Announcement

Collapse
No announcement yet.

rDNS issue - SpamTitan/Exchange

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • rDNS issue - SpamTitan/Exchange

    This stuff makes my head swim but I'm stuck with a system I've inherited so here we go.

    A tiny amount of outbound email is being blocked by some recipients, mostly in Germany and Austria.

    I can't give an actual number but only two out of 130 people have reported an issue and all other email seems to be going back and forth with the expected replies and replies to replies you would enjoy under normal circumstances.

    One of the two problem recipients sent this:

    domain helena-biosciences.com has a wrong revers DNS
    nslookup 65.175.70.143
    65.175.70.143 -> 143.70.175.65.in-addr.arpa name = spamtitan.helena-biosciences.com.
    ping mail.helena-biosciences.com
    PING mail.helena-biosciences.com (65.175.70.143): 56 data bytes
    64 bytes from 65.175.70.143: icmp_seq=0 ttl=49 time=142.444 ms
    RDNS has to be identical with DNS to accept incoming emails


    The other problem recipient sent this in:

    We received some emails from your site which are marked as spam due to a DNS misconfiguration.
    Your outgoing mailserver called "spamtitan.helena-biosciences.com" has a wrong IP address in your reverse DNS zone.


    I can't see what's wrong, the host says nothing is wrong, SpamTitan say they are doing nothing wrong, the in-house Exchange server routes all inbound and outbound through the hosted SpamTitan appliance and doesn't appear to be getting excited about anything, MXToolbox doesn't seem to think there is anything wrong...

    In a word, help !

    If anyone could shine any light on this I would be very grateful.
    Last edited by NDR; 27th February 2014, 11:56.

  • #2
    Re: rDNS issue - SpamTitan/Exchange

    Are the PTR records correct for the IP addresses of both mail.helena-biosciences.com and spamtitan.helena-biosciences.com?
    A recent poll suggests that 6 out of 7 dwarfs are not happy

    Comment


    • #3
      Re: rDNS issue - SpamTitan/Exchange

      Thanks for your reply.

      Using MXToolbox, domain name mail.helena-biosciences.com has an IP of 65.175.70.143

      If I run ptr:65.175.70.143 it seems to resolve to the domain name spamtitan.helena-biosciences.com

      Is that what you were asking ?

      Comment


      • #4
        Re: rDNS issue - SpamTitan/Exchange

        Reverse DNS uses PTR Records (or 'pointers') as a way of proving that the sender's IP address matches the domain name the mail is being sent from. A receiving host will check the headers of the connection and make sure it is not attempting to impersonate a domain.

        Your mail server announces itself as helena-biosciences.com. The sending domain will be listed as mail.helena-biosciences.com

        If the receiving host carries out a reverse DNS check against mail.helena-biosciences.com and the rdns provides an IP address that is associated with spamtitan.helena-biosciences.com the mail will be rejected because the IP address returned does not point at mail.helena-biosciences.com.

        This works by resolving the domain name mail.helena-biosciences.com to an IP address. Next, the IP address is checked back again (hence 'reverse'), and it should give the same domain name. Yours does not do this.

        You need to change the PTR record so that it points to mail.helena-biosciences.com.


        WARNING
        You should document ALL your DNS settings before making any changes. If you are unsure how to proceed I strongly advise you to seek professional assistance. A professional (or your system administrator) will check all your DNS settings and make changes as appropriate. If you make mistakes to your DNS settings you can bring your entire domain down - no web site, no email!
        A recent poll suggests that 6 out of 7 dwarfs are not happy

        Comment


        • #5
          Re: rDNS issue - SpamTitan/Exchange

          Originally posted by Blood View Post
          Reverse DNS uses PTR Records (or 'pointers') as a way of proving that the sender's IP address matches the domain name the mail is being sent from. A receiving host will check the headers of the connection and make sure it is not attempting to impersonate a domain.

          Your mail server announces itself as helena-biosciences.com. The sending domain will be listed as mail.helena-biosciences.com

          If the receiving host carries out a reverse DNS check against mail.helena-biosciences.com and the rdns provides an IP address that is associated with spamtitan.helena-biosciences.com the mail will be rejected because the IP address returned does not point at mail.helena-biosciences.com.

          This works by resolving the domain name mail.helena-biosciences.com to an IP address. Next, the IP address is checked back again (hence 'reverse'), and it should give the same domain name. Yours does not do this.

          You need to change the PTR record so that it points to mail.helena-biosciences.com.


          WARNING
          You should document ALL your DNS settings before making any changes. If you are unsure how to proceed I strongly advise you to seek professional assistance. A professional (or your system administrator) will check all your DNS settings and make changes as appropriate. If you make mistakes to your DNS settings you can bring your entire domain down - no web site, no email!
          Right, that makes sense - many thanks for your answer.

          So, basically, mail.helena-biosciences.com resolves to 65.175.70.143, which is the IP address of the hosted SpamTitan appliance.

          ptr:65.175.70.143 resolves to the domain name spamtitan.helena-biosciences.com

          I assume that I need to ask SpamTitan to have the 65.175.70.143 appliance IP address resolve to mail.helena-biosciences.com rather than spamtitan.helena-biosciences.com

          The Exchange box uses the SpamTitan appliance to filter all inbound AND outbound messages so whatever is changed in DNS needs to preserve that arrangement.

          I appreciate your warning - obviously this is not my area of expertise but, at the moment, I only have the option of contacting SpamTitan to have them make a change at their end, or contact our host and have them make a change at theirs

          Thanks for you input - I really appreciate it

          Comment


          • #6
            Re: rDNS issue - SpamTitan/Exchange

            Spamtitan should be able to advise you on exactly what needs to be done. If you are paying them for a service, they should support it and this is the type of thing they should be able to help you with.

            I've never used Exchange (we use a free mail server program) but you should be able to set the outgoing announcement so that spamtitan is replaced with mail.

            Or, as I said above, so that the PTR record points back to mail.

            But - check with Spamtitan first - just to be sure.
            A recent poll suggests that 6 out of 7 dwarfs are not happy

            Comment

            Working...
            X