From owner-freebsd-questions Mon Mar 17 4:18:25 2003 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 92D5237B401 for ; Mon, 17 Mar 2003 04:18:23 -0800 (PST) Received: from pa-plum1b-166.pit.adelphia.net (pa-plum1b-122.pit.adelphia.net [24.53.161.122]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8186843F3F for ; Mon, 17 Mar 2003 04:18:22 -0800 (PST) (envelope-from wmoran@potentialtech.com) Received: from potentialtech.com (working [172.16.0.95]) by pa-plum1b-166.pit.adelphia.net (8.12.7/8.12.7) with ESMTP id h2HCIKTb010803; Mon, 17 Mar 2003 07:18:21 -0500 (EST) (envelope-from wmoran@potentialtech.com) Message-ID: <3E75BCFB.2090409@potentialtech.com> Date: Mon, 17 Mar 2003 07:18:03 -0500 From: Bill Moran User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.2.1) Gecko/20030301 X-Accept-Language: en-us, en MIME-Version: 1.0 To: "Paul D. Lathrop" Cc: Len Conrad , freebsd-questions@freebsd.org Subject: Re: Sending mail to this list References: <48294587-583E-11D7-A325-000393BF3DE2@nmu.edu> In-Reply-To: <48294587-583E-11D7-A325-000393BF3DE2@nmu.edu> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Paul D. Lathrop wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Monday, March 17, 2003, at 12:48 AM, Len Conrad wrote: > >>> I run many domains off of this machine - does it have to have a >>> reverse pointer that matches the domain name for every domain >> >> Only one PTR record per ip. Applications don't know how to handle >> more than one. >> >> Right now, the reverse zone for the ip that was rejected is delegated >> to rackspace NS, not yours. >> > > We use Rackspace's nameservers to manage our domains. Shouldn't that > mean it's already configured properly? > > Before I go bugging them about it, I want to be as learned as possible. > Thank you all for your help. Works like this: When you have the name mail.jujubeans.com and you need to contact that server, you do a forward DNS lookup and get (for example) 10.1.1.1. Now if you've received mail from 10.1.1.1 and you want to know whos mail server that is, you do a reverse DNS lookup on 10.1.1.1 and you'll get mail.jujubeans.com A server can have many forward DNS records. Quite often an ISP uses a single mail server to host many domains. mail.jujubeans.com might also be mail.somethingelse.com. But it can only have 1 reverse DNS record, otherwise the reverse DNS is invalid. In order to send email to FreeBSD, the following parts of this system are checked: 1) The name the mailserver announces in it's HELO line must resolve via forward DNS. It doesn't matter to what, it just has to resolve. 2) The IP of the server must reverse resolve to something, it doesn't matter to what: except that that name is then tested on a forward DNS check, which must work. My understanding is that these simple tests block thousands of spam emails per second! And we only get one person with trouble about once a month. The most common mistake I've seen people make is to add multiple reverse DNS records (when the machine has multiple forward DNS records) Most DNS servers will allow you to do this, but it doesn't work. The 'host' command is smart enough to respond intelligently even if rdns is configured wrong, so the easy way to check is to enter 'host my.ip.addy.x'. If it returns several different names for the server, then that's your problem. If it returns no name, then that's the problem. If it returns a name that doesn't forward resolve, then that's your problem. pulsenet.com (for example) doesn't have anyone on staff who understands this, and their servers are all hosed as a result. -- Bill Moran Potential Technologies http://www.potentialtech.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message