Results 1 to 10 of 10

Thread: rDNS and PTR Record

  1. #1
    bhwong is offline Elite Member
    Join Date
    Feb 2009
    Location
    Singapore
    Posts
    489
    Rep Power
    6

    Default rDNS and PTR Record

    I have a customer who transfer their email hosting to us but retain their web hosting. This mean their domain, www and mx record will have difference IP addresses. In this case, should I add their PTR record as mail.xxx.com instead of xxx.com? Will rDNS fail?

  2. #2
    Hivos's Avatar
    Hivos is offline Advanced Member
    Join Date
    Aug 2009
    Location
    The Hague -- The Netherlands
    Posts
    201
    Rep Power
    5

    Default

    It is important that the ip-address has a PTR record, but it doesn't matter which one. It doesn't matter if it's mail.yourdomain.com or www.theirdomain.net (well, as long as it's a FQDN).

  3. #3
    uxbod's Avatar
    uxbod is offline Moderator
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,016
    Rep Power
    24

    Default

    the IP address associated with your MTA must have a rDNS entry that resolves exactly. With respect to your client just point their MX record at your MTA.

  4. #4
    bhwong is offline Elite Member
    Join Date
    Feb 2009
    Location
    Singapore
    Posts
    489
    Rep Power
    6

    Default

    Since my MTA host multiple domains on a single IP address, a rDNS on my IP address will get resolve to my domain instead of all my customers domains and fail the rDNS test for my customer PTR records.

    Anyway, I have proceed to add PTR records of their MX records to our Zimbra IP address. Will monitor if they still have rejected emails...

  5. #5
    Hivos's Avatar
    Hivos is offline Advanced Member
    Join Date
    Aug 2009
    Location
    The Hague -- The Netherlands
    Posts
    201
    Rep Power
    5

    Default

    Quote Originally Posted by bhwong View Post
    ... a rDNS on my IP address will get resolve to my domain instead of all my customers domains and fail the rDNS test for my customer PTR records...
    That's no problem. An rDNS check is only meant to check IF there's a PTR record present, it doesn't validate this PTR record against DNS, since that would make it impossible to host multiple emaildomains on 1 ip-address.

    Background: most open spam-relays (hacked home computers) do not have a PTR record. A rDNS check is therefore a "quick & easy" way of spam-filtering.

  6. #6
    LMStone's Avatar
    LMStone is offline Moderator
    Join Date
    Sep 2006
    Location
    477 Congress Street | Portland, ME 04101
    Posts
    1,366
    Rep Power
    10

    Default

    It's most important that there be a PTR record in the first instance. Since most ISP allocated home IP addresses don't have PTR records, many email admins reject email from mail servers whose IP doesn't have a PTR record.

    It's best if the PTR record matches exactly the A record, since some email admins will reject inbound email from servers with an A/PTR mismatch.

    And it's ideal
    if the server's HELO, A and PTR records all have the same fqdn!

    Hope that helps,
    Mark

  7. #7
    Bill Brock is offline Outstanding Member
    Join Date
    May 2007
    Location
    Oklahoma
    Posts
    703
    Rep Power
    8

    Default DNS checking.

    My zimbra servers are configured to do DNS checking. As long as their is a ptr record of some kind it will accept. I agree that the ideal solution is the ptr record should match the A record.

    However, if the HELO response doesn't match the A record then the mail is rejected. It surprises me how many e-mail servers fail this test. Most mail admins don't bother to read the RFC's.

  8. #8
    LMStone's Avatar
    LMStone is offline Moderator
    Join Date
    Sep 2006
    Location
    477 Congress Street | Portland, ME 04101
    Posts
    1,366
    Rep Power
    10

    Default

    Quote Originally Posted by Bill Brock View Post
    My zimbra servers are configured to do DNS checking. As long as their is a ptr record of some kind it will accept. I agree that the ideal solution is the ptr record should match the A record.

    However, if the HELO response doesn't match the A record then the mail is rejected. It surprises me how many e-mail servers fail this test. Most mail admins don't bother to read the RFC's.
    Hi Bill,

    I just had this same discussion on another thread, where I try to explain why so many email servers fail the HELO/A record match test--and why we no longer reject mail based on this test.

    That thread is here.

    All the best,
    Mark

  9. #9
    Bill Brock is offline Outstanding Member
    Join Date
    May 2007
    Location
    Oklahoma
    Posts
    703
    Rep Power
    8

    Default I usually try...

    try to contact the mail admin if the rejected e-mails are important. Most of the time they are receptive. I'll even make reference to MS's Exchange documentation explaining the issue and how to configure Exchange. Some of the responses get comical as to why they don't have it configured properly. This isn't the place to go into detail but suffice it to say some admins are sorely lacking.

    Since this check blocks about 80% of the spam I keep it in place. I have on occasion setup a bogus zone file on my DNS server for temporary communications to provide the admin with the RFC's and link to documents on how to correct their server. Most admins will fix their server after reading the RFC's. I've even gotten phone calls from company owners asking why I'm rejecting their mail. After I quote RFC's and their admins have always changed their HELO response.

    I am a firm believer that the Internet would be a better place if the rules were followed. So I leave the checks in place. Fortunately, my company's owner believes that as well and he has never asked me to relax the settings. He'll request a fax from a company that won't comply with the RFC's before he'll ask me to change it. Those RFC's are in place for a reason.

  10. #10
    LMStone's Avatar
    LMStone is offline Moderator
    Join Date
    Sep 2006
    Location
    477 Congress Street | Portland, ME 04101
    Posts
    1,366
    Rep Power
    10

    Default

    Bill,

    Your boss is clearly more tolerant of false positives than our clients are!

    We do front-end conservative RBL checking to eliminate 80% - 90% of the mail flow from even hitting our Zimbra farm. We then run a bunch of other checks that catch (we believe) all of the garbage that the mismatched HELO/A record test would catch.

    We do require a HELO of some sort FWIW, and a PTR record of some sort too, but since the mail flow actually hitting our Zimbra farm is 10% or so of what comes knocking on the front door, we have some spare cycles available to do more intensive spam checking on the servers themselves -- and we have had only two known false positives since we first deployed Zimbra back on version 4.0.3.

    Hope that helps,
    Mark

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. [SOLVED] PRT, RDNS, Deferred, And more...
    By physikal in forum Administrators
    Replies: 17
    Last Post: 06-09-2009, 03:07 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •