PTR records, reverse DNS lookup etc

[Banzai_Joe]

Hi all, hopefully some boffins can help me with this.

Our wireless broadband connect suxors.
Its s crazy way our isp is setup.
xxx.xxx.xxx.185 is our ip onto the ISP's backbone. From there our public ip is xxx.xxx.xxx.188.

www.whatismyip.com returns my ip as xxx.xxx.xxx.185

Our ISP sends the mail out on '188', but emails coming from us, say that they have been sent from '185' (our exchange server), so to my knowledge thats why reverse dns lookup fails.
This has all happened since putting an exchange server in.
Our IT support team, vehemently deny any wrong doing and blame our ISP's crappy setup. Our ISP say all there other clients running exchange server have no problems.
I'm piggy in the middle with the least amount of knowledge.
Our IT team, all but guarantee that if we changed to normal adsl then the problem would go away, as we'd only have one ip for mail etc to route through.

Can anyone help with this please. Its been ongoing for months and i'm almost at a lost cause. I don't know who to truly trust.

Many thanks for any help offered.

Cheers
Jacko

 

[The_KiD]

Dont quote me on this, but your IT team are right, it is your ISP's problem.

The reverse DNS doesnt work cos your sending from the 185 then when a reverse DNS check is done on the receiving end it sees it as coming from 185 and runs a check on it, but can only get as fas as 188.

Tell your ISP to sort it out or your moving.

 

[HEADRAT]

Our ISP sends the mail out on '188'

Why are you sending email via your ISP (on 188) if your exchange server is on 185, they must be proxying everything through 188!

HEADRAT

 

[bigredshark]

it's very unclear what you have here, though it sounds like somebody has screwed up configuring your router. i'd get your it people and your isp to talk to each other and sort it out.

 

[iamgud]

If your Network is set up with Public IPs. (assume it is as the exchange server is on a different address) then if it sends out directly rather than a Smarthost (through the ISPs mailserver) then the mail should appear as if it is comming from 185. Check the Mail headers to be sure this is the case, if so set up the RDNS record up for the 185 address.

Or if it is sending out through 188 for some crazy reason, (your router is in Nat or somehow your router is also a mailserver) then set up the reverse DNS for 188.

It is hard to say what is wrong, it could be your configuration or something werid the ISP is doing.

 

[bigredshark]

it'd be handy to know the isp in question, somebody may know if they do anything odd with ip ranges. it does sound initially though as if the oruter is doing NAT and whoever set it up need to learn some networking basics

 

[Banzai_Joe]

it's very unclear what you have here, though it sounds like somebody has screwed up configuring your router. i'd get your it people and your isp to talk to each other and sort it out.

Lol, tried that, they almost cames to blows arguing who was to blame.

Our ISP is www.ineedbroadband.co.uk.

From what i gather, we're on their wireless network, then they hop onto the copper pipeline that BT provide, thats why we have 2 differing IP addresses.
Our mail sends out on '185' the receiving server queries it, establishes that our domain is registered to a '188' and with RDNS in place, spams it!

If our IT guys turn on their RDNS then it blocks all our email to them, if its turned off then it accepts it all.

Our wireless broadband is pants, so Demon have been recommended to me. Sadly even though most providers offer 5-8mb for ADSL max, we can still only get 512kb max, due to us being right at the end of the exchange.
We're on a brand new business park with the new DVLA offices right next to us, the park is still growing but BT have no plans to extend servcies into it. SUCKAGE! !!!

 

[iamgud]

The thing is if it is a proper Mailserver then it is sending out from one of those 2 addresses, regardless of the route your connection takes through the Wireless or BT. Unless they intercepting SMTP traffic and routing it in some weird manner I don't understand where the problem is comming from because as far as other mailservers are concerned they are just going to see either the 188 or the 185 suerly???

If they have some kind of proxy it should show on the headers for the bounce back message, try and locate this address and do a RDNS lookup on it.

I am no expert however.

 

[csmager]

From what i gather, we're on their wireless network, then they hop onto the copper pipeline that BT provide, thats why we have 2 differing IP addresses.
Our mail sends out on '185' the receiving server queries it, establishes that our domain is registered to a '188' and with RDNS in place, spams it!

Wha?

Your exchange server IP is either 185 or 188, it shouldn't (and can't) get changed halfway. And chance of telling us the domain name so we can do some poking about to see what's what?

 

[Pint]

Mistral do a similar thing.
They give each router an ip address that they manage it by and then your another ip is given to the wan interface of your firewall/server/router or whatever other device you assign it to.

The reason a reverse DNS lookup fails is that there is no PTR record associated with it. It doesn't even have to find a record with the same domain as the one you are sending mail from. It just needs any PTR record.

