Results 1 to 8 of 8

Thread: E-mail Reverse DNS issue

  1. #1

    Default E-mail Reverse DNS issue

    Hello all.

    I have a Postfix mail server on Debian 5, and have a major issue. First of all, the mail server / IMAP access works beautifully, no issues most of the time, but my Reverse DNS is a little borked up. AOL alerted me to this error when I had 15 messages in the send queue, and I looked at the mail logs. Here is my set-up:

    Domain IP (webserver and email server): 209.59.209.7
    Root domain: wfto.cc
    Mail server: wfto.cc
    Postfix host: wfto.cc
    Reverse DNS entry: wfto.cc

    A record: wfto.cc. IN A 209.59.209.7
    MX record: wfto.cc. MX wfto.cc. (which points to 209.59.209.7)

    When I use the AOL reverse DNS tool, it resolves my PTR as wfto.cc. I thought this would be enough, but it isn't. Mail still isn't going through. Is there anything I can change that would help? For troubleshooting purposes, I'll list my previous configuration (which still didn't work):

    Domain IP (webserver): 67.223.236.27
    Domain IP (mail server): 209.59.209.7 (mail.wfto.cc.)
    Mail server: mail.wfto.cc.
    Postfix host: mail.wfto.cc
    Reverse DNS entry for 209.59.209.7: mail.wfto.cc.
    Reverse DNS for 67.223.236.27: none

    A record: wfto.cc. IN A 67.223.236.27
    A record: mail.wfto.cc. IN A 209.59.209.7
    MX record: wfto.cc. MX mail.wfto.cc.
    Reverse DNS record for 209.59.209.7: mail.wfto.cc

    And with this config, AOL's reverse dns tool stated that 209.59.209.7 resolves to mail.wfto.cc, which matched everything.

    I'm totally confused. I'm also in Africa for the foreseeable future, so this makes it even more difficult to troubleshoot the issues. I appreciate any feedback any of you might have. I check my e-mail and these forums every few days. Thanks in advance.

  2. #2
    Join Date
    Jun 2008
    Posts
    232

    Default

    Quote Originally Posted by meinemitternacht View Post
    When I use the AOL reverse DNS tool, it resolves my PTR as wfto.cc. I thought this would be enough, but it isn't. Mail still isn't going through. Is there anything I can change that would help?
    I ran your domain through intoDNS and while it did pick up a couple of unhappy settings, they weren't related to your MX configuration. Setting your name servers at your registrar to the dnscloud names (instead of the vpslink ones) may resolve the unhappy settings, apart from the SOA serial no, which is something VPSLink may choose to look at.

    What mail errors are you getting that indicates your mail isn't getting through? Maybe we can address those?

    Oh, and here's hoping you have happy travels through Africa...

  3. #3

    Default

    The exact error message from AOL is:

    Mar 27 13:02:41 meinkleinewelt postfix/smtp[1872]: 17E76FD9B5: to=<some_email_address@aol.com>, relay=mailin-01.mx.aol.com[205.188.156.248]:25, delay=409885, delays=409882/1.6/1.1/0.5, dsn=4.0.0, status=deferred (host mailin-01.mx.aol.com[205.188.156.248] said: 421-: (DNS:NR) http://postmaster.info.aol.com/errors/421dnsnr.html 421 SERVICE NOT AVAILABLE (in reply to end of DATA command))



    Oh, and can I still use VPSlink's DNS control panel for dnscloud DNS servers?

  4. #4

    Default

    And thanks for the good travel wishes!

  5. #5
    Join Date
    Jun 2008
    Posts
    232

    Default

    Quote Originally Posted by meinemitternacht View Post
    Mar 27 13:02:41 meinkleinewelt postfix/smtp[1872]: 17E76FD9B5: to=<some_email_address@aol.com>, relay=mailin-01.mx.aol.com[205.188.156.248]:25, delay=409885, delays=409882/1.6/1.1/0.5, dsn=4.0.0, status=deferred (host mailin-01.mx.aol.com[205.188.156.248] said: 421-: (DNS:NR) http://postmaster.info.aol.com/errors/421dnsnr.html 421 SERVICE NOT AVAILABLE (in reply to end of DATA command))
    On a strictly forward and reverse lookup, it all checks out. Even using the aol checking tool.

    I'm thinking that your host is perhaps announcing itself on its hostname (meinkleinewelt) instead of the domain name (wfto.cc) so postfix host might well be: meinkleinewelt.wfto.cc which won't match the PTR record.

