Mailing List CGatePro@mail.stalker.com Message #94382
From: Uwe Baemayr <cgate@baemayr.com>
Subject: Re: Multiple domains and reverse DNS
Date: Wed, 19 Mar 2008 23:03:23 -0500
To: CommuniGate Pro Discussions <CGatePro@mail.stalker.com>
X-Mailer: Pegasus Mail for Windows (4.41)
Hi Larry:

On 18 Mar 2008 at 1:18, lar@mwtcorp.net wrote:

> On Mon, 17 Mar 2008 23:57:27 -0500
>   "Uwe Baemayr" <cgate@baemayr.com> wrote:
> >
> > Received: from main.net ([1.2.3.7] RDNS failed) by receiver.net with
> >          Microsoft SMTPSVC(6.0.3790.1830); Sat, 15 Mar 2008 00:15:41 -0500
>
> Uwe, Typically if 1.2.3.7 reverses to gomer.subdomain.net and gomer.subdomain.net
> has a forward of 1.2.3.7 the mail goes through even when the HELO identifies
> itself as main.net. MTA's are not susposed to reject based on HELO for this
> very reason. That said we have all had to do crazy things to fight the evil
> spammers. Someone might be braking this rule.
> I would doublecheck my reverse<==>Forward pair for a typo between the two.
> Most likely that is what has happened.

I'm sorry I wasn't clear -- the mail is being delivered; however, the "RDNS
failed" text is being added to the received line.  The receiving server in
this case is a Microsoft Antigen firewall.  It does reject many messages if
reverse DNS is invalid, but it's letting these through after adding "RDNS
failed".  This is what's concerning me.

I just checked reverse DNS for both the main domain and the subdomain and it
is correct for both.

> On 18 Mar 2008 at 7:04, Richard Davis wrote:
>
> > No matter what domain any mail server is hosting it will always identify
> > itself as it's registered name and send from the IP for that registered
> > domain.

This is what surprised me: it just seems to me that the administrator should
be in control of what the server says on the HELO line -- I was surprised
that this is fixed.  

> > Basic setup...
> >
> > Register your CGP server as server.domain.net not just domain.net.
> >
> > That lets you point dns for domain.net to a web server separate from
> > your email server.
> >
> > Also put an alias entry of domain.net in the domain configuration of
> > server.domain.net. This will ensure email addressed to user@domain.net
> > gets delivered.
> >
> > The only reason I have any other IP's configured for any hosted domains is
> > for web mail. I do the same for hosted domains as the registered domain.
> > Set it up as server.hosteddomain.net with an alias for hosteddomain.net.
> > It is so users do not need to type their domain when logging in thru web
> > mail. And they access web mail with the url server.hosteddomain.net. Again
> > this lets me point hosteddomain.net to the primary web server.
> >
> > Just to be thorough, I have reverse dns set correctly for each
> > server.domain that has it's own IP and have never had any problems.

Our web server and email server are currently the same machine.  We're not
big webmail users, and entering the :8100 really hasn't been an issue, but I
definitely see your point.  We do have aliases for mail.domain.org pointing
to domain.org so we can split them in the future.  Having enough volume to
make that necessary would be a nice problem to have. :-)

Thanks again for your replies.  I think I'll stop worrying about the RDNS
failed message and chalk it up to a cranky firewall.

--- Uwe


Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster