Mark
asked on
Rejected IPs have generic or unresolvable PTR records.
RoadRunner has a policy limiting the number of emails sent per hour to its members from a specific IP: http://security.rr.com/spam.htm#ratelimit. That link provides a mechanism to permit legitimate emails, "If you're finding that your server is being rate limited (and the reason is not due to too many recipients per message), the most likely solution available to you will be to have the party responsible for your server apply for enrollment in our feedback loop."
I have registered for this enrolled with 2 IP addresses, one was accepted, the other was rejected with, "Rejected IPs have generic or unresolvable PTR records." The problem is that the emails in question originate on the rejected host.
I NEED TO FIX SOMETHING SOON!
Here is our setup: this is a retirement system. We send pension checks every month to participants. Starting this month, we are emailing the check stub info.
We have a Windows Small Business Server 2003 which is the main mail server. It serves all incoming mail and most outgoing mail. This IP was approved.
We also have a Linux webserver on both the internal lan and with a separate IP. Although this was originally just a webserver, the cron/batch facilities on Linux made it easy to do automated jobs, including emailing pension check and general announcement info. outgoing smtp mail goes directly from this machine without first being routed through the Windows server. This is the IP being rejected.
How do I "resolve" or otherwise "ungenerify" this hosts PTR record? What can I do to fix this problem?
I have registered for this enrolled with 2 IP addresses, one was accepted, the other was rejected with, "Rejected IPs have generic or unresolvable PTR records." The problem is that the emails in question originate on the rejected host.
I NEED TO FIX SOMETHING SOON!
Here is our setup: this is a retirement system. We send pension checks every month to participants. Starting this month, we are emailing the check stub info.
We have a Windows Small Business Server 2003 which is the main mail server. It serves all incoming mail and most outgoing mail. This IP was approved.
We also have a Linux webserver on both the internal lan and with a separate IP. Although this was originally just a webserver, the cron/batch facilities on Linux made it easy to do automated jobs, including emailing pension check and general announcement info. outgoing smtp mail goes directly from this machine without first being routed through the Windows server. This is the IP being rejected.
How do I "resolve" or otherwise "ungenerify" this hosts PTR record? What can I do to fix this problem?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
the emailtalk.org site gave me:
PTR Check Results:
12.345.67.89 PTR points to 12-345-67-89.static.twtele
(not the real IP)
does that look right?
Time-Warner has the IP address space. The building subnet is managed by a company called Bresco Broadband. The Windows Office Server and linux host use the Bresco name servers: 66.193.88.2, 66.193.88.3 (the linux host is also using the Windows Office Server as a name server). The domain is registered with Network Solutions which also has name servers for this domain: NS51.WORLDNIC.COM NS52.WORLDNIC.COM
Where would I start?
PTR Check Results:
12.345.67.89 PTR points to 12-345-67-89.static.twtele
(not the real IP)
does that look right?
Time-Warner has the IP address space. The building subnet is managed by a company called Bresco Broadband. The Windows Office Server and linux host use the Bresco name servers: 66.193.88.2, 66.193.88.3 (the linux host is also using the Windows Office Server as a name server). The domain is registered with Network Solutions which also has name servers for this domain: NS51.WORLDNIC.COM NS52.WORLDNIC.COM
Where would I start?
You need to talk to the Bresco people and tell them what you wrote here. They will know how to help you.
Good luck.
Good luck.
ASKER
I think the problem is that incoming all mail comes through mail.mydomain.org and outgoing from the web host goes from the webhost: webserver.mydomain.org, not routed through the mail.mydomain.org mailserver. When the RR servers look up the the IP of the message, it is different than the MX record of the mailserver. I've tried adding an MX for the webserver.mydomain.org subdomain, but that just screwed things up. E.g. mail sent from other workstations on the mydomain.org LAN to users on webserver.mydomain.org stopped getting delivered.
I think I need to route outgoing mail from webserver.mydomain.org through mail.mydomain.org. Is there a way to do that? Is that more of a sendmail questions?
I think I need to route outgoing mail from webserver.mydomain.org through mail.mydomain.org. Is there a way to do that? Is that more of a sendmail questions?
No, your outgoing mailserver does not have to be on the IP address pointed to by the MX record. Have you talked to your ISP?
ASKER
The ISP didn't seem to think it was their problem, but I'll check again and get back.
ASKER
I am trying two things: 1) getting the ISP to create a reverse DNS and 2) routing mail through the mail server for that domain. I will get back with results.
ASKER
I have contacted roadrunner and time-warner as I give up on all solutions at this point. Roadrunner says: Rejected IPs have generic or unresolvable PTR records., yet their security.rr.com block analysis site says the PTR records are OK.
So, I have fired off an email with all this info to blockinfo@postmaster.rr.co
So, I have fired off an email with all this info to blockinfo@postmaster.rr.co
ASKER
I received a response from RoadRunner that seems to address this problem. I will post the response in its entirety here:
Subject: [postmaster.rr.com #87955] IP 64.129.23.80 Question
From: "Todd Herr via RT" <escalations@postmaster.rr
To: mfoley@novatec-inc.com
Cc: mfoley@ohprs.org
Date: Tue, 16 Feb 2010 14:11:02 +0000
Hello.
My name is Todd Herr, and I'm the Postmaster for Road Runner; I
own our anti-spam policies, and I'll be handling your case to its
conclusion.
I'm the one who processes FBL enrollment requests, and I'm the one who's
been rejecting them.
The rejection message states:
> Message from roadrunner:
> Rejected IPs have generic or unresolvable PTR records.
>
> $ host 64.129.23.80
> 80.23.129.64.in-addr.arpa domain name pointer
> 64-129-23-80.static.twtele
>
> $ host 64.129.23.95
> 95.23.129.64.in-addr.arpa domain name pointer
> 64-129-23-95.static.twtele
"generic or unresolvable"
While it's true that you do have PTR records for these IPs, they're what we
call "generic", meaning two things:
1. They have no reference to your domain (ohprs.org) but instead reference
your provider (twtelecom.net)
2. They merely restate the IP address.
If you want to enroll these IPs in our FBL, get your provider, twtelecom.net
(which has no association with Time Warner Cable, meaning that we here at
Road
Runner can't help you) to change the PTR records to something like the
following:
80.23.129.64.in-addr.arpa.
95.23.129.64.in-addr.arpa.
Those hostnames seem to be the best choices, given this:
# host ohprs.org
ohprs.org has address 64.129.23.80
# host webserver.ohprs.org
webserver.ohprs.org has address 64.129.23.95
Once you've done that, then you'll be able to enroll in our FBL without
issue.
On Mon Feb 15 04:58:20 2010, mfoley@novatec-inc.com wrote:
> Thanks for your reply. Unfortunately, this response simply restates the
> problem, but does not address a fix. As I said in my original message,
> we have attempted the http://feedback.postmaster.rr.com/ route, as
> suggested again in this message, numerous times and wd continue to be
> rejected. Telling us to try this again is not a viable solution and
> appears to be an automated response rather than a considered one. I
> have re-attached our latest rejection message immediately below.
>
> I also included additional detail in my original message regarding
> security.rr.com results showing no block and dnsreport showing
> acceptable PTR records. Unless you can describe some other steps I need
> to take I believe your rejection of our IP addresses based on PTR
> records is invalid and should be corrected on your end.
>
> My original message was attached to your ticket response email:
>
> Subject: [postmaster.rr.com #87955] AutoReply: IP 64.129.23.80 Question
> From: "Road Runner Email Deliverability Support via RT"
> To: mfoley@novatec-inc.com
> Date: Thu, 11 Feb 2010 22:43:04 +0000
>
> Please review that email again and let me know what can actually be done
> to resolve this problem. Please feel free to call me at the number below
> if these questions cannot be easily resolved via email.
>
> Regards, Mark Foley
> 614.205.3321
>
>
> -----Feedback Loop Request Rejection Message-----
> To: mfoley@ohprs.org <mfoley@ohprs.org>
> Subject: roadrunner Feedback Loop request has been processed
> From: Roadrunner Feedback Loop <feedback@feedback.postmas
> Date: Tue, 9 Feb 2010 14:22:10 -0700 (MST)
>
> The request to modify your feedback loop with roadrunner has been
processed.
> --------------------------
>
> Feedback Loop Email: rrfeedback@ohprs.org
>
> IPs approved:
> none
>
> IPs declined:
> 64.129.23.80
> 64.129.23.95
>
> Message from roadrunner:
> Rejected IPs have generic or unresolvable PTR records.
