PRT, Reverse DNS, and Hostnames
Reading another post here I learned about reverse DNS. I set this up via the Linode control panel and it seems to be working when I do
host $ip
from my Linode. However when I do this from an outside box it still returns the xx-xx.linode.com host name.
I'm wondering this… my hostname in /etc/hostname is 'delar' - should it instead be the same value as the one I entered for the reverse DNS entry as well as my MX record? In other words, does my /etc/hostname need to be rossbates.com in order for reverse dns to work?
And one follow up… If I do need to use a FQDN for my linode hostname, is there a way to bind a hostname to individual IP address in debian on the same box?
11 Replies
The hostname in /etc/hostname doesn't affect reverse DNS. However, it will affect the SMTP HELO command sent out by your mail server. Ideally, it should match your RDNS, or at least match a valid DNS name that points to your Linode.
It also wouldn't hurt to publish an SPF
@rjp:
It may be that the change you made hasn't yet propagated to the rest of the world.
The hostname in /etc/hostname doesn't affect reverse DNS. However, it will affect the SMTP HELO command sent out by your mail server. Ideally, it should match your RDNS, or at least match a valid DNS name that points to your Linode.
It also wouldn't hurt to publish an
record for your domain. SPF
Thank you for the reply, you have helped me isolate the issue.
I think it's the EHLO from exim4 returning 'delar' instead of rossbates.com I'm trying to change the primary_hostname in an exim4 split configuration. For the life of me I can't figure out which file to change. Converting it back to monolithic would be great as well, can't get there either. Any tips?
Thanks again
ps - I have created a SPF record as well.
It looks like your reverse IP isn't set up. Checking today I still see it's pointing to xxx-xxx.members.linode.com.
I would check that before worrying about the HELO string. I'm pretty sure that Yahoo doesn't filter on the HELO, as it's not very useful, but I might be wrong.
The other possibility, if you just got that IP, is that the previous user of the IP was spamming, and Yahoo marked that IP as such because of complaints. If that's the case Yahoo will probably eventually clear the IP if they don't see spam from it in a while. Or you could plead your case to their spam department. Details are on their web site.
–John
@jpw:
Ross,
It looks like your reverse IP isn't set up. Checking today I still see it's pointing to xxx-xxx.members.linode.com.
I would check that before worrying about the HELO string. I'm pretty sure that Yahoo doesn't filter on the HELO, as it's not very useful, but I might be wrong.
The other possibility, if you just got that IP, is that the previous user of the IP was spamming, and Yahoo marked that IP as such because of complaints. If that's the case Yahoo will probably eventually clear the IP if they don't see spam from it in a while. Or you could plead your case to their spam department. Details are on their web site.
–John
John -
Thanks for the response. I set up the reverse DNS 2 days ago, and I thought it was working because the header of my email messages to Yahoo changed. Also, this is the output from a linux box at home:
host 67.18.92.235
235.92.18.67.in-addr.arpa domain name pointer rossbates.com
However when I check from dnsstuff.com, this is the report:
How I am searching:
Asking i.root-servers.net for 235.92.18.67.in-addr.arpa PTR record:
i.root-servers.net says to go to henna.arin.net. (zone: 67.in-addr.arpa.)
Asking henna.arin.net. for 235.92.18.67.in-addr.arpa PTR record:
henna.arin.net [192.26.92.32] says to go to NS2.THEPLANET.COM. (zone: 18.67.in-addr.arpa.)
Asking NS2.THEPLANET.COM. for 235.92.18.67.in-addr.arpa PTR record: Reports li8-235.members.linode.com. [from 12.96.160.115]
Answer:
67.18.92.235 PTR record: li8-235.members.linode.com. [TTL 86400s] [A=67.18.92.235]
Is there something wrong with the entry on the NS2.THEPLANET.COM? I would think it would be the first one updated…. correct?
FWIW - this is the header from Yahoo mail:
X-Apparently-To: rossbates@yahoo.com via 66.163.179.221; Tue, 04 Oct 2005 14:56:20 -0700
X-YahooFilteredBulk: 67.18.92.235
X-Originating-IP: [67.18.92.235]
Return-Path: <ross@rossbates.com>Authentication-Results: mta173.mail.mud.yahoo.com from=rossbates.com; domainkeys=neutral (no sig)
Received: from 67.18.92.235 (EHLO rossbates.com) (67.18.92.235) by mta173.mail.mud.yahoo.com with SMTP; Tue, 04 Oct 2005 14:56:19 -0700
Received: from localhost ([127.0.0.1] helo=mail.rossbates.com) by rossbates.com with esmtp (Exim 4.52) id 1EMuli-0000pc-Iz for rossbates@yahoo.com; Tue, 04 Oct 2005 16:56:14 -0500</ross@rossbates.com>
I'll wait a little longer to see if the reverse DNS change goes through. Otherwise I'll try my hand at pleading to Yahoo's spam dept.
Thanks,
Ross
BTW, I'll second the recommendation to use SPF. Good stuff.
Edit: nevermind, I see you have SPF set up. :) Personally, I prefer to end it with "-all", if you're relatively confident that the IPs you're enumerating are the ONLY ones that are going to send for your domain.
Agree on the SPF recommendation. Since I added SPF records I've seen less bounces back to me of spam that had been forged to appear to come from my domain. So some sites are checking SPF records in determining whether to accept mail.
I know Yahoo adds their DomainKey headers on outbound mail. I don't know if adding DomainKey information on messages sent to Yahoo helps increase the chance of not appearing in the "Bulk" folder.
And for inbound mail to my own domain I have found that greylisting is extremely effective. I've disabled most of my other spam checks because greylisting works so well for me. My mail traffic is light (<100/day), YMMV if you have a lot.
–John
I've sent an email to Yahoo, and they asked me to fill out a rather large questionaire about my Bulk policy, privacy policy, etc… I understand they deal with insane amounts of spam, but it's so frustrating trying to get them to understand I'm an individual sending out single emails to friends with Yahoo email accounts.
Next up - trying to figure out how to implement Domain Keys with exim4. Hell, I might even install sendmail because I know they've got Domain Key support out of the box.
@ross:
Turns out the combination of SPF and reverse DNS still doesn't prevent my emails from landing in the Bulk folder.
I've sent an email to Yahoo, and they asked me to fill out a rather large questionaire about my Bulk policy, privacy policy, etc… I understand they deal with insane amounts of spam, but it's so frustrating trying to get them to understand I'm an individual sending out single emails to friends with Yahoo email accounts.
Be sure to tell them this in your reply, and (if applicable) that you recently aquired the use of this IP (as of date XXX) and are not affiliated with the previous users. You could point out that if the previous users were spamming, their logs should show a drop off after this date.
@ross:
Next up - trying to figure out how to implement Domain Keys with exim4. Hell, I might even install sendmail because I know they've got Domain Key support out of the box.
Just to clarify: I don't know whether installing DomainKey headers would help the situation or not.
–John
> Just to clarify: I don't know whether installing DomainKey headers would help the situation or not.
I follow you. I'm just very curious to find out if mail still gets tagged as spam even when using their endorsed solution.
@ross:
I follow you. I'm just very curious to find out if mail still gets tagged as spam even when using their endorsed solution.
The reason I'm not sure it matters in this case is that DomainKeys doesn't prevent or detect spam per se - it makes it easier to identify forged emails. So a spammer can use DomainKeys just like they can use SPF, sending spam from their own domains. But it does make it a little harder for them to hide behind forgeries.
–John