in his last BLU posting suggests he no longer works for 
DynDNS.

  -Tom

-- 
Tom Metro
Venture Logic, Newton, MA, USA
"Enterprise solutions through open source."
Professional Profile: http://tmetro.venturelogic.com/