Mailing List CGatePro@mail.stalker.com Message #104882
From: Nicolas Hatier <nicolas.hatier@niversoft.com>
Subject: Re: Reverse DNS mismatch
Date: Fri, 04 Apr 2014 12:26:49 -0400
To: CommuniGate Pro Discussions <CGatePro@mail.stalker.com>
 Message Header

Undecoded Message

"#1. 2 MX records pointing to different names that resolve to the same IP is odd and pointless. "

> dig maxboostracing.com mx
;; ANSWER SECTION:
maxboostracing.com.     21475   IN      MX      10 mx1.maxboostracing.com.
maxboostracing.com.     21475   IN      MX      10 mx2.maxboostracing.com.

> dig mx1.maxboostracing.com A
mx1.maxboostracing.com. 43200   IN      A       68.15.54.108

> dig mx2.maxboostracing.com A
mx2.maxboostracing.com. 43200   IN      A       68.15.54.108

You could remove both MX records completely, as maxboostracing.com resolves to 68.15.54.108 too. You can also remove the A record for mx1 and mx2


"#2 Using DynDNS isn't necessarily unwise ..."
OK if the IP is really static, though you could use a DNS provider that sounds less dynamic.


"#3. Putting any machine engaging in any form of SMTP behind a device that performs malicious attacks on basic SMTP functionality [...] is always a bad idea"

> telnet 68.15.54.108 25
Trying 68.15.54.108...
Connected to 68.15.54.108.
[...wait...]
220 maxboostracing.com ESMTP CommuniGate Pro 5.3.13

For me it now looks OK, you probably removed the ESMTP line from the PIX.


"#4. If you run a mail server using a public IP whose PTR resolves to a name in a domain that you don't control and is obviously constructed from the IP address you will have chronic delivery problems, some of them silent. "

> dig -x 68.15.54.108
;; ANSWER SECTION:
108.54.15.68.in-addr.arpa. 21599 IN     PTR     wsip-68-15-54-108.ri.ri.cox.net.

Here you have a problem. The PTR must be maxboostracing.com or something.maxboostracing.com. Since your IP is static, ask your ISP to provide you a valid PTR record. You usually cannot set that up yourself, and certainly not in your own DNS server.



Nicolas Hatier


On 2014-04-04 11:22, bob wrote:
Hi Bill, thanks for your reply.  See below inline:


On 4/4/2014 11:09 AM, Bill Cole wrote:
On 4 Apr 2014, at 9:28, Bob wrote:

Hello.

Im running 5.3.13 on windows, 32 bit.  Every once in a while I check my server against mxtoolbox, an today I found SMTP reverse DNS mismatch.  My WAN IPV4 address is correct under settings/network showing my correct external ip address. Do I need to change something else?

Everything seems to work, just pretty slowly (more on that later) :)

Thanks for any tips.

I don't track all of the details of MXToolbox's tests, but a few things seem likely to be causing trouble for maxboostracing.com:

1. 2 MX records pointing to different names that resolve to the same IP is odd and pointless.

If I do an nslookup on my domain I do see the address be resolved correctly. I also see it time out 3 times first though, But I might blame local resolvers for that?   Where do you see that issue?

2. Using DynDNS isn't necessarily unwise for a domain that handles email, but if your address is actually dynamic, it's going to create problems, especially given (1) and the potential for DNS caches with operationally stale but unexpired A records.

The IP address is static, so I dont have to worry about that I would assume.


3. Putting any machine engaging in any form of SMTP behind a device that performs malicious attacks on basic SMTP functionality (such as Cisco's PIX/ASA assault on SMTP that they ridiculously refer to as "fixup") is always a bad idea.

This is behind a Cisco ASA. Hmmm..  I definitely have the inspect statement there. You saying i should remove the ESMTP line?

policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect ip-options
  inspect netbios
  inspect rsh
  inspect rtsp
  inspect skinny
  inspect esmtp
  inspect sqlnet
  inspect sunrpc
  inspect tftp
  inspect sip
  inspect xdmcp
  inspect pptp




4. If you run a mail server using a public IP whose PTR resolves to a name in a domain that you don't control and is obviously constructed from the IP address you will have chronic delivery problems, some of them silent.

From what I can see, the PTR record points directly at my outside IP address, on the domain I do control. Im pretty sure that is correct but then again Im not sure of much when it comes to dns stuff :)

Thank you again for your response, I really appreciate it.
Bob




#############################################################
This message is sent to you because you are subscribed to
 the mailing list <CGatePro@mail.stalker.com>.
To unsubscribe, E-mail to: <CGatePro-off@mail.stalker.com>
To switch to the DIGEST mode, E-mail to <CGatePro-digest@mail.stalker.com>
To switch to the INDEX mode, E-mail to <CGatePro-index@mail.stalker.com>
Send administrative queries to <CGatePro-request@mail.stalker.com>


#############################################################
This message is sent to you because you are subscribed to
 the mailing list <CGatePro@mail.stalker.com>.
To unsubscribe, E-mail to: <CGatePro-off@mail.stalker.com>
To switch to the DIGEST mode, E-mail to <CGatePro-digest@mail.stalker.com>
To switch to the INDEX mode, E-mail to <CGatePro-index@mail.stalker.com>
Send administrative queries to  <CGatePro-request@mail.stalker.com>

Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster