Announcement

Collapse
No announcement yet.

Earthlink blocking mail - mismatched rDNS

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Earthlink blocking mail - mismatched rDNS

    Hello all,

    Mails from one of my customers sent to any earthlink address is being blocked by earthlink. I've followed earthlink's automated procedures to solve the problem, but that hasn't worked. I've verified that my customer's mail server is not black listed anywhere, is not an open relay, and has a valid PTR record.

    My customer's mail server is: mail.thenorrisgroup.com
    IP address of mail server is: 71.83.80.196

    I just heard from an earthlink level 3 tech support guy that the problem is that when earthlink (or anyone else for that matter) receives an email from someone at the norris group (my customer), the mail header "RECEIVED:" section indicates that the mail is from "71-83-80-194.static.rvsd.ca.charter.com" and not mail.thenorrisgroup.com. The issue is plainly obvious...the SMTP connection is coming from their firewall (which is 71.83.80.194) and not the mail server (which is 71.83.80.196.

    Right now, there is a 'A' record for mail.thenorrisgroup.com -> 71.83.80.196. The ISP (Charter) has created a PTR record for 71.83.80.196 -> mail.thenorrisgroup.com. This can all be verified at any dns testing site.

    So...what do I need to do to fix this?

    Do I need to change the 'A' record for mail.thenorrisgroup.com from 71.83.80.196 to 71.83.80.194? If so, then I'll need to have the ISP change the PTR too (obviously). I will also need to add a firewall rule which says to forward all incoming traffic on port 25 to the mail server's internal ip.

    Another option would be to create an 'A' called smtp.thenorrisgroup.com and resolve that to 71.83.80.194 (the firewall). Then, have the ISP (Charter) create a PTR record to make 71.83.80.194 resolve to smtp.thenorrisgroup.com. THEN, I could update the helo response in the SMTP Virtual Connector to reflect smtp.thenorrisgroup.com instead of mail.thenorrisgroup.com. This would make the PTR, the Received, and the helo all match.

    Problem is...the mx record says that the mail server for thenorrisgroup.com is mail.thenorrisgroup.com and not smtp.thenorrisgroup.com. So...maybe I could then just add a CNAME record for smtp.thenorrisgroup.com which would just point back to mail.thenorrisgroup.com

    So...what would happen if I then changed the MX record to smtp.thenorrisgroup.com?

    Diagram of my customer's network:

    ISP - 71.83.80.193
    |
    TheNorrisGroup's Firewall (Cisco 871) - 71.83.80.194
    Internal network gateway ip - 192.168.10.1
    |
    Network Swtich
    ||||||||||||||||||
    |
    |
    Mail Server - Exchange 2003 (exchange.norris.local & internal ip of 192.168.10.10)
    external 'A' record of mail.thenorrisgroup.com which resolves to 71.83.80.196

    Any suggestions?

    Aaron Rogers
    Inland Empire Computing

  • #2
    Re: Earthlink blocking mail - mismatched rDNS

    If you have multiple IP addresses then you need to get your NAT corrected on the firewall, so the traffic comes out on the correct IP address. In many cases a firewall will accept email coming in on any IP address, but all outbound traffic will appear to come from the same default IP address.

    Correct that first.

    Otherwise you would need to change everything so that the host name and reverse DNS record match.

    Simon.
    --
    Simon Butler
    Exchange MVP

    Blog: http://blog.sembee.co.uk/
    More Exchange Content: http://exchange.sembee.info/
    Exchange Resources List: http://exbpa.com/
    In the UK? Hire me: http://www.sembee.co.uk/

    Sembee is a registered trademark, used here with permission.

    Comment

    Working...
    X