Mailing List CGatePro@mail.stalker.com Message #94360
From: <lar@mwtcorp.net>
Subject: Re: Multiple domains and reverse DNS
Date: Tue, 18 Mar 2008 01:18:48 -0600
To: CommuniGate Pro Discussions <CGatePro@mail.stalker.com>
X-Mailer: CommuniGate Pro WebUser v5.1.11
On Mon, 17 Mar 2008 23:57:27 -0500
 "Uwe Baemayr" <cgate@baemayr.com> wrote:
I have CommunigatePro v5.1.14 server on a multihomed Windows 2003 server that serves several domains.  Let's say the primary domain is 'main.net'. I have a subdomain on this server, 'subdomain.net', which sends email using an address separate from main.net.  So, for example:

 main.net sends and receives on 1.2.3.4
 subdomain.net sends and receives on 1.2.3.7

Reverse DNS for each domain points at the appropriate IP.

When main.net sends email on 1.2.3.4, all is well.  However, when subdomain.net sends email on 1.2.3.7, this appears in the received headers:  Received: from main.net ([1.2.3.7] RDNS failed) by receiver.net with
         Microsoft SMTPSVC(6.0.3790.1830); Sat, 15 Mar 2008 00:15:41 -0500


Uwe,
Typically if 1.2.3.7 reverses to gomer.subdomain.net and gomer.subdomain.net has a forward of 1.2.3.7 the mail goes through even when the HELO identifies itself as main.net. MTA's are not susposed to reject based on HELO for this very reason. That said we have all had to do crazy things to fight the evil spammers. Someone might be braking this rule.
I would doublecheck my reverse<==>Forward pair for a typo between the two. Most likely that is what has happened.






A message actually sent from main.net instead of subdomain.net is ok:

Received: from main.net ([1.2.3.4]) by receiver.net with
         Microsoft SMTPSVC(6.0.3790.1830); Sat, 15 Mar 2008 00:17:43 -0500

In a brief exchange with support, I was told that the server always identifies itself using the primary licensed domain, so I gather that the receiving server did an reverse DNS check on 'main.net', rather than 'subdomain.net' and discovered the IP didn't match, hence the warning.  Support also told me that there is no way to change how the server identifies itself, as it's a licensing issue.

So, how do you folks who serve multiple domains handle this situation?  I do have correct SPF records for each domain.  I do want to send from separate domains because the 'main.net' domain is listed in the senderbase reputation service and I don't want to risk having a subdomain that's not completely under my control damaging this sender's reputation.

Thanks!

--- Uwe


Larry Ash
Network Administrator
Mountain West Telephone
400 East 1st St.
Casper, WY 82601
Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster