Email blocked from Virtual server with 'no PTR record found'

I have gotten a couple errors lately from email sent from a virtual server.

Sender: Please tell postmaster at your system: Could not
    find PTR record for your mail host <ip address of virtual server>

This is pretty new, and comes after adding second server.
First server: use DNS service of godaddy to point domain Domain.com and server web1.Domain.com to my ip address. (yes, real server has different one...owned by hosting company). I then added another server billing.Domain.com.   Problem showed up after this, but not sure that's related. Could be I'm just sending mail to new locations that would have always flipped.

on mail server (web1.Domain.com) i get
[root@web1 ~]# dig -x <ip address of my server>

; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 <<>> -x <ip address of my server>
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 59008
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;<<ip address of my server backwards>>.in-addr.arpa.    IN      PTR

;; AUTHORITY SECTION:
<<three most significant numbers>>.in-addr.arpa. 900     IN      SOA     ns1.pwebtech.com. reg.pwebtech.com. 2010111902 36000 3600 3600000 36000

;; Query time: 85 msec
;; SERVER: 4.2.2.2#53(4.2.2.2)
;; WHEN: Tue Apr  5 13:35:39 2011
;; MSG SIZE  rcvd: 100

I am not running named on this server (although I haven't shut it down on billing.domain.com.

How do i get a PTR record to show?
JerryNortonAsked:
Who is Participating?
 
BWaringConnect With a Mentor Commented:
OK, here you go:

- your MX records resolve to CNAMEs... you need to change the MX records to point to the IP address of the mail server, not it's host name

- you have 2 MX records that are identical. This is technically possible, but not good practice... remove the second one

- and, as a few of us had mentioned (first post), there is no reverse DNS setup for the IP address of your mail server. As a few of us have mentioned, send your IP address along with your mail server host name, to your ISP and asj them to create a reverse DNS record for your mail server

- you do have an SPF record - "v=spf1 a mx ptr ~all" - this should work (once the rDNS is created above), as the PTR option will tell the recipient to validate the reverse DNS name of the IP address of your mail server. The "~all" mean 'soft fail' anyway, so most SPAM filter would probably only mark your email as SPAM, worst case, as opposed to rejecting it. You could change that to "-all" if you are sure that this is the only server that will ever send mail for your domain (including possible mobile clients, etc....)
0
 
Ernie BeekExpertCommented:
Well you have one don't you?

;<<ip address of my server backwards>>.in-addr.arpa.    IN      PTR

But that the one for your mailserver. Looks like the other server is sending mail itself and hasn't got a PTR record yet. So looks like you need to set up one for that machine as well.
0
 
BWaringCommented:
This is all based upon that being your real domain name in the SOA record listed above...

A quick check indicates that it seems your email comes in to an external mail gateway (based upon the MX record), not to the sever in question (web1)... but that server (web1) is sending mail on behalf of your domain... is that correct?

if so then

- web1 needs to have a reverse DNS record created by your ISP (that would cause the error you are receiving)
- you should have an SPF record that has 'ip:<public IP of web1>' in it, so if anyone checks the SPF record, web1 will be authorized to send

Lastly, if 'web1.that domain above' is the correct fqdn for the server we are discussing, then you may have a problem with the actual IP address assignment, as I am getting a DNS loop trying to look up the rDNS for the IP address that a simple 'ping' of 'web1.that domain name' returns <- did that make sense?
0
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

 
JerryNortonAuthor Commented:
Ok, I'm not sure that either comment understood that I hid the actual ip addresses and domain name here...

there is a valid ip address on the virtual server. There is a real domain name instead of web1.domain.com.
The email running is postfix with dovecot and squirrelmail all on web1.{a real domain belonging to me}.com

Does that help?
0
 
BWaringCommented:
Try this...

Does that virtual server have a reverse DNS record set up with your ISP?
  You need one, as the PTR errror sounds like the recipient is checking for it, and not finding it...

Do you send and receive mail on that virtual server? Do you have an SPF record set up?
  You need to have one properly configured, as that is another reason your email may be blocked. If you do have one and that server doesn't receive your normal email, then it may not be set up correctly.
0
 
JerryNortonAuthor Commented:
ok, on the dns service i added a spf record. let's see what happens when it propagates through
0
 
BWaringCommented:
It's sometimes hard to figure this out without being able to test the domain name.... if you would like, send me a private email to my member name @ dcstg.com and I can test it for you and see if there is anything else that might be preventing your emails from being delivered... totally your choice, of course....
0
 
BWaringCommented:
Actually, just read that emailing is not allowed, so unless you wanted to post your domain here, I wouldn't be able to check... sorry...
0
 
KaffiendCommented:
PTR records are (in most cases, there are exceptions) managed by whoever provides your connection to the internet.  Call your ISP or hosting company, and have them create a PTR record (aka reverse DNS record) for the public IP address your server uses.
0
 
JerryNortonAuthor Commented:
Bwaring...sent you an email (if it gets through) will resend if i see error.
0
 
JerryNortonAuthor Commented:
although, as usual, my lack of knowledge makes it hard for the experts to 'come down to my level'.

Thanks so much.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.