Topic: Reverse DNS + Multiple Domains

[stdean]

I'm hoping someone has some experience with this and can point me in the correct direction. I'm not really sure what I need to do to resolve this.

I am running SME 7.2 as my mail server for mydomain.com the hostname/mail server name is mail.mydomain.com. I have reverse DNS setup correctly (through my ISP) and am having no real problems with this. I manage the DNS for this domain via the Custom DNS service offered by DynDNS.

I have recently added a second and third domain to my SME (seconddomain.com and thirddomain.com) from which I need to send mail. These guys are managed through lunarpages http://www.lunarpages.com, the websites are hosted there and the DNS is managed by them. I have mx records set up to point from the lunarpages accounts to my SME machine. Mail will come in and out with no problems, except for one.

I'm noticing more and more that mail is being blocked due to no reverse dns setup on the second and third domains. I would like to get this setup, but I'm not sure where to start. Should this be managed by my ISP who controls my IP or should I have lunarpages make a PTR entry to point to my primary mail server i.e. mail.seconddomain.com will have a PTR record pointing to mail.mydomain.com??

My SME server is actually sitting behind a firewall which is NAT'ing it's global IP address to it, I currently have a couple of extra IP addresses, could I NAT them to the mail server and then have my ISP set up the reverse entry to these other IP's. I suppose my question here is if I do this will it cause anything on the SME to break? (It's currently running in Server Only mode).

Just wondering if anyone has any experience on getting reverse DNS setup for 1 ip with a couple of domains.

Cheers,

Conor

[CharlieBrady]

I'm noticing more and more that mail is being blocked due to no reverse dns setup on the second and third domains. I would like to get this setup, but I'm not sure where to start.

Reverse DNS maps an IP address to a FQDN. You can only have one FQDN per IP address (one PTR record in DNS).

I don't know what your exact problem is with email, but from what you say you have already done all you can wrt reverse DNS.

Are you sure you have your story straight as to why mail is being blocked? What do the logs and/or bounce messages say?

[mmccarn]

Here's what I've seen re: Reverse DNS:

1) A few years ago AOL would refuse email if the PTR record for the mail server didn't match the name of the mail server. This was before they put up their helpful postmaster tools &c - they would simply drop the email and refuse to say why... fix your DNS and Presto! your email would get through...

2) Lately, the large ISPs only seem to insist that the name returned by the reverse lookup must return the original IP when it is looked up. 

That is:
a) my SME connects to ISP x from IP address w.x.y.z
b) ISP x does a PTR lookup on z.y.x.w.in-addr.arpa to get "the" name of my mail server
c) (Some ISPs will deny the connection if the name returned matches some home-grown expression they've built attempting to identify residential connections)
d) ISP x now does a normal DNS query on the name returned by the PTR lookup in step b
e) if the DNS lookup in step d does not match the IP address from which I connected in step a then the connection is denied.
f) If the ISP is using SPF (Sender Policy Framework), then the name or IP address of the SME needs to be listed in the SPF record for all of the domains you are hosting. (See http://www.openspf.org/ for more info)

I haven't seen a major ISP for 2 years or more that insists that the PTR record match the email sending domain, or that it match the "helo..." string from the mail server (the way AOL used to do).

[CharlieBrady]

I haven't seen a major ISP for 2 years or more that insists that the PTR record match the email sending domain,...

Which is a good thing too, since that policy is totally bogus, restricting each mail server to handle only a single domain.

We haven't seen what stdean's problem is ...