3

Since I switched ISP I'm having quite some problems with my mail. Sometimes mails will be rejected by the receiving side with the following message:

This is the mail system at host mail.xyz.ch.

I'm sorry to have to inform you that your message could not be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can delete your own text from the attached returned message.

The mail system ...

Action: failed Status: 5.7.1 Remote-MTA: dns; postrelay2.lrz-muenchen.de Diagnostic-Code: smtp; 550 5.7.1 Client host rejected: cannot find your hostname, [213.xxx.yyy.zzz]]

So apparently the receiving side of the communication is complaining that it could not find the hostname mail.xyz.ch in the reverse DNS lookup.

Now I'm sure that I configured all the PTR entries in bind to point to the real hostnames:

;
; BIND reverse data file for broadcast zone
;
$TTL    604800
@   IN  SOA dns3.xyz.ch. root.xyz.ch. (
               20100328     ; Serial
             604800     ; Refresh
              86400     ; Retry
            2419200     ; Expire
             604800 )   ; Negative Cache TTL
;
                NS      dns3.xyz.ch.
                 NS      dns2.xyz.ch.

129             PTR     ssh.xyz.ch.
129             PTR     www.xyz.ch.
129             PTR     mail.xyz.ch.

But a reverse DNS lookup still only provides the the ISP name: cust.static.213-xxx-yyy-zzz.swisscomdata.ch.

Any idea on how to fix this? Do I have to contact my ISP?

cdecker
  • 411
  • 2
  • 5
  • 18

4 Answers4

6

Typically the reverse DNS for the IP is managed by the ISP. This is not strictly speaking a guarantee, but I would be highly surprised if you were actually in charge of the reverse DNS record in this case. Generally speaking, a company purchases the use of those IPs from the ISP and as such, they maintain all IP specific records, including reverse DNS. Basically, whoever looks at your BIND database for DNS will see the record fine but assuming that is not the public authoritative DNS server for your domain setting the record there does you little to no good.

The short version - yeah you need to contact your ISP and ask them to change the record

Charles
  • 879
  • 5
  • 9
  • Precisely what I was about to say. – David Mackintosh Jun 04 '10 at 15:02
  • Right. One thing: do the ISPs change the ptr record on the client request? A lot of times (at least here in Italy) they tell you that they can delegate the entire zone, but not change one single record. How it works in other countries? – PiL Jun 04 '10 at 15:04
  • That is a good question which I am honestly not positive on, I used to work for a large mail hosting corporation here in the US and we dealt with similar issues to yours with clients all the time. I can tell you that at the University I work for now, all of our IPs that require them have their own specific rDNS record, so ours are definitely IP specific. – Charles Jun 04 '10 at 19:21
  • I asked the ISP, but being a bit slow haven't gotten a response yet. Keep your fingers crossed :-) – cdecker Jun 06 '10 at 15:32
  • I would check out this link, http://www.amset.info/exchange/dnsconfig.asp It basically says the same thing I did, the company responsible for the IP has to change the record. I don't really understand why they would refuse unless it is a shared IP, but if they really do then you can look at the option the article gives you. – Charles Jun 07 '10 at 14:50
3

So apparently the receiving side of the communication is complaining that it could not find the hostname mail.xyz.ch in the reverse DNS lookup.

In this case, no. It's just complaining that it couldn't find any reverse DNS entry for your IP address. The reverse DNS entry does not need to match the hostname you present yourself as.

In fact, even if the server does the more strict "Forward-Confirmed Reverse DNS" (FCrDNS) check, the hostname it finds still does not need to match the hostname you present yourself as in something like your HELO/EHLO. It only needs to confirm that the forward DNS lookup on the hostname returned by your Reverse DNS lookup matches your IP address.

So it's still perfectly fine, even for FCrDNS, for you to present yourself as "mail.xyz.ch" but have an IP address with a Reverse DNS entry for "something.else.co". And to make sure it confirms in the forward direction, "something.else.co" must have a forward DNS entry that points to your IP address.

But a reverse DNS lookup still only provides the the ISP name: cust.static.213-xxx-yyy-zzz.swisscomdata.ch.

In that case, it looks like Reverse DNS is working fine, at least from your end. Confirm this with an external Reverse DNS lookup tool to confirm other servers see the same thing.

If that finds the reverse DNS entry, then it's possible the error was at the receiving mail server. A temporary DNS problem at the receiving mail server could cause an error message like this. Usually such an error should cause the sending mail server to re-try sending later as this is classified as a temporary problem.

thomasrutter
  • 2,527
  • 1
  • 25
  • 34
1

The simple answer is to contact the company from where you are getting the IP, in my case it was Telstra and they have custDATA portal from where you can configure reverse DNS using online form. Thats it.

Thanks hope this helps.

Moazzam
  • 11
  • 1
0

Try:

dig -x 213.xxx.yyy.zzz

What's the response?

PiL
  • 1,599
  • 8
  • 6