1. This forum is read-only and considered to be an Archive. Please utilize the SmarterTools Community for future interaction and posts.

Question SMTP failures due to lack of Reverse DNS and PTR

Discussion in 'SmarterMail' started by blechner, Jul 12, 2012.

  1. blechner

    blechner New Member

    Apparently this is something I completely overlooked. We keep getting message failures due to lack of PTR records and valid rDNS entries but I have no idea how to set this up. We have a /29 block of address from our ISP and use one public address for our mail server. We also have GoDaddy as a registrar and can get the A and MX records configured correctly but I have no idea how to add PTR records.

    GoDaddy does not have a DNS option to create PTR records but they do have SPF records that I can set but no matter what I configure Reverse DNS fails. I have complete control over the Godaddy DNS and the DNS server running on the Mail server but regardless of what I set it doesnt seem to work correctly. Any help would be appreciated.

    Is this something that I can do with GoDaddy or does my ISP have to help? I cant be the only one with this issue can I ?
  2. chicagonettech

    chicagonettech Product Expert

    You must request a REVERSE DNS ENTRY from your ISP who issued the block of IP ADDRESSES.

    The NAME and IP ADDRESS to which is mapped MUST EXACTLY MATCH THE HOSTNAME OF THE MAIL SERVER SENDING THE E-MAIL.

    If you use one IP ADDRESS to send for multiple domains, make certain the mapping matches the domain name of your HOSTING COMPANY and the setup a PTR RECORD for each hosted domain in the DNS for the hosted domain.

    You should also set up REVERSE DNS on your local DNS SERVERS and create a PTR record for each of the hosted domain's HOST records which maps to the MX record for the e-mail.
  3. blechner

    blechner New Member

    Ok. Luckily I just have one mail domain in which im trying to fix. If I change the NameServer entry from godaddy to the DNS server I control, will that have any effect or must I get the ISP to change it. What I dont get is how does my ISP (UPNllc.com) have anything to do with DNS. Arent GoDaddy and my server the only two locations a query could be made.

    Where are reverse DNS entries listed? I mean when a reverse DNS query is made, who is it actually made to. The nameserver listed at Godaddy or to the IP address in which it is trying to locate the hostname of. Sorry for the strange questions in advance

    UPDATE: I think i found an article that explained it a little. Basically forward DNS is handled by registrars while rDNS is handled by ISP (or who give out IP address. Is this correct?
    http://www.crucialp.com/resources/tutorials/web-hosting/how-reverse-dns-works-rdns.php
  4. csimo

    csimo Product Expert

    Godaddy has nothing to do with the PTR records (rDNS). You have to get your ISP (assuming they own the IP Addresses) to enter the PTR record for you. A /29 is 8 IP Addresses.

    The DNS "A" record for the IP Address (at Godaddy or whoever you use for DNS), the PTR (rDNS) and Official Host Name of your mail server should all match.
  5. blechner

    blechner New Member

    Got it. Thanks.
  6. sexy-trousers

    sexy-trousers Member

    Hi Bruce, are you advocating setting up multiple PTR records for the same IP pointing to different host names? Isn't that frowned upon and can potentially causes problems? I have the same problem as the original poster where AOL is not delivering mail from one of my domains, yet I can't setup a feedback loop with them as the rDNS of my mail server IP returns my generic mail server host name and not the host name I created for the client domain. I guess the solution for me is to stop using the mail.myclientdomain.com in the domains MX and switch it to my mail.generichosting.com host name, but my question really relates to the multiple PTR recommendation...

    Thanks, TJ.
  7. DXD

    DXD Product Expert

    I have several hundred domains setup like you are trying. There is only 1 PTR record. All mail is sent from mx1.dynamicbydesign.com which is our generic domain as you have. All customers have mx1.customer1.com mx1.customer2.com etc.

    I've had no problems with AOL. My closed loop feedback for them is setup as mx1.dynamicbydesign.com since all mail is sent from that IP
  8. sexy-trousers

    sexy-trousers Member

    Thanks Chris, good to know how others are handling this - sorry for hijacking this thread!

