How to setup Reverse DNS on Mara?

Remco Rijnders remco at webconquest.com
Tue Dec 16 02:49:12 EST 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Greg Platt - Platt Consultants schreef:
> I'm hosting a dedicated server using Debian v3.0.r4 and running Mara as my
> DNS server. The server presently hosts about 2 dozen domains.
> 
> Apache 2 runs in virtual host mode on my server which means the server has
> only 2 IP addressees - not 2 per domain - just 2 for the entire server. For
> many hosts today's email rules seem to require a valid Reverse DNS entry for
> each domain on a server. But I did not know how to set up Reverse DNS when I
> installed Mara and even now know very little about how this works (or should
> work) in a virtual hosting environment..
> 
> However, it has become evident to me that I'm going to NEED to setup reverse
> DNS because some servers now reject all inbound email if it they cannot find
> a valid Reverse DNS pointer for the domain (or is it for the server?)
> sending the email. Lately, I'm getting complaints from users about emails
> they send bouncing back to them for mysterious reasons with cryptic error
> messages.
> 
> I've concluded one reason for that is the lack of any reverse DNS pointers
> in Mara. But I'm not sure how to set them up and the Mara docs are ominously
> silent on this subject. Although they do at least mention they support PTR
> records which I gather are part of what is required to create reverse DNS
> entries.
> 
> Have I overlooked something here? Or can someone explain to me what needs to
> be done to provide valid reverse DNS entries in Mara?

Hi Greg,

Your question is not mara specific, even though it does touch certain
DNS issues / concerns which you should be aware of as a mail administrator.

Certain mail receiving mail servers check to see that the hostname
communicated by your smtp server during the mail session does indeed
resolve to the IP address your smtp server is on. Furthermore, they
might also see if the reverse DNS resolves to the same. The reason that
they do this is that it helps (to some extent) in combatting spam
problems. Wikipedia has an article on this which briefly explains this
situation. You can find it at
http://en.wikipedia.org/wiki/Forward_Confirmed_reverse_DNS .

If for example you have your mail server configured as
smtp.gregplattindustries.com and on IP address 1.2.3.4, this is not a
guarantee that it will work, even when a lookup for
smtp.gregplattindustries.com will resolve to 1.2.3.4. What is important
here is that the reverse lookup of 1.2.3.4 gives
smtp.gregplattindustries.com as hostname. Based on the situation you
describe, I doubt that is the case. The reverse DNS is probably set to
something like server-28393.yourdedicatedISP.net. The reverse DNS is
controlled by the ISP that hosts your dedicated server and it is not
common for them to delegate this responsibility to you.

What can one do about this then? Either you set your mail server
hostname to what the reverse DNS is set to (see for example on
http://remote.12dt.com/ ), or you ask your ISP to set the reverse DNS to
smtp.gregplattindustries.com . Once they've done this you should
experience no further problems with this. Contact your hosts support
desk and see if they can change this for you or offer an interface to
set PTR records yourself.

Note that you can still tell your customers to use smtp.theirdomain.com
as outgoing mail server and have that resolve to the IP of your own mail
server. The communication between your mailserver and your client is not
affected by any of this; Only the communication between your mailserver
and that of the recipient should go smoother now as forward and reverse
DNS now match.

In the event that you should have the authority over your own reverse
DNS zone (unlikely, but not impossible), Mara does offer support for
this. See http://www.maradns.org/faq.html#rdns for further info on this.

If after this you still have problems, please feel free to contact me
directly.

Kind regards,

Remco

- --
Jabber / GT: remmy at jabber.xs4all.nl ICQ: 760542 MSN: remco at webconquest.com
PGP: 0xE4E2CDAB -- encrypted email preferred
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAklHXXgACgkQP0wYCuTizauCGgCgnNQM9BSM5Fjfmqd/e1TC3xAy
DOsAn0wPu4AiYwYkUEwASj/22/gRbcL6
=ieM/
-----END PGP SIGNATURE-----


More information about the list mailing list