Reverse DNS issue because IP was/is Blacklisted

Posted on 2012-03-14
Last Modified: 2012-03-16
Our email server was compromised and with the help of Microsoft we were able to cleanup the server, eliminate the trojans and/or bots, and I am in the process or installing a new firewall.  During the cleanup process I contacted the three blacklisted companys that had our IP blacklisted.  I was able, fairly quickly, to rectify two out of the three.  However, the last company mentioned that according to "best practices" we should change our Revese DNS from the AT&T....blah,blah,blah designation to

Here's my questions:   We are running SBS 2003 with Exchange 2003.
1.  I can do this, but do i also have make any configuration changes in Exchange, if so, please detail where is specify the reverse DNS
2.  Once done this DNS change is made do we need to wait until the propogation (24-48 hrs) is complete before we can send email?

Thanks in advance for your assistance...
Question by:infosys3
  • 2
  • 2

Expert Comment

ID: 37722203
it wouldn't be done locally unless you're hosting your own authoritative DNS. you'd have to contact your DNS host to find out how to change that.

basically what's happening is instead of an outsider saying "hey gimme an IP for" it's saying "hey, who is for real" and the reverse lookup is throwing back the root name assigned by your ISP, which is apparently AT&T

Author Comment

ID: 37722366
Dangle79:  So, there is no config change anywhere in Exchange on my SBS Exchange, YES?

Next, becasue this is a DNS change will I have to wait to send/receive email because of the propogation of the reverse DNS designation?  I am trying to determine if I should have AT&T do this Reverse DNS change Friday afternoon so that the propogation will occur over the week end rather than during the week.  I hope I am making myself as clear as mud!  Thanks again for your speedy reply.

Accepted Solution

Dangle79 earned 450 total points
ID: 37722418
It's pretty non-typical for a DNSBL host to deny removing you from their list based purely on the fact that your reverse lookup doesn't match. I'm not even sure that mine matches. But, sometimes they do take a while for their databases to update once you've requested removal. Some even have a sort of probationary period where they'll keep you in a sort of limbo for 24 hours.

But, to answer your question, no there's nothing in Exchange regarding reverse lookup records on public DNS. It's 100% outside your organization; especially given that, as in this case, third-parties will use it to validate the identity of connecting hosts. As for whether it prevents you from sending email, that depends on who you send it to. This is really someone's receiving smart host configured to query a DNSBL provider for inbound messages. If you have a message bound for a host that uses a DNSBL that has you blacklisted in their database, they'll deny your connection. For all others it's business as usual.

I don't see any reason you would need to concern yourself with any down time as 99% of all DNS queries are forward lookup, which you're not tinkering with.
LVL 76

Assisted Solution

by:Alan Hardisty
Alan Hardisty earned 50 total points
ID: 37722547
Reverse DNS is setup by your ISP on your fixed IP address not in DNS.

You should check your FQDN on your SMTP Virtual Server (properties)> Delivery Tab> Advanced Button.

This should ideally match your Reverse DNS record.

What is important is that the FQDN setup as your Reverse DNS record resolves in DNS to the IP address that you are sending from.  That's it.

So if you use as your Reverse DNS record and your Fixed IP is, then MUST resolve to IP

Author Closing Comment

ID: 37731501
Many thanks for the speedy replies.  Yes, I made the request for changes with AT&T.  All is well.  Good job.

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Read this checklist to learn more about the 15 things you should never include in an email signature.
A list of top three free exchange EDB viewers that helps the user to extract a mailbox from an unmounted .edb file and get a clear preview of all emails & other items with just a single click on mailboxes.
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question