    TJ
  9. DXD

    DXD Product Expert

    For some further information we have the following:
    mx1.dynamicbydesign.com 10
    mx2.dynamicbydesign.com 20 (backup MX using free SmarterTools)
    smtp.dynamicbydesign.com port 25 and 587
    imap.dynamicbydesign.com
    pop.dynamicbydesign.com
    webmail.dynamicbydesign.com

    Then every customer has the same with their domain in place of dynamicbydesign.com. The mail server sends mail out on the mx1.dynamicbydesign.com and the PTR points to it. The mail server announces itself as dynamicbydesign.com

    So customers use their domain name with the correct subdomain name based on what they need. Also this future proofs everything in the event we need to move webmail or smtp or any of the services to separate machines we can do that just with a dns change and very little impact to the customers.

    Additionally we have had zero to no issues with this configuration plus using Bruce's proved SPAM configuration document we have very little spam that gets through to our customers.
  10. chicagonettech

    chicagonettech Product Expert

    TJ: Just want to jump in and say yes, we are running a situation similar to what Chris is using and have had no problems. We run two separate IP addresses and map everyone to the SECURE SSL/TLS address under SECUREMAIL.CHICAGONETTECH.COM - MX 5

    As a backup, non-secure, we run MAIL.CHICAGONETTECH.COM / FIFI.CHICAGONETTECH.COM - MX 10

    We have IN-ARPA / REVERSE DNS setup by our internet connectivity provider on both of the IP ADDRESSES to map the IP ADDRESS to the HOST NAME

    We also have PTR RECORDS setup for ALL of the domains we host under their domain name in both FORWARD and REVERSE DNS

    We have never had an issue with messages sent from the server being rejected.

    [Sorry for the delay in responding - phones ringing off the hook this morning!]
  11. sexy-trousers

    sexy-trousers Member

    So to get this straight, the only major difference in Chris's and Bruce's setup is that Bruce gets a PTR/Reverse DNS record setup by his IP Block owner for every email domain/customer you host for for each of your securemail & mail hosts/IP's? That was my initial question to Bruce, are you advocating having multiple PTR records setup for a single IP mapping to multiple canonical host names? Seems like if Chris doesn't have any issues that his config is easier to manage.

    On another, unrelated note, every since I implemented Bruce's anti-spam recommendations note, I've gotten more spam than ever (but we'll keep that for a different day)...

    TJ
  12. DXD

    DXD Product Expert

    The only reason you would need PTR records would be if each domain had a static IP and each domain sent it's email on it's own through that IP.

    We have shared hosting customers most share an IP some have static IP's because they use SSL for their websites however they ALL share the same mail servers and that mail server ONLY sends out on 1 IP address so having PTR's for every domain is not required. I don't know if you can and I've never seen a single IP have multiple PTR records. Of all the domains that share an IP that shared IP PTR is shared.dynamicbydesign.com as for the domains with static IP's for SSL the PTR's are set to what the SSL certificate expects just for managment sake but it's not required either.
  13. chicagonettech

    chicagonettech Product Expert

    Partially correct.

    The ONLY PTR records setup by the IP BLOCK OWNER are for FIFI.CHICAGONETTECH.COM and SECUREMAIL.CHICAGONETTECH.COM

    All other PTR records are setup in my DNS SERVERS, for both FORWARD and REVERSE DNS for EACH HOSTED DOMAIN.

    By mapping against the records setup by the IP BLOCK OWNER all of the domains pass the PTR tests.

    With regard to the antispam issues, it sounds like you have given the ability to the domain users/owners to override greylisting and antispam settings.

    That need to be COMPLETELY DISABLED and LOCKED DOWN.

    You also need to completely delete all WHITELISTS which have been added by domains and users.

    Spam should be checked only by the MASTER SPAM SETTINGS. Giving anyone else the ability to "override" or "whitelist" causes nothing but headaches and actually creates more spam.

    You also need to make certain that ALLOW RELAY under SETTINGS, SMTP IN is set to NOBODY. Anything else and you are a spammer.

    I just worked with a client who was allowing local user to send without authenticating and they were using a local address as the SENDING ADDRESS, their address as the REPLY TO address, and sending her local users more than 10,000 spam messages PER DAY.

