reverse DNS issue

Discussion in 'Email Discussions' started by ericwi, Jun 3, 2010.

  1. ericwi

    ericwi New Email

    Joined:
    Jun 3, 2010
    Messages:
    2
    Likes Received:
    0
    Hi all,
    Recently, I have this reverse dns issue that the recipient end is rejecting mails from my side. After conversing with the recipient, it was found the ip address of my antispam box is different when their server did a reverse lookup of my box. The ip address they received happened to be my firewall. I did an online reverse lookup of the ip address my recipient received and it reported the correct server hostname.
    Before you can advise me what I can do, I probably need to tell all my current setup. I have a firewall facing the external world. Sitting behind the wall is my antispam appliance . My incoming/outgoing mails are routed through the antispam box.
    I am total noob about this and seek anyone's advice what I can do.
    Appreciated.
     


  2. popowich

    popowich EQ Forum Admin Staff Member

    Joined:
    Aug 12, 2008
    Messages:
    8,994
    Likes Received:
    120
    Hi Eric,

    There are at least two ways to fix the reverse DNS problem.

    You can configure a static the NAT on the firewall so that outgoing email from your antispam appliance goes out it's IP address and not the IP address of the firewall.

    You can also give the IP address of your firewall matching forward and reverse DNS with an outgoing email name such as smtp.your-domain.com.

    You would have hardware, IP's, and DNS names something like :

    firewall 1.1.1.1 smtp.your-domain.com
    antispam appliance 1.1.1.4 mail.your-domain.com

    Make sure the forward and reverse DNS match, and they they have a TTL of 24hrs unless you are expecting to make a DNS change soon. The longer TTL helps to keep you off of some blacklists.

    -Raymond
     

  3. ericwi

    ericwi New Email

    Joined:
    Jun 3, 2010
    Messages:
    2
    Likes Received:
    0
    Hi Raymond,

    Thanks for the reply, Raymond. The first solution seems to be plausible. How should the NAT settings be configured to tell the whole world antispam box is my smtp and not my firewall? Do I need to do port forwarding in this case?

    The second solution is what my recipient sees at his end. When they did a rDNS lookup the outgoing and incoming IP address is different, at least what they've said.


    Anyone has advice on this? Thanks.
     
  4. popowich

    popowich EQ Forum Admin Staff Member

    Joined:
    Aug 12, 2008
    Messages:
    8,994
    Likes Received:
    120
    Right, they are seeing that since the email is leaving the network as your firewalls IP address. I'm not a firewall guy but what you need to do is create a NAT and a rule so that traffic originating from / leaving your email server goes out that IP address and not the generic outgoing IP address that the rest of your traffic is going out as. Give your firewall tech support a call or check the documentation and you should be able to get the NAT created.

    If you let us know your domain name and your IP addresses I can help you put together a request you can send the support in an email or read to them over the phone so help get the problem resolved.
     

Want to reply or ask your own question?

It only takes a minute to sign up (and it's free!). Click the orange sign up button to choose a username and then you can ask your own questions on the forum.
Loading...