reverse dns fails with multiple domains
in [Postfix]
|
From: "John WInther" on 6 Mar 2010 18:13 running smtp test on soapnut.dk smtp:188.183.91.18 smtp 220 0xbcb75b12.cpe.ge-1-1-0-1112.hcnqu2.customer.tele.dk ESMTP Postfix Not an open relay. 0 seconds - Good on Connection time 0.702 seconds - Good on Transaction time OK - 188.183.91.18 resolves to 0xbcb75b12.cpe.ge-1-1-0-1112.hcnqu2.customer.tele.dk OK - Reverse DNS matches SMTP Banner when I change nyhostname in postfix to soapnut.dk : 220 soapnut.dk ESMTP Postfix Not an open relay. 0 seconds - Good on Connection time 0.733 seconds - Good on Transaction time OK - 188.183.91.18 resolves to Warning - Reverse DNS does not match SMTP Banner Do I set myhostname in postfix to 0xbcb75b12.cpe.ge-1-1-0-1112.hcnqu2.customer.tele.dk or to soapnut.dk ? ----- Original Message ----- From: "John WInther" <j-winthe(a)post4.tele.dk> To: <postfix-users(a)postfix.org> Sent: Saturday, March 06, 2010 11:18 PM Subject: Re: reverse dns fails with multiple domains > My primary concern is that some mailservers deny sending mail to my > domains > if the reverse dns lookup fails. If I set myhostname to one of my public > domains, the reply string from HELO is ok, but the reverse dns lookup > fails, > If not possible to satisfy both issues what is best configuration?. > > ----- Original Message ----- > From: "mouss" <mouss(a)ml.netoyen.net> > To: <postfix-users(a)postfix.org> > Sent: Saturday, March 06, 2010 10:01 PM > Subject: Re: reverse dns fails with multiple domains > > >> Stan Hoeppner a �crit : >>> John WInther put forth on 3/6/2010 12:57 PM: >>>> Thanks for info, I am aware of the manual and I have previus tryed to >>>> change the myhostname to soapnut.dk, I still got the reverse dns error. >>>> I gave me an idear to reverse resolve the ip address registred in mx, >>>> and the reply from that test was the dns name of my internet access. >>>> 0xbcb75b12.cpe.ge-1-1-0-1112.customer.tele.dk, when i put that in as >>>> myhostname the reverse dns lookup reply with success. >>> >>> RFC does not dictate that your forward and reverse dns names match. It >>> does >>> dictate that a domain name must be valid. Anything ending in .local is >>> not >>> valid. >>> >>> I'd suggest against using >>> >>> 0xbcb75b12.cpe.ge-1-1-0-1112.customer.tele.dk >>> >>> as your Postfix HELO name. Use a hostname based on one of your mail >>> domains >>> instead. Some sites will block SMTP servers that HELO with such a >>> generic >>> hostname as that above. >> >> true. better use soapnut.dk in myhostname. Although I doubt this will >> help a lot: >> >> - "some" sites will block if the PTR is generic... too many zombies out >> there... >> >> - OP's reverse DNS is borked: >> $ host 188.183.91.18 >> 18.91.183.188.in-addr.arpa domain name pointer >> 0xbcb75b12.cpe.ge-1-1-0-1112.hcnqu2.customer.tele.dk. >> $ host 0xbcb75b12.cpe.ge-1-1-0-1112.hcnqu2.customer.tele.dk. >> Host 0xbcb75b12.cpe.ge-1-1-0-1112.hcnqu2.customer.tele.dk. not found: >> 3(NXDOMAIN) >> >> so OP not only has a "generic" name, but it doesn't resolve back to the >> IP. If he can get his ISP to fix his reverse (preferably using a custom >> reverse), then maybe things will get better. >> >> >> >
From: "Daniel V. Reinhardt" on 6 Mar 2010 18:39 ----- Original Message ---- > From: John WInther <j-winthe(a)post4.tele.dk> > To: postfix-users(a)postfix.org > Sent: Sat, March 6, 2010 11:13:17 PM > Subject: Re: reverse dns fails with multiple domains > > running smtp test on soapnut.dk > > > smtp:188.183.91.18 smtp > > 220 0xbcb75b12.cpe.ge-1-1-0-1112.hcnqu2.customer.tele.dk ESMTP Postfix > > > Not an open relay. > 0 seconds - Good on Connection time > 0.702 seconds - Good on Transaction time > OK - 188.183.91.18 resolves to > 0xbcb75b12.cpe.ge-1-1-0-1112.hcnqu2.customer.tele.dk > OK - Reverse DNS matches SMTP Banner > > > when I change nyhostname in postfix to soapnut.dk : > > 220 soapnut.dk ESMTP Postfix > > > Not an open relay. > 0 seconds - Good on Connection time > 0.733 seconds - Good on Transaction time > OK - 188.183.91.18 resolves to > Warning - Reverse DNS does not match SMTP Banner > > Do I set myhostname in postfix to > 0xbcb75b12.cpe.ge-1-1-0-1112.hcnqu2.customer.tele.dk or to soapnut.dk ? > Here is mine: Not an open relay. 0 seconds - Good on Connection time 0.234 seconds - Good on Transaction time OK - 173.73.4.107 resolves to Warning - Reverse DNS does not match SMTP Banner I have no issues with sending email to anyone. Daniel Reinhardt Website: www.cryptodan.com Email: cryptodan(a)yahoo.com
From: mouss on 6 Mar 2010 18:41 John WInther a �crit : > running smtp test on soapnut.dk > > > smtp:188.183.91.18 smtp > > 220 0xbcb75b12.cpe.ge-1-1-0-1112.hcnqu2.customer.tele.dk ESMTP Postfix > > > Not an open relay. > 0 seconds - Good on Connection time > 0.702 seconds - Good on Transaction time > OK - 188.183.91.18 resolves to > 0xbcb75b12.cpe.ge-1-1-0-1112.hcnqu2.customer.tele.dk > OK - Reverse DNS matches SMTP Banner > > > when I change nyhostname in postfix to soapnut.dk : > > 220 soapnut.dk ESMTP Postfix > > > Not an open relay. > 0 seconds - Good on Connection time > 0.733 seconds - Good on Transaction time > OK - 188.183.91.18 resolves to > Warning - Reverse DNS does not match SMTP Banner > This is a bogus test. forget about people who do random tests. The site developer doesn't understand what need to match... see my previous mail for your reverse dns issue. but this has nothing to do with your banner (or with anything that you could fix in main.cf or any postfix confg file). Only your ISP can help. > Do I set myhostname in postfix to > 0xbcb75b12.cpe.ge-1-1-0-1112.hcnqu2.customer.tele.dk or to soapnut.dk ? as said before, the latter is better. you may get a little more chances to get your mail out. PS. As Rob said, please do not top post. put your answers after the text you reply to.
From: mouss on 6 Mar 2010 18:47 Stan Hoeppner a �crit : > mouss put forth on 3/6/2010 3:01 PM: > >> so OP not only has a "generic" name, but it doesn't resolve back to the >> IP. If he can get his ISP to fix his reverse (preferably using a custom >> reverse), then maybe things will get better. > > I assume this is difficult if not impossible, given it appears residential, Any ISP should configure PTRs for their IPv4 space. but I guess you are talking about the other part (custom rdns). Some ISPs provide custom reverse for free (ex: free.fr). others provide it for a fee (may or may not be ok for OP). but in any case, anyone can tell the ISP that not setting up reverse DNS for IPv4 space is dumb. > so I recommended fixing what he could, the HELO name. And yes, many sites > will block that PTR string at client name lookup as well as HELO lookup, but > I think the probability is higher with HELO. > Agreed.
From: mouss on 6 Mar 2010 19:03 Stan Hoeppner a �crit : > [snip] > A web server with a single IP address hosting 378 vitural domains. Should > it have 379 PTRs? One for the host itself and one for each virtual domain? > Of course not. > > A mail server with a single IP address hosting 378 mail domains? Should it > have 379 PTRs? One for the host itself and one for each virtual MX domain? > Of course not. In this case, the DNS infrastructure isn't smart enough to > return matching records even though they do exist, so why bother? Stan, you're confused. What is "asked" for is: - if an IP is used to send mail, then it should have at least one PTR (preferably only one) - _any_ PTR returned for this IP should resolve back to the IP (the _nay_ is because no server is going to spend hours trying to resolve 3000 PTRs...). This has nothing to do with virtual hosts and the like. As you can guess, imlil.netoyen.net is hosting many domains. but the IP has only one PTR and that PTR resolves back to that IP. (and the box has multiple IPs too, which correspond to various hostnames...). When you run a "server" (something that listens to requests), you don't care about reverse DNS. so www.example.com only needs to resolve (that's what the browser does). nobody is going to resolve the IP back to a name (that would be stupid). When you run a "client" (something that initiates a TCP connection...), you'd better have "FCrDNS" (IP -> name ->IP returns original IP). well, all this may go away with IPv6. but as of IPv4, it is common practice... (I don't know if this is still the case, but gandi.net won't allow you to query their whois if you have that "wrong"). > [snip]
First
|
Prev
|
Next
|
Last
Pages: 1 2 3 4 Prev: allowing a fix ip dsl user access to smtp ? Next: Transport table gone ? |