Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Reverse DNS entries?
  •  
mrshermanoaks

Messages: 35
Karma: 0
Send a private message to this user
Can someone help explain to me how to setup a reverse DNS entry so that AOL and others will stop blocking my outgoing emails?

I have a KMS system with a primary domain (pdomain.com) and a couple of secondary domains (sdomain1.com, sdomain2.com). I use GoDaddy's Total DNS management system.

I have an A record for pdomain.com, and an MX record pointing to that domain. Each of the secondary domains has the MX pointed to pdomain.com.

My understanding is that a reverse DNS entry is something I would do on the GoDaddy side, not the KMS side, correct? I think their tool for creating an SPF record is what I would use, but I can't quite tell if I've got it set up correctly. I have an entry for:

Host: <_a.t_>
TXT value: v=spf1 a mx ptr ~all

I would greatly appreciate it if someone point me in the right direction here. My KMS is useless if I can't send emails to these big systems.
  •  
dskbass

Messages: 19
Karma: 1
Send a private message to this user
I had the same problem after my IP address needed to be changed. the ptr record in my isp's router was entered wrong and my server never passed a reverse dns test

http://www.comcast.net/help/faq/index.jsp?faq=SecurityMail_P olicy18784)

http://www.postmaster.aol.com/tools/rdns.html

[Updated on: Thu, 03 July 2008 02:54]

  •  
pantera10

Messages: 56
Karma: 0
Send a private message to this user
HI,

You have to check your Reverse DNS entry with your ISP. Some ISP doesn't allow to change it and some allows it (In France, Nerim and Free allow this).

I've configured my PTR to point to my domain but I cannot send to AOL. I'm geeting this error:
554 RTR:SC
http://postmaster.info.aol.com/errors/554rtrsc.html
EXPLANATION:
This error message is indicative of a block due to successive complaint based dynamic blocks against your IP address.

Do you have the same error?

Regard,
Aurélien

Kerio Connect 7.0.1 on Open Suse 11.1 64 bits
Outlook 2007 with KOFF. 100 users
  •  
winkelman

Messages: 2119
Karma: 3
Send a private message to this user
mrshermanoaks wrote on Wed, 02 July 2008 22:40


My understanding is that a reverse DNS entry is something I would do on the GoDaddy side, not the KMS side, correct? I think their tool for creating an SPF record is what I would use

SPF != PTR.

You'd indeed have to set up your PTR record at your DNS provider.

You may also setup SPF, but that's something separate.
  •  
freakinvibe

Messages: 1552
Karma: 62
Send a private message to this user
PTR is something completely different from SPF. So you CANNOT create a PTR record by creating an SPF record.

But it is important to know, that AOL and others don't expect your PTR record to match your A / MX record. AOL just expects that a PTR record exists. For example:

My A record is

mail.wdr.org. 86400 IN A 62.2.90.188

The corresponding PTR record is

62-2-90-188.static.cablecom.ch

This config is accepted by AOL.
Quote:

This error message is indicative of a block due to successive complaint based dynamic blocks against your IP address.


This indicates that you are on a blacklist (that lists ranges of dynamic IP addresses), it has nothing to do with your PTR record.

Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
  •  
rigo

Messages: 123
Karma: -3
Send a private message to this user
call the guys that assigned your IPs, they can set those tables for you--they are a must with mail servers.

They can be generic but they have to be there.
  •  
mrshermanoaks

Messages: 35
Karma: 0
Send a private message to this user
OK, so it's not GoDaddy (who manages my DNS) or Kerio Mail Server I need to work with. It's the colocation facility where my mail server machine is hosted and has controls over the IP addresses.

OK, got it. Thanks for the tips, that was one place I had not been looking.
  •  
mrshermanoaks

Messages: 35
Karma: 0
Send a private message to this user
An email to my colocation support address, and 5 minutes later it's set up and AOL is recognizing my mail again.

Thanks for pointing me in the right direction!
  •  
jaikudo

Messages: 83
Karma: 0
Send a private message to this user
Does anybody know why they make such a fuss about reverse DNS anyway? Most dial-up and DSL connections have a basic reverse DNS entry so it isn't like it is going to stop much spam by requiring it. They don't even check that the reverse DNS matches the domain you are sending from. It just seems like another one of those pointless hoops you have to jump through when you run a mail server. Mad
  •  
freakinvibe

Messages: 1552
Karma: 62
Send a private message to this user
Quote:

They don't even check that the reverse DNS matches the domain you are sending from.

It makes sense they don't check if reverse DNS matches. Let's say, you are hosting e-mails for two different domains on your mail server. You can only have one PTR record for the IP address of your mail server. So all mail from the second domain would be considered as spam.

Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
  •  
winkelman

Messages: 2119
Karma: 3
Send a private message to this user
To my knowledge you can have several PTR records for a single IP and to my knowledge mailservers checking reverse DNS most often do require the domain name the email server is advertising during SMTP to be (one of) the returned PTR domain name(s).

Servers hosting multiple domains have several options: have all domains listed in the PTR record of the IP address. Or have all separate domains report the same domain name during SMPT. The domain name of the emails themselves do not have to match the domain name as reported by the mail server during SMTP. (That's why the 'Internet hostname' is a single option in KMS that has nothing to do with the multiple email domains KMS may be hosting.) That's the way I do it anyway.
  •  
freakinvibe

Messages: 1552
Karma: 62
Send a private message to this user
It is technically possible to assign more than one PTR record per IP address, but not recommended:

----
Multiple PTR records

While most rDNS entries only have one PTR record, it is perfectly legal to have many different PTR records. However, having multiple PTR records for the same IP address is generally not recommended unless there is a specific need. For example, if a webserver supports many virtual hosts, there can be one PTR record for each host and some versions of name server software will automatically add a PTR record for each host. Multiple PTR records can cause a couple of problems, including triggering bugs in programs that only expect there to ever be a single PTR record and, in the case of a large webserver, having hundreds of PTR records can cause the DNS packets to be much larger than normal.
----

from:
http://en.wikipedia.org/wiki/Reverse_DNS_lookup#Multiple_PTR _records

I haven't heard of any big companies that check if the string after the SMTP HELO command matches the PTR record. Companies like AOL only check if a PTR record exists.

Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
Previous Topic: Problem with kerio mail server
Next Topic: Kerio Mail on private and public segment
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sat Nov 18 15:12:52 CET 2017

Total time taken to generate the page: 0.00512 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.