Reverse Dns Question...is it really necessary or not?
Len Conrad
LConrad at Go2France.com
Tue Jul 20 16:13:46 UTC 2004
> >They may indeed have address->name mappings, but very seldom does
> >one have an MX record. Not MX record, then it is not a legitimate
> >mail relay.
This is a total BS conclusion.
The following is all you need, and it is my recommended best practice:
A _single_ PTR record per the (outbound) MTA's IP:
d.c.b.a.in-addr.arpa. PTR mx1.domain.tld.
and a single A record for its PTR hostname:
mx1.domain.tld. A a.b.c.d
... period. The above records have no relationship with or dependence upon:
1. any MX records, nor any
2. any envelope sender/recipient domains that transit the IP.
The above are DNS settings are referred to as "matching" PTR and A records.
Going a little further, I also recommend that two SMTP values should match
the above hostname, if only because "why not?", and to encourage people
learn what their ofen-ignored below are:
the SMTP-greeting hostname:
220 mx1.domain.tld
and the HELO hostname:
EHLO mx1.domain.tld
With the above 2 DNS records and the 2 SMTP/MTA settings, you'll have no
difficulty getting your mail delivered to MTAs that use DNS/SMTP values as
validations or credentials for the sending IP. Many, and probaly
increasingly more, MX either insist on PTR/A matching, or, will weight the
absence of PTR/A matching as heavily as no PTR. My own policies consider
no PTR to be one foot in hell, and one more "envelope stage" error will
cause rejection after RCPT TO:
And the 4 settings above will even get your mail past extreme checks, quite
rare, that insist the SMTP greeting/helo hostnames MUST match the PTR/A
records.
Further SMTP settings are accounts for the above hostname:
abuse at mx1.domain.tld
postmaster at mx1.domain.tld
and for the domain literals:
postmaster@[a.b.c.d]
abuse@[a.b.c.d]
The anonymous postmaster@ and abuse@ accounts should end up in a person's
mailbox.
Len
_____________________________________________________________________
http://IMGate.MEIway.com : free anti-spam gateway, runs on 1000's of sites
More information about the bind-users
mailing list