Solved

What needs to change

Posted on 2010-09-23
10
677 Views
Last Modified: 2012-05-10
This is my first mac mail server setup. Mail is working but I have questions ...
Here is the header information...

Received: from thehighlands.us ([68.70.65.100] RDNS failed) by mail.workdomain.com with Microsoft SMTPSVC(6.0.3790.4675);
       Thu, 23 Sep 2010 09:13:59 -0500
Received: from localhost (localhost [127.0.0.1])
      by thehighlands.us (Postfix) with ESMTP id 548D66CDD1
      for <user@workdomain.com>; Thu, 23 Sep 2010 09:13:41 -0500 (CDT)
X-Virus-Scanned: amavisd-new at thehighlands.us
Received: from thehighlands.us ([127.0.0.1])
      by localhost (mailserver.thehighlands.us [127.0.0.1]) (amavisd-new, port 10024)
      with ESMTP id ukzgNYsPy+-8 for <user@workdomain.com>;
      Thu, 23 Sep 2010 09:13:32 -0500 (CDT)
Received: from mailserver.thehighlands.us (localhost [127.0.0.1])
      by thehighlands.us (Postfix) with ESMTP id 2E2B56CDC0
      for < user@workdomain.com >; Thu, 23 Sep 2010 09:13:32 -0500 (CDT)
Received: from 192.168.9.9
        (SquirrelMail authenticated user bwayne)
        by mailserver.thehighlands.us with HTTP;
        Thu, 23 Sep 2010 09:13:32 -0500
Message-ID: <b5359e4f7efab4c9a4e60ead94d5cdd4.squirrel@mailserver.thehighlands.us>
Date: Thu, 23 Sep 2010 09:13:32 -0500
Subject: test
From: "Bruce Wayne" <bwayne@thehighlands.us>
To: user@workdomain.com
User-Agent: SquirrelMail/1.4.20
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
Return-Path: bwayne@thehighlands.us
X-OriginalArrivalTime: 23 Sep 2010 14:13:59.0230 (UTC) FILETIME=[90DBC5E0:01CB5B29]

The rDNS failed because the ISP has yet to put the ptr record in place.
But should the mailserver's name (mailserver.thehighlands.us) be shown, or should it be the mail.thehighlands.us as the A record has been set (externally)?
The IP's of 127.0.0.1 & 192.168.9.9, should private IP's be showing up as well, or should it be their outside DNS IP?

What changes need to be made?

Thx.
0
Comment
Question by:ultreya
  • 4
  • 3
  • 2
  • +1
10 Comments
 
LVL 8

Expert Comment

by:Mac2010
ID: 33747199
I don't exactly understand your question. Are you looking for a way to edit hostnames, IP addresses and other private info from your email headers?

Usually email headers show host names, including the one from your mail server. "Mail" (-.example.com) can be a host name or alias, depending on your network setup.
0
 
LVL 19

Expert Comment

by:bevhost
ID: 33747582
The PTR should always match the A record.
0
 
LVL 19

Expert Comment

by:bevhost
ID: 33747591
Gerneally speaking it is a good idea to have the mail server name match the PTR
0
The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

 
LVL 12

Expert Comment

by:nxnw
ID: 33749643
If you sent the mail from a machine on the same LAN as the thehighlands.us mailserver, it is correct for the header to show the private IP. The same mailserver generating references to itself in the header will refer to itself by its localhost address.

Now, your ISP should be setting up your DNS as follows:
• an A record for mail.thehighlands.us
• a reverse pointer matching the A record
• an MX record thehighlands.us pointing to mail.thehighlands.us

There is also the issue of internal DNS.
• If you don't have it, and you are talking about a handful of machines, it might be easier to use the server's IP address on your client machines on the LAN. If the machine is named "mailserver", mailserver.local will also work. Otherwise, you will be resolving to the external address.
 • If you do have an internal DNS server, you can use the thehighlands.us domain, in which case you should set up the same records as your ISP, and be sure that the internal clients are using only your internal DNS.

"rDNS failed" means that they don't match, not that there was no response. That entry was put there by the SMTP server at mail.workdomain.com. FYI, rDNS failure is an indication of a rogue mailserver, although there are likely many legitimate servers that do not have matching reverse DNS entries.Some mailservers block connections where rDNS has failed, as a spam fighting strategy.
0
 
LVL 12

Expert Comment

by:nxnw
ID: 33749713
BTW, your A record isn't mail.thehighlands.us. It is something else. mail.thehighlands.us is an alias.

