reverse dns fails with multiple domains
in [Postfix]
|
From: Stan Hoeppner on 6 Mar 2010 16:41 Greg A. Woods put forth on 3/6/2010 2:58 PM: > At Sat, 06 Mar 2010 14:42:13 -0600, Stan Hoeppner <stan(a)hardwarefreak.com> wrote: > Subject: Re: reverse dns fails with multiple domains >> >> RFC does not dictate that your forward and reverse dns names match. > > Common sense and common decency do though -- since if the forward and > reverse names are not all orthogonal then the DNS lies, either by > omission, or outright. Apparently you've missed past discussions here showing some examples of why this can be neither practical or desirable in some situations. > For every hostname pointing at an IP address, there should be a > corresponding PTR for that address pointing back at the hostname. When you say hostname, are you talking A record? Are you talking all IPs in general, or only MX hosts, or SMTP sending hosts? Does a web server ever need a PTR? Do any web browsers ever look up a host via PTR? No. So why should a web server have a PTR? > There's no real excuse for mis-matched forward and reverse DNS. If > you're going to show your reverse DNS to the world, then do it right. A web server with a single IP address hosting 378 vitural domains. Should it have 379 PTRs? One for the host itself and one for each virtual domain? Of course not. A mail server with a single IP address hosting 378 mail domains? Should it have 379 PTRs? One for the host itself and one for each virtual MX domain? Of course not. In this case, the DNS infrastructure isn't smart enough to return matching records even though they do exist, so why bother? You're living in a "perfect" world where everything has a 1:1 relationship in DNS. In the real world, this isn't the case, and probably never will be. I argued your position for years until I was blue in the face. You know what it gained me? A blue face. Nothing else. BTW, please keep list correspondence on list. I don't see any reason why your reply needed to be off list. -- Stan
From: Stan Hoeppner on 6 Mar 2010 16:47 mouss put forth on 3/6/2010 3:01 PM: > so OP not only has a "generic" name, but it doesn't resolve back to the > IP. If he can get his ISP to fix his reverse (preferably using a custom > reverse), then maybe things will get better. I assume this is difficult if not impossible, given it appears residential, so I recommended fixing what he could, the HELO name. And yes, many sites will block that PTR string at client name lookup as well as HELO lookup, but I think the probability is higher with HELO. -- Stan
From: "John WInther" on 6 Mar 2010 17:18 My primary concern is that some mailservers deny sending mail to my domains if the reverse dns lookup fails. If I set myhostname to one of my public domains, the reply string from HELO is ok, but the reverse dns lookup fails, If not possible to satisfy both issues what is best configuration?. ----- Original Message ----- From: "mouss" <mouss(a)ml.netoyen.net> To: <postfix-users(a)postfix.org> Sent: Saturday, March 06, 2010 10:01 PM Subject: Re: reverse dns fails with multiple domains > Stan Hoeppner a �crit : >> John WInther put forth on 3/6/2010 12:57 PM: >>> Thanks for info, I am aware of the manual and I have previus tryed to >>> change the myhostname to soapnut.dk, I still got the reverse dns error. >>> I gave me an idear to reverse resolve the ip address registred in mx, >>> and the reply from that test was the dns name of my internet access. >>> 0xbcb75b12.cpe.ge-1-1-0-1112.customer.tele.dk, when i put that in as >>> myhostname the reverse dns lookup reply with success. >> >> RFC does not dictate that your forward and reverse dns names match. It >> does >> dictate that a domain name must be valid. Anything ending in .local is >> not >> valid. >> >> I'd suggest against using >> >> 0xbcb75b12.cpe.ge-1-1-0-1112.customer.tele.dk >> >> as your Postfix HELO name. Use a hostname based on one of your mail >> domains >> instead. Some sites will block SMTP servers that HELO with such a >> generic >> hostname as that above. > > true. better use soapnut.dk in myhostname. Although I doubt this will > help a lot: > > - "some" sites will block if the PTR is generic... too many zombies out > there... > > - OP's reverse DNS is borked: > $ host 188.183.91.18 > 18.91.183.188.in-addr.arpa domain name pointer > 0xbcb75b12.cpe.ge-1-1-0-1112.hcnqu2.customer.tele.dk. > $ host 0xbcb75b12.cpe.ge-1-1-0-1112.hcnqu2.customer.tele.dk. > Host 0xbcb75b12.cpe.ge-1-1-0-1112.hcnqu2.customer.tele.dk. not found: > 3(NXDOMAIN) > > so OP not only has a "generic" name, but it doesn't resolve back to the > IP. If he can get his ISP to fix his reverse (preferably using a custom > reverse), then maybe things will get better. > > >
From: Stan Hoeppner on 6 Mar 2010 17:30 John WInther put forth on 3/6/2010 4:18 PM: > My primary concern is that some mailservers deny sending mail to my domains > if the reverse dns lookup fails. If I set myhostname to one of my public > domains, the reply string from HELO is ok, but the reverse dns lookup > fails, > If not possible to satisfy both issues what is best configuration?. I still don't understand what reverse dns failure you're talking about. Please paste the failure info page or link from mx toolbox so we understand exactly what you're talking about. -- Stan
From: /dev/rob0 on 6 Mar 2010 17:58 Top-posting fixed. Please don't top-post here, thanks. > ----- Original Message ----- From: "mouss" <mouss(a)ml.netoyen.net> >> so OP not only has a "generic" name, but it doesn't resolve back >> to the IP. If he can get his ISP to fix his reverse (preferably >> using a custom reverse), then maybe things will get better. On Sat, Mar 06, 2010 at 11:18:32PM +0100, John WInther wrote: > My primary concern is that some mailservers deny sending mail to my > domains if the reverse dns lookup fails. If I set myhostname to one > of my public domains, the reply string from HELO is ok, but the > reverse dns lookup fails, If not possible to satisfy both issues > what is best configuration?. Of course it's possible, just as Mouss said. Have the ISP set your custom reverse name (PTR) for your IP address. Use that name, whatever it was that you decide on, as $myhostname in Postfix. If the ISP can't/won't do that, you can't run a serious MTA there. Use a relayhost or shop around for other options. Hobbyists might find a VPS hosting service like Linode.com to be more affordable than business-class Internet service. -- Offlist mail to this address is discarded unless "/dev/rob0" or "not-spam" is in Subject: header
First
|
Prev
|
Next
|
Last
Pages: 1 2 3 4 Prev: allowing a fix ip dsl user access to smtp ? Next: Transport table gone ? |