Date: Mon, 17 Mar 2003 07:18:03 -0500 From: Bill Moran <wmoran@potentialtech.com> To: "Paul D. Lathrop" <plathrop@nmu.edu> Cc: Len Conrad <LConrad@Go2France.com>, freebsd-questions@freebsd.org Subject: Re: Sending mail to this list Message-ID: <3E75BCFB.2090409@potentialtech.com> In-Reply-To: <48294587-583E-11D7-A325-000393BF3DE2@nmu.edu> References: <48294587-583E-11D7-A325-000393BF3DE2@nmu.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
Paul D. Lathrop wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Monday, March 17, 2003, at 12:48 AM, Len Conrad wrote:
>
>>> I run many domains off of this machine - does it have to have a
>>> reverse pointer that matches the domain name for every domain
>>
>> Only one PTR record per ip. Applications don't know how to handle
>> more than one.
>>
>> Right now, the reverse zone for the ip that was rejected is delegated
>> to rackspace NS, not yours.
>>
>
> We use Rackspace's nameservers to manage our domains. Shouldn't that
> mean it's already configured properly?
>
> Before I go bugging them about it, I want to be as learned as possible.
> Thank you all for your help.
Works like this:
When you have the name mail.jujubeans.com and you need to contact that
server, you do a forward DNS lookup and get (for example) 10.1.1.1.
Now if you've received mail from 10.1.1.1 and you want to know whos
mail server that is, you do a reverse DNS lookup on 10.1.1.1 and you'll
get mail.jujubeans.com
A server can have many forward DNS records. Quite often an ISP uses a
single mail server to host many domains. mail.jujubeans.com might also
be mail.somethingelse.com. But it can only have 1 reverse DNS record,
otherwise the reverse DNS is invalid.
In order to send email to FreeBSD, the following parts of this system
are checked:
1) The name the mailserver announces in it's HELO line must resolve via
forward DNS. It doesn't matter to what, it just has to resolve.
2) The IP of the server must reverse resolve to something, it doesn't
matter to what: except that that name is then tested on a forward
DNS check, which must work.
My understanding is that these simple tests block thousands of spam
emails per second! And we only get one person with trouble about once
a month.
The most common mistake I've seen people make is to add multiple reverse
DNS records (when the machine has multiple forward DNS records) Most
DNS servers will allow you to do this, but it doesn't work. The 'host'
command is smart enough to respond intelligently even if rdns is
configured wrong, so the easy way to check is to enter
'host my.ip.addy.x'. If it returns several different names for the
server, then that's your problem. If it returns no name, then that's
the problem. If it returns a name that doesn't forward resolve, then
that's your problem.
pulsenet.com (for example) doesn't have anyone on staff who understands
this, and their servers are all hosed as a result.
--
Bill Moran
Potential Technologies
http://www.potentialtech.com
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3E75BCFB.2090409>