>
> $ host 64.129.23.80
> 80.23.129.64.in-addr.arpa domain name pointer
> 64-129-23-80.static.twtele
>
> $ host 64.129.23.95
> 95.23.129.64.in-addr.arpa domain name pointer
> 64-129-23-95.static.twtele
>
> Thank you,
> roadrunner
>
> --------------------------
> Learn more about how you can reduce complaint rates and other factors
> affecting the success of your email program here:
http://www.returnpath.net/
>
>
>
>
>
> -----Original Message-----
> Subject: [postmaster.rr.com #87955] IP 64.129.23.80 Question
> From: "BP via RT" <email-support@postmaster.
> To: mfoley@novatec-inc.com
> Cc: mfoley@ohprs.org
> Date: Sun, 14 Feb 2010 21:16:58 +0000
>
> Hello.
>
> Road Runner imposes several rate limits on inbound mail from any
> given IP address. These limits include:
>
> - Number of simultaneous connections allowed
> - Number of recipients allowed per message
> - Number of recipients allowed per connection
> - Number of recipients allowed per hour
>
> All but the number of recipients allowed per message will vary
> depending on the IP's Return Path Sender Score Reputation Rank
> (http://www.senderscore.org/) and on whether the IP passes a
> Full Circle reverse DNS (FCrDNS) check. This policy is documented
> in more detail here - http://security.rr.com/spam.htm#ratelimit
>
> If you're finding that your server is being rate limited (and the
> reason is not due to too many recipients per message), the most
> likely solution available to you will be to have the party
> responsible for your server apply for enrollment in our feedback
> loop:
>
> http://feedback.postmaster.rr.com/
>
> Enrollment in our feedback loop costs nothing, and IPs accepted
> into our feedback loop will typically enjoy rate limits that are
> generous enough to meet most mailers' expectations.
>
> Two things to note here:
>
> 1. Our feedback loop is not a whitelist; this is made clear in the
> Terms of Service to which enrolling parties must agree when
> applying for enrollment. This means that servers enrolled in
> our whitelist are still subject to being blocked and/or having
> their mail routed to our customers' Junkmail folders.
>
> 2. The limitation on number of recipients per *message* is imposed
> system-wide, is independent of the sending server, and cannot
> be overridden by enrollment in our feedback loop or any other
> means. If your problem is that you're attempting to send mail
> addressed to more recipients than we allow for a given message,
> structure your mailings so that there are more messages, each
> with fewer recipients.
>
> Please let us know if you have any questions.
>
--
Todd Herr
Principal Engineer and Postmaster V: 703.345.2447
Road Runner Email Operations M: 571.287.0366
therr@postmaster.rr.com AIM: RRMailToddHerr
Subject: [postmaster.rr.com #87955] IP 64.129.23.80 Question
From: "Todd Herr via RT" <escalations@postmaster.rr
To: mfoley@novatec-inc.com
Cc: mfoley@ohprs.org
Date: Tue, 16 Feb 2010 14:11:02 +0000
Hello.
My name is Todd Herr, and I'm the Postmaster for Road Runner; I
own our anti-spam policies, and I'll be handling your case to its
conclusion.
I'm the one who processes FBL enrollment requests, and I'm the one who's
been rejecting them.
The rejection message states:
> Message from roadrunner:
> Rejected IPs have generic or unresolvable PTR records.
>
> $ host 64.129.23.80
> 80.23.129.64.in-addr.arpa domain name pointer
> 64-129-23-80.static.twtele
>
> $ host 64.129.23.95
> 95.23.129.64.in-addr.arpa domain name pointer
> 64-129-23-95.static.twtele
"generic or unresolvable"
While it's true that you do have PTR records for these IPs, they're what we
call "generic", meaning two things:
1. They have no reference to your domain (ohprs.org) but instead reference
your provider (twtelecom.net)
2. They merely restate the IP address.
If you want to enroll these IPs in our FBL, get your provider, twtelecom.net
(which has no association with Time Warner Cable, meaning that we here at
Road
Runner can't help you) to change the PTR records to something like the
following:
80.23.129.64.in-addr.arpa.
95.23.129.64.in-addr.arpa.
Those hostnames seem to be the best choices, given this:
# host ohprs.org
ohprs.org has address 64.129.23.80
# host webserver.ohprs.org
webserver.ohprs.org has address 64.129.23.95
Once you've done that, then you'll be able to enroll in our FBL without
issue.
On Mon Feb 15 04:58:20 2010, mfoley@novatec-inc.com wrote:
> Thanks for your reply. Unfortunately, this response simply restates the
> problem, but does not address a fix. As I said in my original message,
> we have attempted the http://feedback.postmaster.rr.com/ route, as
> suggested again in this message, numerous times and wd continue to be
> rejected. Telling us to try this again is not a viable solution and
> appears to be an automated response rather than a considered one. I
> have re-attached our latest rejection message immediately below.
