Join Log in
Score:0
Bruce Button avatar Server

How to avoid reverse DNS errors

sk flag
Bruce Button

I am running a mail server (Exim) on a VPS (Ubuntu 22.04 LTS). I am able to send and receive emails without problem, but I do get the following errors from mxtoolbox.com:

Reverse DNS does not contain the hostname
Reverse DNS does not match SMTP Banner

The report from mxtoolbox gives me these details for the transcript:

Transcript: 220 server.imago-web.co.za ESMTP Exim 4.95 Ubuntu Fri, 07 Jul 2023 10:09:53 +0000 [249 ms]

I do have a ptr record which points back to the server hostname, which is given as server.imago-web.co.za. (with a full stop at the end of the name).

As far as I can see, the ptr record should correlate with the SMTP banner as given out by Exim. I have also tried mail.imago-web.co.za. but that gives the same error. (My current mail server setup does not require a delay for uknown hosts.)

Any help in resolving this would be highly appreciated!

85
3 + 2
Paul avatar
cn flag
Paul
Typically your IP address has been assigned to you by your hosting ISP, and the rDNS record is configured with the IP address owner. Is this where you created the record?
0
Reply
Bruce Button avatar
sk flag
Bruce Button
Yes. The hosting is with A2, and they have given the IP address. I'm using nameservers at Bunny.net, and the ptr record is created there, along with all the other DNS records.
0
Reply
Score:1
Zac67 avatar Server
ru flag
Zac67

Many MXes test connecting hosts using forward-confirmed reverse DNS (FCrDNS) since reverse DNS names can be so easily spoofed.

They reverse resolve the connecting IP address to a host name per PTR record (here: server.imago-web.co.za) and then forward resolve that host name (that doesn't work here) per A record, and expect to get the initial IP address. If that host name also matches your MTA's HELO name, that's all the better.

Accordingly, you should set the PTR to mail.imago-web.co.za and use that in HELO as well.

+ 5
Paul avatar
cn flag
Paul
I have observed that many FCrDNS tests only check the existence of an A/AAAA record, but returning a 200 response is sometimes required. The significance is just that sometimes results appear inconsistent.
0
Reply
Bruce Button avatar
sk flag
Bruce Button
Thanks for that insight, Zac67. As far as I can see, the hosting provider has set the ptr record to server.imago-web.co.za (as noted by Paul above), and I don't have access to that ptr record. But perhaps it would help to add an A-record linking server.imago-web.co.za to the IP address?
0
Reply
Zac67 avatar
ru flag
Zac67
@BruceButton I'd prefer using a more specific name = make the ISP change the PTR but your way is another solution.
0
Reply
Bruce Button avatar
sk flag
Bruce Button
@Zac67, thank you. With reference to your post above, would my MTA's host name be server.imago-web.co.za (see transcript in OP above), or mail.imago-web.co.za? (I must say, I do find the term 'host' somewhat confusing at times. It seems to refer to so many things.
0
Reply
Zac67 avatar
ru flag
Zac67
@BruceButton Which host name you actually use doesn't matter. What matters is that the PTR provides a name that resolves to the same IP for FCrDNS to work.
0
Reply
Score:1
Paul avatar Server
cn flag
Paul

The reverse DNS record is configured for the IP address, not the domain name.

For A2 hosting, you need to open up a support ticket and request them to set your rDNS.

Configuring reverse DNS

If you have a VPS or dedicated hosting account, we can set up reverse DNS for you. To do this, please open a support ticket on the Customer Portal at https://my.a2hosting.com. In the ticket, please specify the domain you want to configure for reverse DNS, as well as your account's IP address.

Shared and reseller servers already have reverse DNS configured for the main IP address. If you find that this is not the case for your account, please open a support ticket and let us know. Make sure you include your domain name and IP address in the ticket. If you have a dedicated IP address we can set up reverse DNS for you. To do this, please open a support ticket on the Customer Portal at https://my.a2hosting.com. In the ticket, please specify the domain you want to configure for reverse DNS, as well as your account's IP address.

+ 1
Bruce Button avatar
sk flag
Bruce Button
Thank you, Paul. That is very helpful. I will follow your instructions!
0
Reply
Score:0
avatar Server
ws flag
symcbean

I do have a ptr record which points back to the server hostname, which is given as server.imago-web.co.za.

Not from here it doesn't:

> server.imago-web.co.za
Server:  UnKnown
Address:  fd86:73ea:ff6b:0:8275:1fff:fef0:8c48

Non-authoritative answer:
Name:    server.imago-web.co.za
Address:  216.137.181.37

> set type=PTR
> 216.137.181.37
Server:  UnKnown
Address:  fd86:73ea:ff6b:0:8275:1fff:fef0:8c48

Non-authoritative answer:
37.181.137.216.in-addr.arpa     name = imago-web.co.za

Since your MX record is for "mail.imago-web.co.za", that is the name you should have in your HELO and in your PTR record.

+ 3
Bruce Button avatar
sk flag
Bruce Button
Thank you for those insights. When I query `dig -x 216.137.181.37` on Linux server I get (inter alia) `;; ANSWER SECTION:` `37.181.137.216.in-addr.arpa. 0 IN PTR server.imago-web.co.za.` I wonder how that correlates (or not) with your queries?
0
Reply
ws flag
symcbean
DNS changes still need time to propagate. This may simply be a timing issue, but maybe you should check some other DNS servers
0
Reply
Bruce Button avatar
sk flag
Bruce Button
Thanks again for your comment. It seems as though I can't get rid of all the warnings, but it does seem as though everything is set up correctly. Other domains are recognizing and approving the spf and dkim checks, so that is a positive sign.
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.