Unless you have a really good reason to have multiple names, you should keep it simple. You are just getting your feet wet and having one internal name and two different external names for the same machine is bound to mess you up at some point. Issues with setting up a SSL certificate comes to mind.
0
 

Author Comment

by:ultreya
ID: 33795558
Thx for the help.

I know why the rdns failure occurs, and once the ISP gets the ptr record in place that should stop. My concerns are with the internal IP's showing in the header information rather than the external hops. I am unsure if this is normal with Mac or not. I have set up several Exchange servers and have never seen an internal IP in the header, unless it was from inside to inside mail.

You are correct in the a record though. It's a reseller of a reseller of a registrar. I worked with them for over an hour just getting the records created, was difficult to get cooperation from them... the A record is webmail.thehighlands.us. with an alias  of mail. pointing to the a record.

Will be working on this (these) issues over the next few days, so will chime back in.

I apologize for the delay, was occupied with other projects.
0
 
LVL 12

Expert Comment

by:nxnw
ID: 33795569
"If you sent the mail from a machine on the same LAN as the thehighlands.us mailserver, it is correct for the header to show the private IP. The same mailserver generating references to itself in the header will refer to itself by its localhost address."
0
 

Author Comment

by:ultreya
ID: 33862443
The header information from above is from inside to an outside message
This is where i saw the 127 address, understanding this is loopback that just points to the mail server...
"by localhost (mailserver.thehighlands.us [127.0.0.1]) "
But the actual internal IP was displayed as well
"Received: from 192.168.9.9"
So I wanted to make sure the setup/configuration was correct, in that I did not believe these addresses should be shown, but if they are then they are...

Good note.
The ISP finally put in the ptr record, so the rdns failure is no longer an issue.

To re-itterate though.
Is it normal for the private IP addresses to be shown in the headers?
0
 
LVL 12

Accepted Solution

by:
nxnw earned 500 total points
ID: 33863259
I thought I was very clear, but I will try a different way. Follow each of the 5 steps from sender to mail.workdomain.com.

1. SquirrelMail reports that it received email from 192.168.9.9, a machine on the same LAN. This is the only IP address the server could possibly have for that local machine on the LANs private 192.168.9.x range.

Received: from 192.168.9.9
        (SquirrelMail authenticated user bwayne)
        by mailserver.thehighlands.us with HTTP;
        Thu, 23 Sep 2010 09:13:32 -0500

2. Postfix reports that it received the email from SquirrelMail. Both are on the same server, correctly identified as localhost:

Received: from mailserver.thehighlands.us (localhost [127.0.0.1])
      by thehighlands.us (Postfix) with ESMTP id 2E2B56CDC0
      for < user@workdomain.com >; Thu, 23 Sep 2010 09:13:32 -0500 (CDT)

3. AMaViS reports that it received the email from Postfix. Both are on the same server, correctly identified as localhost:

Received: from thehighlands.us ([127.0.0.1])
      by localhost (mailserver.thehighlands.us [127.0.0.1]) (amavisd-new, port 10024)
      with ESMTP id ukzgNYsPy+-8 for <user@workdomain.com>;
      Thu, 23 Sep 2010 09:13:32 -0500 (CDT)

4. Postfix reports that it received the email back from AMaViS. Both are on the same server, correctly identified as localhost:

Received: from localhost (localhost [127.0.0.1])
      by thehighlands.us (Postfix) with ESMTP id 548D66CDD1
      for <user@workdomain.com>; Thu, 23 Sep 2010 09:13:41 -0500 (CDT)

5. Now the email is out in the wild. Accordingly, mail.workdomain.com knows the thehighlands.us server by its public IP address.

Received: from thehighlands.us ([68.70.65.100] RDNS failed) by mail.workdomain.com with Microsoft SMTPSVC(6.0.3790.4675);
       Thu, 23 Sep 2010 09:13:59 -0500
0
 

Author Closing Comment

by:ultreya
ID: 33863647
Excellent description, thanks.
Could have done without the "I thought I was very clear, but I will try a different way" dig, but i have to assume you are who you are.
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

With the major release of Apple's 7th addition to the Mac OS X family, Mac OS X 10.6 Snow Leopard, there are a lot of enhancements which have arrived with this new OS X upgrade. With the number of enhancements and refinements I can provide deta…
We could spend the next millennium discussing the differences of the Mac and Windows platforms. The next century will continue to have fanatics on both side of the equation and neither side will win the war. However, that’s not why we are here. W…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

680 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question