Reverse DNS lookup

[bdoub1eu]

Guys, I have a question about DNS and was wondering if someone could explain this a little further...

We get a block of IP's from our service provider and they are having problems with the reverse lookup for those block of IP's resolving.

We are receiving emails from some people but not others and it is directly related to this issue. I know how important DNS is in sending and receiving emails, but I thought reverse lookup was only used when we would send an email out and the receiving party could check our reverse lookup to see if we are who we say we are. I didn't think it affected inbound emails.

Any thoughts on this? Thanks in advance!

 

[jouell]

For your incoming email issue:


You mail servers must have a valid MX and A records for incoming mail:

Example for microsoft.com:

microsoft.com MX preference = 10, mail exchanger = mailb.microsoft.com
microsoft.com MX preference = 10, mail exchanger = mailc.microsoft.com
microsoft.com MX preference = 10, mail exchanger = maila.microsoft.com

microsoft.com nameserver = ns1.msft.net
microsoft.com nameserver = ns2.msft.net
microsoft.com nameserver = ns3.msft.net
microsoft.com nameserver = ns4.msft.net
microsoft.com nameserver = ns5.msft.net
mailb.microsoft.com internet address = 207.46.121.51
mailb.microsoft.com internet address = 131.107.3.123
mailc.microsoft.com internet address = 207.46.121.52
mailc.microsoft.com internet address = 207.46.121.53
maila.microsoft.com internet address = 131.107.3.125
maila.microsoft.com internet address = 131.107.3.124
ns1.msft.net internet address = 207.46.245.230
ns2.msft.net internet address = 64.4.25.30
ns3.msft.net internet address = 213.199.144.151
ns4.msft.net internet address = 207.46.66.75
ns5.msft.net internet address = 207.46.138.20



So do an nslookup -q=mx yourdomain.com internally, and externally and see what happens.


-John

 

[bdoub1eu]

I do see all our MX records and IP's...

The domain name is called chemspec.com

What I don't see is the reverse lookup for our Primary MX record...I know that many companies will reject emails if we don't have a reverse lookup, but why would that affect inbound emails being sent to us?

 

[jouell]

RFC1912 section 2.1 says you should have a reverse DNS for all your mail servers. It is strongly urged that you have them, as many mailservers will not accept mail from mailservers with no reverse DNS entry.

more info here:

http://dnsbl.net.au/faq/reverseDNS/

-John

 

[bdoub1eu]

But would not having a reverse lookup affect incoming mail being sent to us?

 

[jouell]

Great Q.

I suppose it should not, in theory, but not %100 here.
Add one and see what happens, =).

Is there a reason you dont' want one or the ISP refuses?
Also turn up logging and let us know the SMTP conversation of the failing domains.

What SMTP server is in use?

-John

 

[bdoub1eu]

We have no reason not to have one...There are some mail servers out there that will reject emails if we don't have a reverse lookup...

I did tell our ISP to create one for us and they are having problems in doing that (Why, I don't know) but they tell us that the reason that we weren't receiving some emails was because they were having problems in creating the reverse lookup. I think they are lying to me because I haven't heard anything about not receiving emails because of not having a reverse lookup.

 

[ChrisAC]

The reverse lookup thing should not affect you receiving emails from others, only sending to other mail servers that do reverse checking.

For those that have not been able to send to you, I would ask them to investigate their mail logs and see why they were inable to connect to your servers. Maybe they have a DNS problem and so were unable to resolve your MX records. Is your server doing reverse lookups on inbound connections? Is it checking SMTP blacklists? Have those senders received any bounce messages?

Chris.


**********************
Chris A.C, CCNA, CCSA
**********************