reverse DNS issue

ericwi

New Email
Hi all,
Recently, I have this reverse dns issue that the recipient end is rejecting mails from my side. After conversing with the recipient, it was found the ip address of my antispam box is different when their server did a reverse lookup of my box. The ip address they received happened to be my firewall. I did an online reverse lookup of the ip address my recipient received and it reported the correct server hostname.
Before you can advise me what I can do, I probably need to tell all my current setup. I have a firewall facing the external world. Sitting behind the wall is my antispam appliance . My incoming/outgoing mails are routed through the antispam box.
I am total noob about this and seek anyone's advice what I can do.
Appreciated.
 

popowich

EQ Forum Admin
Staff member
Hi Eric,

There are at least two ways to fix the reverse DNS problem.

You can configure a static the NAT on the firewall so that outgoing email from your antispam appliance goes out it's IP address and not the IP address of the firewall.

You can also give the IP address of your firewall matching forward and reverse DNS with an outgoing email name such as smtp.your-domain.com.

You would have hardware, IP's, and DNS names something like :

firewall 1.1.1.1 smtp.your-domain.com
antispam appliance 1.1.1.4 mail.your-domain.com

Make sure the forward and reverse DNS match, and they they have a TTL of 24hrs unless you are expecting to make a DNS change soon. The longer TTL helps to keep you off of some blacklists.

-Raymond
 

ericwi

New Email
Hi Raymond,

Thanks for the reply, Raymond. The first solution seems to be plausible. How should the NAT settings be configured to tell the whole world antispam box is my smtp and not my firewall? Do I need to do port forwarding in this case?

The second solution is what my recipient sees at his end. When they did a rDNS lookup the outgoing and incoming IP address is different, at least what they've said.


Anyone has advice on this? Thanks.
 

popowich

EQ Forum Admin
Staff member
Right, they are seeing that since the email is leaving the network as your firewalls IP address. I'm not a firewall guy but what you need to do is create a NAT and a rule so that traffic originating from / leaving your email server goes out that IP address and not the generic outgoing IP address that the rest of your traffic is going out as. Give your firewall tech support a call or check the documentation and you should be able to get the NAT created.

If you let us know your domain name and your IP addresses I can help you put together a request you can send the support in an email or read to them over the phone so help get the problem resolved.
 
Top