>
> I also included additional detail in my original message regarding
> security.rr.com results showing no block and dnsreport showing
> acceptable PTR records. Unless you can describe some other steps I need
> to take I believe your rejection of our IP addresses based on PTR
> records is invalid and should be corrected on your end.
>
> My original message was attached to your ticket response email:
>
> Subject: [postmaster.rr.com #87955] AutoReply: IP 64.129.23.80 Question
> From: "Road Runner Email Deliverability Support via RT"
> To: mfoley@novatec-inc.com
> Date: Thu, 11 Feb 2010 22:43:04 +0000
>
> Please review that email again and let me know what can actually be done
> to resolve this problem. Please feel free to call me at the number below
> if these questions cannot be easily resolved via email.
>
> Regards, Mark Foley
> 614.205.3321
>
>
> -----Feedback Loop Request Rejection Message-----
> To: mfoley@ohprs.org <mfoley@ohprs.org>
> Subject: roadrunner Feedback Loop request has been processed
> From: Roadrunner Feedback Loop <feedback@feedback.postmas
> Date: Tue, 9 Feb 2010 14:22:10 -0700 (MST)
>
> The request to modify your feedback loop with roadrunner has been
processed.
> --------------------------
>
> Feedback Loop Email: rrfeedback@ohprs.org
>
> IPs approved:
> none
>
> IPs declined:
> 64.129.23.80
> 64.129.23.95
>
> Message from roadrunner:
> Rejected IPs have generic or unresolvable PTR records.
>
> $ host 64.129.23.80
> 80.23.129.64.in-addr.arpa domain name pointer
> 64-129-23-80.static.twtele
>
> $ host 64.129.23.95
> 95.23.129.64.in-addr.arpa domain name pointer
> 64-129-23-95.static.twtele
>
> Thank you,
> roadrunner
>
> --------------------------
> Learn more about how you can reduce complaint rates and other factors
> affecting the success of your email program here:
http://www.returnpath.net/
>
>
>
>
>
> -----Original Message-----
> Subject: [postmaster.rr.com #87955] IP 64.129.23.80 Question
> From: "BP via RT" <email-support@postmaster.
> To: mfoley@novatec-inc.com
> Cc: mfoley@ohprs.org
> Date: Sun, 14 Feb 2010 21:16:58 +0000
>
> Hello.
>
> Road Runner imposes several rate limits on inbound mail from any
> given IP address. These limits include:
>
> - Number of simultaneous connections allowed
> - Number of recipients allowed per message
> - Number of recipients allowed per connection
> - Number of recipients allowed per hour
>
> All but the number of recipients allowed per message will vary
> depending on the IP's Return Path Sender Score Reputation Rank
> (http://www.senderscore.org/) and on whether the IP passes a
> Full Circle reverse DNS (FCrDNS) check. This policy is documented
> in more detail here - http://security.rr.com/spam.htm#ratelimit
>
> If you're finding that your server is being rate limited (and the
> reason is not due to too many recipients per message), the most
> likely solution available to you will be to have the party
> responsible for your server apply for enrollment in our feedback
> loop:
>
> http://feedback.postmaster.rr.com/
>
> Enrollment in our feedback loop costs nothing, and IPs accepted
> into our feedback loop will typically enjoy rate limits that are
> generous enough to meet most mailers' expectations.
>
> Two things to note here:
>
> 1. Our feedback loop is not a whitelist; this is made clear in the
> Terms of Service to which enrolling parties must agree when
> applying for enrollment. This means that servers enrolled in
> our whitelist are still subject to being blocked and/or having
> their mail routed to our customers' Junkmail folders.
>
> 2. The limitation on number of recipients per *message* is imposed
> system-wide, is independent of the sending server, and cannot
> be overridden by enrollment in our feedback loop or any other
> means. If your problem is that you're attempting to send mail
> addressed to more recipients than we allow for a given message,
> structure your mailings so that there are more messages, each
> with fewer recipients.
>
> Please let us know if you have any questions.
>
--
Todd Herr
Principal Engineer and Postmaster V: 703.345.2447
Road Runner Email Operations M: 571.287.0366
therr@postmaster.rr.com AIM: RRMailToddHerr
ASKER
Although the solution was not straightforward, ultimately it was the ISP responsibility to get the correct PTR records configured, as you pointed out. Thanks
You can check it here: http://www.emailtalk.org/PTR.aspx