    Double check your "myhostname =" and "myorigin =" settings in main.cf to be sure they don't still have traces of a hostname. A postfix reload probably won't hurt either...

    Also if you're multihomed, it could be using your primary interface to establish connections so you need to be sure that postfix is using the right interface for outgoing requests. (Can't remember which setting that is offhand...)

    I'll PM you an email addr. If you send me an email, I'll be able to see where you're coming in from.

    Quote Originally Posted by meinemitternacht View Post
    Oh, and can I still use VPSlink's DNS control panel for dnscloud DNS servers?
    As I understand it, the two are supposed to be interchangeable, so yes. The decision on which to use is that if your registrar doesn't like one, you should use the other. But the final answer lies with VPSLink on that...

  6. #6
    Join Date
    Jun 2008
    Posts
    232

    Default

    Quote Originally Posted by chriss View Post
    Also if you're multihomed, it could be using your primary interface to establish connections so you need to be sure that postfix is using the right interface for outgoing requests. (Can't remember which setting that is offhand...)
    There's a couple of options. From the postfix docs:
    Code:
    smtp_bind_address (default: empty)
    
        An optional numerical network address that the Postfix SMTP client should bind to when
        making an IPv4 connection.
    
        This can be specified in the main.cf file for all SMTP clients, or it can be
        specified in the master.cf file for a specific client, for example:
    
            /etc/postfix/master.cf:
                smtp ... smtp -o smtp_bind_address=11.22.33.44
    
        Note 1: when inet_interfaces specifies no more than one IPv4 address, and that address
        is a non-loopback address, it is automatically used as the smtp_bind_address. This
        supports virtual IP hosting, but can be a problem on multi-homed firewalls. See the
        inet_interfaces documentation for more detail.
    
        Note 2: address information may be enclosed inside [], but this form is not required
        here.
    and:
    Code:
    inet_interfaces (default: all)
    
        The network interface addresses that this mail system receives mail on. Specify "all"
        to receive mail on all network interfaces (default), and "loopback-only" to receive
        mail on loopback network interfaces only (Postfix version 2.2 and later). The
        parameter also controls delivery of mail to user@[ip.address].
    
        Note 1: you need to stop and start Postfix when this parameter changes.
    
        Note 2: address information may be enclosed inside [], but this form is not required
        here.
    
        When inet_interfaces specifies just one IPv4 and/or IPv6 address that is not a
        loopback address, the Postfix SMTP client will use this address as the IP source
        address for outbound mail. Support for IPv6 is available in Postfix version 2.2 and
        later.
    
        On a multi-homed firewall with separate Postfix instances listening on the "inside"
        and "outside" interfaces, this can prevent each instance from being able to reach
        servers on the "other side" of the firewall. Setting smtp_bind_address to
        0.0.0.0 avoids the potential problem for IPv4, and setting smtp_bind_address6
        to :: solves the problem for IPv6.
    
        A better solution for multi-homed firewalls is to leave inet_interfaces at the
        default value and instead use explicit IP addresses in the master.cf SMTP server
        definitions. This preserves the Postfix SMTP client's loop detection, by ensuring
        that each side of the firewall knows that the other IP address is still the
        same host. Setting $inet_interfaces to a single IPv4 and/or IPV6 address is
        primarily useful with virtual hosting of domains on secondary IP addresses,
        when each IP address serves a different domain (and has a different $myhostname
        setting).
    
        See also the proxy_interfaces parameter, for network addresses that are
        forwarded to Postfix by way of a proxy or address translator.
    
        Examples:
    
        inet_interfaces = all (DEFAULT)
        inet_interfaces = loopback-only (Postfix version 2.2 and later)
        inet_interfaces = 127.0.0.1
        inet_interfaces = 127.0.0.1, [::1] (Postfix version 2.2 and later)
        inet_interfaces = 192.168.1.2, 127.0.0.1

  7. #7

    Default

    Ok, I finally got it to work.

    Here's the trick.

    When you're on anything that has multiple IP addresses, make sure you bind the SMTP server to your primary domain IP. In my example, this is the option you would set in /etc/postfix/main.cf

    smtp_bind_address=209.59.209.7

    And... magically, everything works.

    Imagine that.

    Thanks for the help chris

  8. #8
    Join Date
    Jun 2008
    Posts
    232

    Default

    Quote Originally Posted by meinemitternacht View Post
    And... magically, everything works.
    Yup, that should do it.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •