2

Have searched everywhere, can't find answer.

I have the domain mydomain.com. The root and www records point to my main server, which runs my website.

I am now using a separate AWS ec2 instance to set up an email server for my domain. This is running on the subdomain mail.

My dns looks like this:

A @ webserverip
A www webserverip
A mail ec2ip

To prevent my server from getting flagged for spam, I submitted the amazon reverse dns form here: https://aws.amazon.com/forms/ec2-email-limit-rdns-request

I gave them the ip of my ec2 mail server, and put "mail.mydomain.com" in the "Reverse DNS Record for EIP 1" box.

However, I keep receiving emails back from them saying:

When attempting to map the reverse DNS entry, we notice that this is failing because the PTR record doesn't match the A record for that domain.

We currently require the forward A record to match the PTR record for all reverse DNS entries.

I really don't understand what I am doing wrong. The "mail" subdomain has an A record pointing to my ec2 server ip. Any assistance would be greatly appreciated!

(I am using cloudflare for my dns if this makes any difference)

Community
  • 1
  • 1
Callum B
  • 21
  • 1
  • 2

1 Answers1

1

You can follow these steps to configure the DNS for your EC2 dedicated mail server on AWS:

STEPS

  1. Add two A host records for pop.mydomain.com and smtp.mydomain.com that point to your elastic IP and assign your MX record to the smtp.mydomain.com host.
  2. Add a CNAME record (not A host record) for mail.mydomain.com that points to the DNS entry assigned by AWS (e.g., ec2-XXX-XXX-XXX-XXX.REGION.compute.amazonaws.com).
  3. Submit your rDNS request for smtp.mydomain.com mapping to your EIP.
  4. Don't forget to add the SPF TXT record for your mail server. For example, v=spf1 mx a

Once you're done with this setup, you should have a proper mail server configuration in terms of DNS that would pass SMTP tests and avoids being flagged as spam.

Khalid T.
  • 10,039
  • 5
  • 45
  • 53
  • Thanks so much for helping. I made the changes and resubmitted the form, I will let you know if it worked! – Callum B Jan 02 '17 at 10:58
  • @KhalidT. this doesn't make sense. This is neither required by AWS nor is it a valid configuration at all. The value of a PTR record must point to an A record, not a CNAME record pointing to an A record. *"the value of a PTR record must not be an alias"* -- [https://tools.ietf.org/html/rfc2181#section-10](RFC-2181 Sec 10.2). If `mail.example.com` is a CNAME, then it is an alias, in the sense intended in the RFC. – Michael - sqlbot Jan 02 '17 at 13:41
  • @Michael-sqlbot: You are absolutely right. I guess I wasn't clear in my answer above. I forgot to mention the reverse DNS request to AWS must include the MX record host `smtp.mydomain.com`, not `mail.mydomain.com`. I have re-written the answer. – Khalid T. Jan 02 '17 at 17:07