trinity-devel@lists.pearsoncomputing.net

Message: previous - next
Month: December 2015

Re: [trinity-devel] TDE list rDNS/HELO

From: "Timothy Pearson" <kb9vqf@...>
Date: Thu, 3 Dec 2015 13:16:04 -0600
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA224

> On Wed December 2 2015 23:53:51 Michael Howard wrote:
>> I've been getting hammered by spam so tried a few things, rDNS checks
>> being one of them. Unfortunately, the mail server checks the rDNS for
>> the host (mail.pearsoncomputing.net), the domain alone is not sufficient
>> ( See results from 'mxtoolbox.com' - Your Reverse DNS Record (PTR) is
>> not a valid host name. According to email sending best practices, a PTR
>> Record should be a valid host name. If the PTR Record is not a valid
>> hostname, there is a likelihood that you will experience email delivery
>> issues with anti-spam services.)
>
> I have been using rDNS checks for as long as I can remember
> and I don't see any problems with TDE lists.  TDE list mails
> arrive here from 192.119.205.242.  rDNS maps this to
> pearsoncomputing.net and DNS in turns maps that back to
> 192.119.205.242 so no problem.
>
> I think you're running into problems checking HELO
> (or EHLO) rather than rDNS.
>
> mail.pearsoncomputing.net is an A record with no PTR
> which is allowed but it might be better if it had a
> PTR (an IP can have more than one) or if mail.p...
> were a CNAME (which is allowed because it is not used
> in an MX record or NS record).
>
> One doesn't usually check HELO that stringently but
> Tim might want to avoid the problem by setting
> "smtp_helo_name = pearsoncomputing.net" in main.cf.
>
> --Mike

As you can probably infer the main problem is that my ISP doesn't provide
enough IP addresses (at a cost I am willing to pay) for all the services
running here.  From what I understand multiple rDNS records for the same
IP is likely to cause more problems than it's worth as well.

After the servers are relocated next year there should be more IP
addresses available, which will make this problem go away.  I'm not all
that keen on changing the HELO string as it isn't technically the domain
that's identifying, it's that specific mail server, and over time there
may be more than one mail server (for redundancy, etc.).

Since this has affected only one person in 5 years, I'm treating this like
the DKIM problem for the moment; give it more time and it might go away.
:-)

Tim
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iFYEARELAAYFAlZglPQACgkQLaxZSoRZrGHeuQDeKchHK/k/UohhsEhfdk09I9eW
qSDFAfjXF/JBJgDeLmVKCabJuL7XCa/7FZKHxIsiFwPuDdccHvILXA==
=m1aX
-----END PGP SIGNATURE-----

powered by ezmlm-www (v1.4.5)