Addressing reverse DNS (rDNS or PTR) issues

Most mail servers perform reverse DNS (also termed rDNS / PTR) lookups on incoming SMTP connections in order to check the authenticity of the mail server and will not accept mail from mail servers which don’t have valid rDNS entries in place.

How rDNS checks are performed

A rDNS check would typically take the following steps:

1. Your MDaemon server will establish a SMTP connection with a remote mail server in order to deliver an email to them.

2. The remote mail server will accept the connection and perform a reverse DNS lookup on your public IP address to see if it resolves to a hostname.

3. The remote mail server will then perform a forward DNS lookup on that hostname to confirm if it resolves back to the IP address that is connecting to it.

In many cases, if the checks in steps 2 and/or 3 fail the remote mail server will refuse to accept the email you are attempting to deliver to it. This is because it cannot correctly validate you are a legitimate mail server.

Typically, if this happens you will see the remote mailserver indicating the reason for the rejection in the \MDaemon\Logs\MDaemon-YYYY-MM-DD-SMTP(out).log like the example below:

Mon 2006-07-17 11:44:52: <– 550-Connection from 82.69.248.134 rejected
Mon 2006-07-17 11:44:52: <– 550-Sending server has no reverse DNS (PTR record)

The receiving mailserver may also reject the email with this error if you have a generic rDNS entry. In these cases your public IP address will resolve to a generic hostname assigned by your ISP (For example: 134-248-69-82-no-dns-yet.isp.co.uk).

Here the receiving mail server will reject the message as it assumes the IP address you have been assigned by your ISP is “dynamic” (one that changes each time you disconnect and then reconnect to your Internet connection) and not “static” (one that remains the same regardless of whether you disconnect and then reconnect to your Internet connection).

Spam may arrive from “dynamic” based IP addresses as the source can connect to an ISP and send many 1000’s of emails, then disconnect and reconnect and send many 1000’s more emails via another IP address.

I’m not sure what my Public IP address is – how can I check?

From the MDaemon machine visit http://www.canyouseeme.org/ in a browser. The IP address listed on this site will be your Public IP address.

Checking your rDNS entry

You can check the status of your rDNS entry in the following way via a command prompt (In Windows: Start -> Run -> cmd <press enter>):

nslookup <press enter>

set q=ptr <press enter>

82.69.248.134 <press enter> (replacing 82.69.248.134 with your own Public IP address)

If you have no rDNS assigned to your IP address then you will get a response like this:

*** <nameserver> can’t find 134.248.69.82.in-addr.arpa.: Non-existent domain

You can also check your RDNS status via the “Reverse DNS Lookup” section at http://www.dnsstuff.com/

How to add / change your rDNS entry

If the rDNS check you perform returns the above (or a generic rDNS entry) and you have a static IP address assigned to your ISP connection then you should firstly contact the ISP who hosts your domain name and ask them to add an A record which points to your Public IP address like the example below:

mail.zensoftware.co.uk IN A 82.69.248.134

You should then ask them (or the ISP who provides your Internet connection if this isn’t the same company) to add/amend the rDNS entry associated with your Public IP address so that it points to the hostname you have just created like the example below (rDNS entries list your IP address backwards):

134.248.69.82.in-addr.arpa IN PTR mail.zensoftware.co.uk

Once both these entries have been added and have propagated around the Internet you will have valid rDNS in place for your mailserver.

What steps to take if you have a Dynamic Public IP address

If you have a dynamic IP address assigned to your connection then you can’t assign a rDNS entry as your Public IP address continually changes. In these cases we would suggest that you either request a static IP address from your ISP (and that they configure it as above) or that you route all your outbound email out through your ISP’s mail server (via Setup -> Server Settings -> Delivery in MDaemon).

I have multiple domains setup in MDaemon. Which should I use for my rDNS entry?

You can only setup one rDNS entry per Public IP address and as this entry is specific to your Public IP address then we would suggest it is setup referencing the Default Domain in MDaemon.

This won’t mean receiving mailservers performing rDNS checks will reject mail from your Secondary Domains as they are making these checks against the Public IP address, not a domain name you are sending the email from.