problem with reverse dns

Question

problem with reverse dns

Hi everbody !

I want to submit the following problem. In our art school ( france) we have a fixed ip but not a reverse DNS. then whit some domains ( like aol, libertysurf ....) our mails are refused .
I have hear about a possible solution... In our mail server xserve under 10.4 server we can modify the "transport maps" to make mails to some domains to use our FAI smtp ?

It's really possible ?

Thanks

xserve G5, Mac OS X (10.4.2)

Posted on Nov 15, 2005 2:20 AM

Reply

Answer 1

pterobyte

Level 6

11,104 points

Nov 15, 2005 4:01 AM in response to gabriel blazquez

Hi Gabriel,

soma mail servers do a reverse lookup of your IP to reduce SPAM/spoofing. If you have your own DNS then you just need to set-up your reverse lookup zone. If your DNS is handled by your ISP then it probably already does resolve reverse lookups.
Most mail servers that do request a reverse lookup are "happy" if the reverse lookup resolves. They don't care whether it resolves to your host name. A typical scenario would be:
Your host name: mail.yourcompany.com
Your IP: 123.456.789.1
Reverse lookup results in something like: hostXYZ.yourISP.com
This is fine and should not cause any problems.

If you need further advice/clarification post your domain name and the output of postconf -n

Alex

Reply

Answer 2

Nov 15, 2005 4:43 AM in response to pterobyte

Hi Alex,

My isp "wanadoo.fr" won't make reverse, and on my network my dns ( under win2003)are local (no authoritative ).

my domain name :

www.esac-pau.fr

postconf -n
xserve2:~ admin$ postconf -n
alias_maps = hash:/etc/aliases,hash:/var/mailman/data/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
debug peerlevel = 2
enable serveroptions = yes
html_directory = no
inet_interfaces = all
local recipientmaps =
luser_relay = postmaster
mail_owner = postfix
mailbox sizelimit = 0
mailbox_transport = cyrus
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
maps rbldomains =
mydestination = $myhostname,localhost.$mydomain,localhost,esac-pau.fr,xserve.esac-pau
mydomain = esac-pau.fr
mydomain_fallback = localhost
myhostname = xserve.esac-pau.fr
mynetworks = 127.0.0.1/32,192.168.0.7/32,192.168.0.8/32,192.168.0.0/24,esac-pau.fr,192.168.0 .102,192.168.0.0/32,81.56.230.40
mynetworks_style = host
newaliases_path = /usr/bin/newaliases
owner requestspecial = no
queue_directory = /private/var/spool/postfix
readme_directory = /usr/share/doc/postfix
recipient_delimiter = +
sample_directory = /usr/share/doc/postfix/examples
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtpd clientrestrictions = permit_mynetworks reject rblclient relays.ordb.org reject rblclient sbl-xbl.spamhaus.org permit
smtpd tls_keyfile =
unknown local_recipient_rejectcode = 550

Is the following way a solution ?
for aol.fr domain
i include in the transport file :

aol.fr smtp.wanadoo.fr: #who is my isp smtp

Thanks for your help

Reply

Answer 3

pterobyte

Level 6

11,104 points

Nov 15, 2005 4:54 AM in response to gabriel blazquez

Gabriel,

I can see your MX record being as follows:
esac-pau.fr. 86378 IN MX 10 smtp.oleane.net.
esac-pau.fr. 86378 IN MX 5 xserve.esac-pau.fr.

the A record for xserve.esac-pau.fr is:
xserve.esac-pau.fr. 86125 IN A 81.50.159.13

The reverse lookup of 81.50.159.13 is:
13.159.50.81.in-addr.arpa. 86376 IN PTR abayonne-105-1-2-13.w81-50.abo.wanadoo.fr.

So wanadoo's DNS is correctly configured.
You should NOT have any problems.

-------

If you however still want to use your ISP's SMTP server I suggest you use it to relay all mail and not just AOL. Otherwise you'll always have to add/remove domains depending on how they "behave".

Alex

Reply

Answer 4

Nov 15, 2005 5:01 AM in response to pterobyte

Alex

The reverse lookup of 81.50.159.13 is:
13.159.50.81.in-addr.arpa. 86376 IN PTR abayonne-105-1-213.w81-50.abo.wanadoo.fr. that 's the probleme the aol lookup reject if the reverse not check whit the domain name "esac-pau.fr " 🙂

the solution of relay all mail via isp smtp not work, because the isp smtp not allow to send more than 30 adress at same time ( and we need it )

Well, at the beginning of 2006 wa are going to change our isp and have a really reverse dns ...

Thanks for all Alex

Reply

Answer 5

pterobyte

Level 6

11,104 points

Nov 15, 2005 5:06 AM in response to gabriel blazquez

Well if this is the case then AOL is enforcing a silly rule, because a very high percentage of reverse look-ups will not match domains.
Think about virtual hosting. 1 IP 100 domains. A reverse lookup will show one domain.
I may very well be wrong, but I have serious doubts AOL is enforcing it this way. It must be some other issue.

Do you happen to have an AOL address? I can try and send you a mail from one of my virtual domains which do not resolve to the same domain.

Alex

Reply

Answer 6

Nov 15, 2005 5:40 AM in response to pterobyte

No alex i haven't an aol adress But just try to send a mail to

postmaster@aol.com

i have the following bounce :

Certains des destinataires ou tous les destinataires n'ont pas reçu votre message.

Objet : test
Date : 15/11/2005 14:39

Impossible de contacter le(s) destinataire(s) suivant(s) :

'postmaster@aol.com' le 15/11/2005 14:39
554 <postmaster@aol.com>: Relay access denied

Reply

Answer 7

pterobyte

Level 6

11,104 points

Nov 15, 2005 6:02 AM in response to gabriel blazquez

Hmm. As I thought I have no problem whatsoever.
I just send mail to 2 AOL addresses and both went through just fine. They were sent from a virtual host where reverse look up will return my main domain's IP but not the virtual host's one.

So the problem must be something else.

The bounce message is in French. I doubt that AOL will send you a translated "bounce message". So this looks like it's coming from your ISP. Are you by any chance have set-up your SMTP with several "hops" in between.

Look a the full headers of the bounced message.

Reply

Answer 8

Nov 15, 2005 6:26 AM in response to pterobyte

heu sory it's seems to works fine now. i send a mail to postmaster@aol.com and no bounce ...
mails to other domains works fine too .

i think i need a coffee 🙂

Reply

Answer 9

pterobyte

Level 6

11,104 points

Nov 15, 2005 6:33 AM in response to gabriel blazquez

Yes, have a strong coffee 😉
And while you are at it, close (set to answered) this thread.

Reply

Answer 10

Nov 28, 2005 12:21 PM in response to gabriel blazquez

Gabriel,

In case this problem re-appears with the same AOL postmaster address (or others), check to make sure you don't have any old or non-functioning DNS servers listed in your Server Network Prefs.

If you have an NS server listed in there that isn't responding, Postfix will try (according to the RFC) to deliver to the domain A record instead. Try a few lookups and notice that aol mx and a records are not the same, which is very common.

This can result in confusing 'relay denied' messages, due to the fact that the mail is getting sent to the A record address (instead of the MX), which isn't the actual mail server, and is thus considered a relay. More confusingly, if you have multiple NS servers listed in Network Prefs, the 'relay denied' messages can be intermittent (i.e. they happen when the 'stale' NS server is used, but not when a legit server is used).

iBook G4 Mac OS X (10.4.3)

Reply