Send somebody some mail.
Check the header.
Get the address.
Make sure that you have an A record setup for that Address.
If you don't then add in MX2.yourdomain.com
Then ask your isp to set up the relevant PTR record referencing the A record that has been set up for your domain.
Very easily done.

Alternatively configure an SMTP connector in exchange and get the address of your ISP's SMTP server and relay through that and it won't even matter.
Sorted.

Your IT support people sound like absolute monkeys.

 

[Banzai_Joe]

Ok, our domain is paragoninteriors.biz
I use www.dnsstuff.com

I've been told about relaying mail through the ISP but isn't there drawbacks to this? I think thats why our IT team have not done it.

Thanks for your help guys, i'm just sorry i don't really know wtf i'm talking about, lol.

A recipient servers mail header says that its from xxx.xxx.xxx.185.
Our PTR is setup for 185 and i altered our 'A' record to point to 185.

Is there anything in Exchange that i should check/alter?

 

[csmager]

From having a quick poke about, I see that (as I suspected) this 188 address doesn't seem to feature at all - port 25 isn't open on it, so it isn't a mailserver. Although there is rDNS setup on that address (doing ping -a x.x.x.188 returns smtp.paragoninteriors.biz, whereas it resolves to 185 the other way round. That probably ought to be removed).

There are a couple of warnings though:

http://www.dnsreport.com/tools/dnsreport.ch?domain=paragoninteriors.biz

Your mailserver claims to be 'paragoninteriors.biz' instead of 'smtp.paragoninteriors.biz'. "If your mailserver sends out E-mail using this domain in its EHLO or HELO, your E-mail might get blocked by anti-spam software." This is easily changeable.

There's also no SPF record - if you're sending your own email, certain places won't accept it without the SPF record without your mailserver being on a whitelist (usually only ISP size relays are on this). AOL is particularly keen on bouncing mail until this is rectified.

EDIT:

Our ISP sends the mail out on '188', but emails coming from us, say that they have been sent from '185' (our exchange server), so to my knowledge thats why reverse dns lookup fails.
This has all happened since putting an exchange server in.

This statement I still don't quite get. Can you possibly clarify what you mean by 'our ISP sends mail out'? You should be sending all mail via your exchange server, so you send the mail out. The ISP shouldn't be involved other than routing the traffic, so it should work perfectly.

 

[Banzai_Joe]

Your mailserver claims to be 'paragoninteriors.biz' instead of 'smtp.paragoninteriors.biz'. "If your mailserver sends out E-mail using this domain in its EHLO or HELO, your E-mail might get blocked by anti-spam software." This is easily changeable.

How can i change this please?
I'm not completely IT illiterate, so i could probably follow a guide if you posted on. Its just that i don't know much about this particular area.

There's also no SPF record - if you're sending your own email, certain places won't accept it without the SPF record without your mailserver being on a whitelist (usually only ISP size relays are on this). AOL is particularly keen on bouncing mail until this is rectified.

I looked at the wizard for setting up a SPF, but i've no idea what the hell i'm doing, so chickened out of that one.
My main problem is our IT guys and ISP are at each others throats, so i'm seeking 3rd party unbiased advice (you nice folks).

This statement I still don't quite get. Can you possibly clarify what you mean by 'our ISP sends mail out'? You should be sending all mail via your exchange server, so you send the mail out. The ISP shouldn't be involved other than routing the traffic, so it should work perfectly.

I don't get it either, *sigh*. I think what i was trying to say is that, yes our mail sends out on 185. When the receiving server queries the email it says although it comes from 185, our domain is registered to 188, so fails rDNS. Does that sound correct? I'm going on what our IT guy told me.

 

[csmager]

How can i change this please?
I'm not completely IT illiterate, so i could probably follow a guide if you posted on. Its just that i don't know much about this particular area.

Sure - This applies to Exchange 2003, but might apply to other versions too. Open the System Manager (in the Microsoft Exchange folder).

Expand 'Servers', expand your servername, expand 'Protocols', expand 'SMTP'. You'll probably see 'Default SMTP Virtual Server'. Right click it and click properties.

Goto the 'Delivery' tab and click 'Advanced'. Where it says 'Fully-Qualified Domain Name' write 'smtp.paragoninteriors.biz'.

You can check the before and after results by opening a command prompt and typing 'telnet smtp.paragoninteriors.biz 25'. It'll show you what the server's reporting itself as.

I looked at the wizard for setting up a SPF, but i've no idea what the hell i'm doing, so chickened out of that one.
My main problem is our IT guys and ISP are at each others throats, so i'm seeking 3rd party unbiased advice (you nice folks).

