Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 665
  • Last Modified:

Reverse DNS lookup for exchange

I am currently using nat translations to nat inbound smtp.domain.com traffic to a specific IP address and another public IP address for outbound email messages. My question is, where does the PTR get pointed to? Should it point to the inbound public ip or the outbound public ip address? Right now we have our smtp.domain.com MX record pointed to the Public IP where mail comes in and we also have the PTR associated with that same public ip. Is there a problem with that?

I was thinking about placing the PTR record on both the inbound and outbound Public IP addresses, would that cause a problem?
0
justin0104
Asked:
justin0104
  • 2
  • 2
1 Solution
 
Shack-DaddyCommented:
RDNS\PTR is just for verifying the integrity of outbound mail, so whichever IP your server uses to send OUTBOUND mail, that IP should have an RDNS record on it that resolves to the same name that your server uses when it connects to remote servers (typically defined on your send connector if you are running Exchange 2007).

That being said, it wouldn't cause a problem to use it on both IPs. It just wouldn't use the inbound IP unless something caused them to get switched and mail started going out that IP. It happens.
0
 
justin0104Author Commented:
We are running exchange 2003. And that is what I was thinking. I have the PTR pointing to both IP addresses right now so hopefully our email will start flowing outbound soon! Our email will flow outbound to yahoo.com for instance since they do not perform any sort of reverse dns lookup. That is about all we can find that it will send out to right now.

Anything that you can think of that would speed up the process here of DNS propagation? I called our ISP and had them create the PTR on the public IP that exchange uses for outbound messages. Are there any tricks to get out email flowing outbound, we have email flowing inbound but we need to get email going outbound even if it is temporary.  
0
 
Shack-DaddyCommented:
Find out what your ISP's smarthost is and set up a connector to use that smarthost. If you do that, you can send out mail immediately. For the mail servers that I set up, I always use a 3rd-party mail filtering/smarthost service (McAfee SAAS) to cover both inbound and outbound, and the smarthost allows us to not worry so much about DNS propagation and RDNS records.
0
 
MegaNuk3Commented:
Either use a smart host as shack daddy says or I would put in a new dns name and PTR record for the outbound IP like mailo.mydomain.com you can then decide if you want an MX record with priority 100. You can then add it to your SPF record.

After all the above you should be able to ping mailo.mydomain.com from the Internet and get the right IP address and ping -a <IP address> from the Internet and get the correct dns name back. Don't forget to change your outbound SMTP header to say mailo.mydomain.com
0
 
justin0104Author Commented:
done
0

Featured Post

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now