As far as incoming mail being rejected because the server can't do an actual callout to the responsible sender MX, yes you do lose some effectiveness if you have to disable 'Use callouts'. But, you can still keep '** Verify the existence of email senders.' enabled, which will at least verify the existence of a valid MX for the sender domain, which in and of itself does help a lot.
I have found very few places where mail would be rejected when I had 'Use callouts' enabled - funny thing is, one of those was the Cpanel ticket system - because the ticket came from
[email protected] and that host 'something.cpanel.net' (i forget what it was) didn't exist or didn't accept callout connections. It was at that point that I decided I would just disable 'Use callouts'.
As for having problems sending to Hotmail / Yahoo / AOL, this has been discussed ad nauseum on these forums. Some of my recommendations are:
1. Make sure all domains sending mail via your server have an appropriate SPF record (
http://spf.pobox.com).
At minimum on a Cpanel machine, I usually enter in the following:
"v=spf1 a mx ?all"
But in my situation, many of our customers have a dedicated IP for their site and their MX and A records point to that IP, and that IP address is NOT the main IP address of the server. And by default, on Cpanel machines, the main IP address of the server is the one which sends out mail. So if the main IP off the server is 10.30.3.10, then I have the following as a minimal record for all domains on that machine:
"v=spf1 a mx ip4:10.30.3.10 ?all"
2. Make sure the IP address that your server sends mail from (which would be the main IP address), has (a) valid reverse DNS and (b) that reverse DNS is reflective of something descriptive within your domain, rather than some generic record that your upstream IP provider has put in place.
For instance, if your IP is 209.x.30.3, and your upstream IP provider has no entry for it in rDNS (or if they have a really generic entry like server01.upstreamprovider.com and your machine hostname isn't server01.upstreamprovider.com), then you want to contact them and have them change the rDNS record so that it reflects the actual main hostname of your server.
In the end, you should be able to do:
'nslookup main.hostname.of.server' and have it return the main IP address of your server
Then you should be able to do:
'nslookup xxx.xxx.xxx.xxx (where xxx.xxx.xxx.xxx is the main IP address of your server) and it should return 'main.hostname.of.server'
3. Make sure your main server IP address is not on any of the popular DNSBLs - plug it in at
http://www.openrbl.org.
Even if it is not listed here, it doesn't mean that it wouldn't be blacklisted or negatively scored by AOL or Yahoo or Hotmail or RR.COM because of past traffic from that IP address before your server was using it. But it's a good start to make sure it isn't on any widely used global DNSBLs.
Even if you do all of the above, you and your users may find that their email ends up in the Spam folders of Hotmail, Yahoo, AOL, etc. even with those measures in place. Installing domainkeys _may_ be of additional benefit - but I cannot instruct you on how to do that.
4. Make sure your users aren't forwarding all of their spam from their accounts hosted on your server to an @aol.com or @yahoo.com or @hotmail.com email address. That will surely cause the future emails from your server's IP address to be thought of negatively by those entities.
Stopping your customers from forwarding is difficult. If you/your customers cannot guarantee that the mail system for the domain that mail is forwarded to actually accepts all mail (spam and not spam), then you'll end up finding a lot of incoming emails to your customer account addresses being forwarded to aol / hotmail / yahoo, then rejected by those entities, and then sit back in your mail queue trying to be delivered back to the sender.
If your customers MUST or INSIST on forwarding to AOL / Yahoo / Hotmail, you should consider INSISTING that they (a) activate spamassassin and (b) set up message rules to delete any messages that YOUR server believes are spam before it is forwarded to the other email addresses.
NOTE: This is not possible if all they do is set up a forwarder. In order to filter out the spam before it is forwarded, you have to create a POP3 account for that email address AND a forwarder for that address. the POP3 account then has to have filtering on it to delete any emails that the server thinks are spam (which is why spamassassin must be enabled on that domain). Any mail that doesn't get deleted by spamassassin will be forwarded to the respective aol/hotmail/yahoo address. Of course, the downside of this is that a copy of that same mail will go into the local POP3 account of that user on your system as well.
Anyway, hope my suggestions will be of some assist.
Mike