Confused the hell out of me for years too! I went with:

csmager.net TXT v=spf1 mx ~all
mail.csmager.net TXT v=spf1 a -all

Which basically says that all mx servers for csmager.net are allowed to send email for csmager.net, and the ~all implies that that's not definitive - others might send that I don't know of.

I don't get it either, *sigh*. I think what i was trying to say is that, yes our mail sends out on 185. When the receiving server queries the email it says although it comes from 185, our domain is registered to 188, so fails rDNS. Does that sound correct? I'm going on what our IT guy told me.

But your domain is pointed at your webhost at a completely different IP, and your email's pointed to smtp.paragoninteriors.biz which is the 185 address. I really don't see where the 188 comes into it, really. Maybe ask IT for a detailed explanation of what they're on about?

 

[Banzai_Joe]

Sure - This applies to Exchange 2003, but might apply to other versions too. Open the System Manager (in the Microsoft Exchange folder).

Expand 'Servers', expand your servername, expand 'Protocols', expand 'SMTP'. You'll probably see 'Default SMTP Virtual Server'. Right click it and click properties.

Goto the 'Delivery' tab and click 'Advanced'. Where it says 'Fully-Qualified Domain Name' write 'smtp.paragoninteriors.biz'.

You can check the before and after results by opening a command prompt and typing 'telnet smtp.paragoninteriors.biz 25'. It'll show you what the server's reporting itself as.

Ok, done that, it originally said 'paragoninteriors.biz' so i added the smtp in front of it.
It also has an entry for smarthost = mail.ineedbroadband.co.uk
and RDNS is unchecked.

Confused the hell out of me for years too! I went with:

csmager.net TXT v=spf1 mx ~all
mail.csmager.net TXT v=spf1 a -all

Which basically says that all mx servers for csmager.net are allowed to send email for csmager.net, and the ~all implies that that's not definitive - others might send that I don't know of.

Lol, yep, i'm none the wiser.

But your domain is pointed at your webhost at a completely different IP, and your email's pointed to smtp.paragoninteriors.biz which is the 185 address. I really don't see where the 188 comes into it, really. Maybe ask IT for a detailed explanation of what they're on about?

They just keep saying change ISP. Not happy with either of em tbh.

 

[csmager]

If there's a smarthost in there, then you're relaying all mail via your ISP. If that's the case, then the SPF record probably isn't strictly necessary. Should work.

There now appears to be little wrong with the setup since the incorrect FQDN has been corrected. Still got a problem?

 

[Banzai_Joe]

If there's a smarthost in there, then you're relaying all mail via your ISP. If that's the case, then the SPF record probably isn't strictly necessary. Should work.

There now appears to be little wrong with the setup since the incorrect FQDN has been corrected. Still got a problem?

Yup! Whenever i change something i always send a testmail to my cousin who has a domain that blocks us. I've set the delay notification to 30 mins, so if it bounces back then i know it hasn't worked. And i can see by looking in the system manager that its 'retrying' so its doubtful that its worked.

 

[csmager]

Yup! Whenever i change something i always send a testmail to my cousin who has a domain that blocks us. I've set the delay notification to 30 mins, so if it bounces back then i know it hasn't worked. And i can see by looking in the system manager that its 'retrying' so its doubtful that its worked.

What's the error? Can you send me an email so I can look at the headers to see if there's anything weird going on (and to see if it beats my spam filter!)? charlie [at] csmager [.] co.uk

 

[csmager]

Got the emails no problem. The headers do indicate that despite there being a smarthost spec'd in the Advanced Delivery section, it doesn't use a smarthost. (I think you have to specify it in the SMTP connector if you wanted to use one).

Can you maybe find out what anti-spam measures your cousin has in place? The reverse DNS really doesn't look to be an issue. The only thing left is SPF - which can be set to bounce mail that doesn't have a record and the server isn't on a whitelist.

So I guess it's either sort out an SPF record, or change the setup of the SMTP connector for forward mail via mail.ineedbroadband.co.uk (you could try that first and see if it makes a difference). Expand Connectors in the System Manager, right click Internet Mail SMTP Connector and hit properties. Should be fairly obvious from there - chose 'forward all mail to this connector....' and type mail.ineedbroadband.co.uk.

If it does work, there shouldn't be any disadvantages that I can think of.

 

[Banzai_Joe]

Okey dokey, will have a go and see what happens.

Thanks

edit: did that, sent a new mail to my cousin, and within a minute the ISP postmaster bounced it back. No error code, just a message saying "This is an automatically generated Delivery Status Notification.
Delivery to the following recipients failed."