-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA224
On Wed December 2 2015 23:53:51 Michael Howard wrote:
I've been getting hammered by spam so tried a
few things, rDNS checks
being one of them. Unfortunately, the mail server checks the rDNS for
the host (
mail.pearsoncomputing.net), the domain alone is not sufficient
( See results from 'mxtoolbox.com' - Your Reverse DNS Record (PTR) is
not a valid host name. According to email sending best practices, a PTR
Record should be a valid host name. If the PTR Record is not a valid
hostname, there is a likelihood that you will experience email delivery
issues with anti-spam services.)
I have been using rDNS checks for as long as I can remember
and I don't see any problems with TDE lists. TDE list mails
arrive here from 192.119.205.242. rDNS maps this to
pearsoncomputing.net and DNS in turns maps that back to
192.119.205.242 so no problem.
I think you're running into problems checking HELO
(or EHLO) rather than rDNS.
mail.pearsoncomputing.net is an A record with no PTR
which is allowed but it might be better if it had a
PTR (an IP can have more than one) or if mail.p...
were a CNAME (which is allowed because it is not used
in an MX record or NS record).
One doesn't usually check HELO that stringently but
Tim might want to avoid the problem by setting
"smtp_helo_name = pearsoncomputing.net" in main.cf.
--Mike
As you can probably infer the main problem is that my ISP doesn't provide
enough IP addresses (at a cost I am willing to pay) for all the services
running here. From what I understand multiple rDNS records for the same
IP is likely to cause more problems than it's worth as well.
After the servers are relocated next year there should be more IP
addresses available, which will make this problem go away. I'm not all
that keen on changing the HELO string as it isn't technically the domain
that's identifying, it's that specific mail server, and over time there
may be more than one mail server (for redundancy, etc.).
Since this has affected only one person in 5 years, I'm treating this like
the DKIM problem for the moment; give it more time and it might go away.
:-)
Tim
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iFYEARELAAYFAlZglPQACgkQLaxZSoRZrGHeuQDeKchHK/k/UohhsEhfdk09I9eW
qSDFAfjXF/JBJgDeLmVKCabJuL7XCa/7FZKHxIsiFwPuDdccHvILXA==
=m1aX
-----END PGP SIGNATURE-----