How is Reverse IP, PTR, rDNS configured on a home server?
Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
While I agree with most of what scasey says, I don't agree with his view on the PTR. The PTR should reflect your domain. Of course that e-mails could get through nonetheless, because usually e-mail servers do not make decisions based only on one criterion, usually they work with weights and after a certain point they consider an e-mail suspicious and it gets greylisted or rejected. You can get e-mails through also if you don't have an SPF record, but that doesn't mean you shouldn't.
Mail servers use reverse DNS to perform simple anti-spam checks. We like to call this a “three-way handshake”, because mail servers will make sure the forward DNS lookup matches the reverse DNS lookup which matches the fully qualified domain name (FQDN) of the email header.
When a sending server makes a connection to the recipient server, the recipient server notes the sending IP address and performs a reverse lookup, called a PTR lookup, named after the type of DNS record used. If the result of the reverse lookup matches the result of a forward DNS Lookup, then it's much more likely that the message is legitimate. If the IP address doesn't match, it's much more likely that the sending address was spoofed and therefore much more likely that it's unwanted and could be considered spam.
vincix,
Your analysis is correct, if a mail server checks rDNS, it compares the IP address of the connecting server to the IP address returned by the rDNS check. It does not care, however, what the domain name on the PTR record is and doesn't check that at all.
As the OPs IP has an rDNS, there is no problem for them to solve, and no need to ask their ISP to change the domain on the PTR record, as stated.
Putting their domain into the mxtoolbox site will show that all is well, I expect. That's a good tool to share.
vincix,
Your analysis is correct, if a mail server checks rDNS, it compares the IP address of the connecting server to the IP address returned by the rDNS check. It does not care, however, what the domain name on the PTR record is and doesn't check that at all.
As the OPs IP has an rDNS, there is no problem for them to solve, and no need to ask their ISP to change the domain on the PTR record, as stated.
Putting their domain into the mxtoolbox site will show that all is well, I expect. That's a good tool to share.
After installing everything I usually have the following data from mxtoolbox, mecsa and mail-tester on rDNS.
Although it looks good overall, rDNS shows up as a problem.
I did tests sending mail to friends, they reach the spam folder and some do not receive them.
I suppose I will ask the IP provider for a solution, but before doing this I don't know if there is another option?
Interesting.
I have one rDNS referencing one domain. All mail to any domains I host hit that domain's mail server. In my case the SMTP banner does match the rDNS (both say mail.mydomain.com), so I get a green check mark and a warning that the banner/rDNS is different from the domain in the MX record.
Since you have a static IP, you should probably request that the rDNS reflect the same domain as your mail server.
(and perhaps I should update the MX records to reflect the actual domain name the server is using)
It is true that one of the main requirements for a mail server is the correct configuration of the rDNS to prevent our mail from reaching SPAM.
The truth is that I am not worried that it will reach SPAM because the people who receive it know that I am going to send it, but I am concerned that the mail will not arrive.
I've been trying to understand how DANE and DNSSEC work for several days, maybe it works to improve the delivery of emails
Interesting.
I have one rDNS referencing one domain. All mail to any domains I host hit that domain's mail server. In my case the SMTP banner does match the rDNS (both say mail.mydomain.com), so I get a green check mark and a warning that the banner/rDNS is different from the domain in the MX record.
Since you have a static IP, you should probably request that the rDNS reflect the same domain as your mail server.
(and perhaps I should update the MX records to reflect the actual domain name the server is using)
So you mean to reflect, let's say, mailrelay.domain.com, instead of domain.com, right?
mydomain.com: Domain name, not the server subdomain mail.mydomain.com: Mail server subdomain name (hostname -f) ht.northwestel.net: Internet provider name, the same one that gives me the static public IP.
At the server level will I have to add ht.northwestel.net somewhere?
Or should I play MX Records by adding ht.northwestel.net.?
Or is it better to talk to the provider to make changes to mail.mydomain.com?
A good premise (at least this worked for me when I eventually wanted to understand the difference) is to realise that the e-mail server's domain name can be anything. It doesn't have to be mail.mydomain.com, it can be whateveryouwant.anotherdomain.com. As long as it is allowed (through SPF, DKIM, DMARC whatever + the right rDNS) to send e-mail, that's fine.
This ht.northwestel.net you don't need to use anywhere.
Quote:
Or should I play MX Records by adding ht.northwestel.net.?
Or is it better to talk to the provider to make changes to mail.mydomain.com?
If you want to change your rDNS you need to talk to your provider anyway. I don't understand exactly what you mean by "play". In any case, I still think that the standard way of doing this is to talk to your provider and ask them to change your rDNS to mail.mydomain.com, so that the ip of your e-mail server is resolved to "mail.mydomain.com".
If they refuse (I'm not sure if they are in any way bound by this), then I suppose you could change your smtp banner to that of the name given by your ISP. (I guess this is what you were referring to in the first question?) A compromise which kind of sucks, to my mind, but it would work, as far as I can tell
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.