Contents
The University's mail relay service is provided by
oxmail.ox.ac.uk . This system acts in one of two roles.
Oxmail aims to provide a reliable mail relay service. No messages are discarded or filtered.
There are three possible outcomes for each message presented.
It is important to note that oxmail does not filter mail on the basis of its content.
Messages arriving from outside Oxford are analysed by the Apache SpamAssassin Project. Only messages smaller than 512KB are processed by SpamAssassin. This is because the SpamAssassin scanning process is extremely resource-intensive and few junk mails are larger than this. The results of this are recorded in the message headers. Interpretation of this information is left for a downstream process. More details are available on mail scanning.
All messages are scanned by ClamAV. Any message found to contain malware is rejected after the DATA command.
4. Sending mail from inside Oxford
This section relates to sending mail from inside Oxford to oxmail in its smarthost role. This should be done by MTAs. MUAs should use the message submission service.
ICTC Regulations require hosts to be registered in the DNS. Hosts that are not are denied service.
Mail transactions must start with HELO.
Since all Oxford IPs must be registered in the .ox.ac.uk domain, the
HELO argument must end in .ox.ac.uk . This is effective
protection against compromised hosts running ratware which forges the
HELO.
Although there is no restriction on the sender address, if it isn't valid then you won't know about delivery errors and may fail the recipients' sender address checks.
The maximum number of recipients allowed for one message is 500. Excess recipients are temporarily rejected.
The maximum message size is 100 Mbytes.
5. Sending mail from outside Oxford
This section relates to sending mail from outside Oxford to oxmail in its mail exchanger role.
Mail to postmaster@ox.ac.uk and
abuse@ox.ac.uk bypasses most checks in order to allow
queries about problems.
| Name | Zone | Web |
| MAPS RBL+ | rbl-plus.mail-abuse.ja.net | http://www.mail-abuse.com/ |
| PSBL | psbl.surriel.com | http://psbl.org/ |
| Spamcop | bl.spamcop.net | http://spamcop.net/ |
| Spamhaus ZEN | zen.dnsbl.ja.net | http://www.spamhaus.org/zen/ |
Mail coming from a server listed in one of these DNSBLs won't be rejected. It will attract a weighting in the SpamAssassin scoring and also experience small delays in response to some SMTP commands.
Mail transactions must start with HELO.
The HELO argument must be syntactically correct. See RFC1123 section 5.2.5 and RFC5321 section 4.1.1.1 for guidance on choosing your HELO argument. A common mistake is to use the underscore character; this is not allowed.
The envelope sender must be valid and accept error messages (aka
bounces). A common mistake is to send mail from a script without
thinking about the sender address e.g.
apache@foo.example.com . If there's neither an MX
record for nor an MTA on foo.example.com then the sender address will
be invalid.
No recipient local-part may contain any of the following characters
@ ! % / | "
The maximum number of recipients allowed for one message is 500. Excess recipients are temporarily rejected.
The maximum message size is 100 Mbytes.
6. Explanations of our error messages
Here is a list of error messages given by the University mail relay service.
When the term HELO is used it should also be taken to
include EHLO.
Words beginning with $ are variables which are
substituted with applicable values in each message.
6.1. DAT-CLM: Message contains malware ($malware_name)
Message contains malware. The name Oversized.Foo means that an archive of format Foo had too high a compression ratio (currently limited to 300:1).
The sending MTA is forging the HELO command by using another host's identity.
The sending MTA must use its own identity.
6.3. HLO-INT: Oxford host claiming non-Oxford identity
An Oxford host is claiming an identity with the HELO command that
is not in the ox.ac.uk domain. All Oxford IP
addresses must be registered in ox.ac.uk .
Use a HELO argument in the ox.ac.uk domain.
If you are unable to configure your mail server correctly then you
should smarthost to smtp.ox.ac.uk instead which does
not impose this condition.
6.4. HLO-MIS: No HELO before mail transaction
The mail transaction was started without first using the HELO command. See RFC5321 section 4.1.4.
Use the HELO command before starting the mail transaction.
6.5. HLO-SYN: HELO is syntactically invalid
The HELO command does not meet basic syntax standards. Read RFC1123 section 5.2.5 and RFC5321 section 4.1.1.1 for the rules of choosing the HELO argument.
Use a valid HELO. If your mail server is called
foo.example.com then issue the command HELO
foo.example.com .
6.6. HLO-UND: HELO contains invalid underscore character
The HELO argument contains an underscore. The underscore character
(_) is not a member of the SMTP character set. A
common mistake is for MS Windows administrators to use the host's
NetBIOS name containing an underscore.
Use a HELO argument without an underscore.
6.7. HST-BAN: Sending host blacklisted
The sending host is blacklisted.
Contact us for details.
6.8. HST-PTR: Oxford host has no PTR record
The Oxford sending host has no PTR record in the DNS. This is a contravention of ICTC Regulations.
Contact your local IT staff and get your host registered.
6.9. RLY-OPN: Open relay not permitted
You are attempting to use our MTA as an open relay.
Use the MTA appropriate for your IP address or the recipient domain.
6.10. RPT-ALU: Recipient unknown
The recipient is unknown at Oxford.
Check that you are using the correct address. Search for alumni email addresses on the Oxford Alumni Email website (members only).
6.11. RPT-BAN: Recipient blacklisted
Contact us for details.
6.12. RPT-CAL: Callout verification failed
The downstream MTA will not accept the recipient address. Any error message given by that MTA is included in our error message.
Check with the recipient as to his/her correct address.
6.13. RPT-CHR: Recipient local-part contains a banned character
The recipient local-part contains one of of the following banned
characters @ ! % / | "
Use a recipient local-part without a banned character.
6.14. RPT-OBS: Recipient domain is obsolete
The recipient domain is no longer in use.
Use the suggested new address or our contact search pages
6.15. RPT-UNK: Recipient unknown.
The recipient is unknown at Oxford.
Check that you are using the correct address. Search for email addresses on our contact search pages.
6.16. SND-BAN: Sender address blacklisted
The sender address is blacklisted.
Contact us for details.
6.17. SND-VFY: Sender domain verification failed
The sender domain is not correctly registered in the DNS.
Make sure that the sender domain is correctly registered in the DNS and that the authoritative DNS servers are accessible.
Some mail relay statistics are available.