    There is NO legitimate setting other than NOBODY for SMTP IN ALLOW RELAY.
  14. sexy-trousers

    sexy-trousers Member

    Check. Check and Check. All of those spam settings are as you suggest and I only host one domain that I own and control (no user overrides) - perhaps we should move this conversation elsewhere so as not to sully the original thread...

    TJ
  15. blechner

    blechner New Member

    Not to beat a dead horse (or thread) but its a little like a provider such as Godaddy that has many many people email through smtpout.secureserver.net. This rDNS lookup points to a domain that is different than that of all of the email addresses, yet it delivers fine mostly because these ISP's are only checking that the IP has an rDNS. (i think)
  16. bilal

    bilal Member

    reverse DNS setup for your mail server IP.

    I ran into a problem where AOL wasn't accepting any emails from my mail server. I read the log files and it had the AOL link explaining as to why they rejected the emails from my users. I host about 10 different domains but they all go through my server "www.myserver.com" via smtp/imap.. or logging on via https..
    anyhow, it was fairly easy to resolve. I got on to my dedicated server provider (1and1) website and was able to create a "Reverse Mapping" to the IP address that I assigned to Smartermail.
    Once I did this, about 30 minutes later, my spooler started smtp-out all the stuck emails without any issues.
    To be precise, I didn't have to have my own DNS server (one rep from 1and1 advised), Going into IP address management, there was ONE mouse click to create a reverse mapping.

    Want to check your mail server's IP if it has reverse mapping, just see if you can nslookup your IP and it spells out the domain name, if you just rather want to use a tool, go here:

    http://postmaster.aol.com/cgi-bin/plugh/rdns.pl

    hope this helps others with some emails stuck in the spooler getting bounced from a certain domain (smtp-out) on their smartermail server. :cool:
  17. bilal

    bilal Member

    not all domains must have an rDNS.. please see

    server may host 100's of domains for the emails. rDNS is not necessary to be setup on ALL domains but the ONE that is the root and is an SMTP. so my server with the FQDN mail.bilal.com can be hosting email for 100 diff domains. All I configure rDNS (reverse mapping) for is: mail.bilal.com because all the domains are using this guy to push out and receive emails.
    hope it helps.

    cheers!
  18. bilal

    bilal Member

    rDNS only necessary for the FQDN of your mail server..

    I have enjoyed some posts from Bruce. But I must admit, when I ran into the issue of AOL bouncing my emails due to rDNS, all I did to resolve was creating a Reverse mapping (rDNS) of my mail server's FQDN. and I guess within about 30 minutes, all my issues were over.
    Chris' tips are way closer to what I did and all worked fine. I shall vote for his tip. I love forums, so much to learn @ all times.. thanks and cheers!
  19. tomwi53092

    tomwi53092 New Member

    I'm a bit late to the party here, but I'll write what fixed the problem for us, as I'm sure others will run into this.

    The solution is to add your dns server to the HOST SUMMARY list:
    1-Launch the domain name in Godaddy. You'll be in the DOMAIN DETAILS screen.
    2- Go to the lower left corner, locate the HOST SUMMARY area.
    3- Click ADD. Type the name of your DNS server and the IP address.
    (In our case, we have our own dns server named ns1.domain.com that serves as our in-house dns server and as a secondary dns for Godaddy's
    dns server. NS1.domain.com is listed in the nameserver list in Domain Details).
    So, my entry in Host Summary:
    Host name: NS1
    IP address: (the IP address of NS1)

    That's it. Adding this entry in Host Summary fixed our problem with email bounce backs from AOL, Comcast, RoadRunner, etc.

    Other possible relevant info:
    - NS1.domain.com is also entered into the nameserver list in Godaddy's Domain Details.
    - NS1.domain.com is defined in Godaddy's DNS manager with an A record
    - On NS1.domain.com, we have the appropriate PTR records for our mail server.
    - We also have an SPF record defined in Godaddy DNS, although, as you've found out, this alone does not fix the problem.
    - As you've already figured out, Godaddy DNS has no way of entering PTR records, and it doesn't create them for you in the background.
    - With our internet provider, we have authority for dns delegated to our dns server.