mail server PTR record question

Forum Moderators: phranque

Message Too Old, No Replies

mail server PTR record question

co-lo giving me wrong info?

LifeinAsia

1:26 am on Aug 23, 2014 (gmt 0)

I have 2 domains on the same server: example.com and example2 dot com. They both use the same mail server. They all have the same IP address.

Currently, there is a PTR record for mail.example.com. When mail is being sent from example2 dot com, some places are rejecting the message because the host name doesn't match the IP address.

According to our co-lo center, they can not create a second PTR record for mail.example2 dot com for the same IP address- they said only 1 name per IP.

We have multiple SPF records, why not multiple PTR records?

And if you can't have multiple PTR records, then how does everyone else do it? Hosting companies host dozens of sites on the same IP address- how do they do their PTR records for each of the sites?

lammert

1:55 am on Aug 23, 2014 (gmt 0)

Adding two PTR records for one IP address has no technical advantage, because you don't know which of the two names is returned when the PTR record is requested by the remote server. Best case there would be a round robin scheme with a 50% chance of a match. But often when a remote mail server rejects messages based on reverse DNS check, the problem is not in the PTR record but somewhere else.

First of all, there is no restriction that the PTR record should match the domain mentioned in From: headers of the email message. That would practically limit the number of possible domains on a server to one, which you already mentioned as not being practical. But it is necessary that a PTR record exists, and more important, it is necessary that if the remote SMTP performs a DNS check on that specific domain name, it will get back the IP address of your server.

As an example, if your server 192.168.10.10 has a PTR record example.com, than the DNS query of example.com should return 192.168.10.10

A second problem which can cause your sent emails to be rejected due to DNS problems is in the SMTP HELO name that your server sends to the receiving mail server. The HELO name is configured in your email server software and is sent to the receiving email server in the negotiation phase of the sending process. This HELO name can be different from the domain name mentioned in the PTR record. The domain name in the HELO header should pass the same cyclic check as I mentioned above. I.e. if your HELO domain name is smtp.example.com, then the IP address of the DNS query on smtp.example.com should be the IP address of the actually sending server.

Another question, do you have MX records configured for your domains to indicate where incoming mail should be going? Although strictly seen not necessary when your A record of your domain is already pointing to your mail server, I would recommend setting MX records for your domains, because some mail server configurations might also have problems with DNS checks if they cannot find a MX record for the sending domain.

LifeinAsia

11:16 pm on Aug 24, 2014 (gmt 0)

Ah, I see- that makes sense. Thanks for the clarification!

Actually, it looks like the issue may be that mail.example2 dot com didn't have a DNS entry. It apparently fell through the cracks. (The mail. "subdomains" for all our other sites sending out mail have DNS entries except for one.) So I have asked out co-lo to update their DNS for it.