Solved

Reverse DNS issue because IP was/is Blacklisted

Posted on 2012-03-14
5
414 Views
Last Modified: 2012-03-16
Our email server was compromised and with the help of Microsoft we were able to cleanup the server, eliminate the trojans and/or bots, and I am in the process or installing a new firewall.  During the cleanup process I contacted the three blacklisted companys that had our IP blacklisted.  I was able, fairly quickly, to rectify two out of the three.  However, the last company mentioned that according to "best practices" we should change our Revese DNS from the AT&T....blah,blah,blah designation to mail.ourdomainname.com.

Here's my questions:   We are running SBS 2003 with Exchange 2003.
1.  I can do this, but do i also have make any configuration changes in Exchange, if so, please detail where is specify the reverse DNS
2.  Once done this DNS change is made do we need to wait until the propogation (24-48 hrs) is complete before we can send email?

Thanks in advance for your assistance...
0
Comment
Question by:infosys3
  • 2
  • 2
5 Comments
 
LVL 6

Expert Comment

by:Dangle79
Comment Utility
it wouldn't be done locally unless you're hosting your own authoritative DNS. you'd have to contact your DNS host to find out how to change that.

basically what's happening is instead of an outsider saying "hey gimme an IP for www.joeshmoe.com" it's saying "hey, who is 12.12.12.12 for real" and the reverse lookup is throwing back the root name assigned by your ISP, which is apparently AT&T
0
 

Author Comment

by:infosys3
Comment Utility
Dangle79:  So, there is no config change anywhere in Exchange on my SBS Exchange, YES?

Next, becasue this is a DNS change will I have to wait to send/receive email because of the propogation of the reverse DNS designation?  I am trying to determine if I should have AT&T do this Reverse DNS change Friday afternoon so that the propogation will occur over the week end rather than during the week.  I hope I am making myself as clear as mud!  Thanks again for your speedy reply.
0
 
LVL 6

Accepted Solution

by:
Dangle79 earned 450 total points
Comment Utility
It's pretty non-typical for a DNSBL host to deny removing you from their list based purely on the fact that your reverse lookup doesn't match. I'm not even sure that mine matches. But, sometimes they do take a while for their databases to update once you've requested removal. Some even have a sort of probationary period where they'll keep you in a sort of limbo for 24 hours.

But, to answer your question, no there's nothing in Exchange regarding reverse lookup records on public DNS. It's 100% outside your organization; especially given that, as in this case, third-parties will use it to validate the identity of connecting hosts. As for whether it prevents you from sending email, that depends on who you send it to. This is really someone's receiving smart host configured to query a DNSBL provider for inbound messages. If you have a message bound for a host that uses a DNSBL that has you blacklisted in their database, they'll deny your connection. For all others it's business as usual.

I don't see any reason you would need to concern yourself with any down time as 99% of all DNS queries are forward lookup, which you're not tinkering with.
0
 
LVL 76

Assisted Solution

by:Alan Hardisty
Alan Hardisty earned 50 total points
Comment Utility
Reverse DNS is setup by your ISP on your fixed IP address not in DNS.

You should check your FQDN on your SMTP Virtual Server (properties)> Delivery Tab> Advanced Button.

This should ideally match your Reverse DNS record.

What is important is that the FQDN setup as your Reverse DNS record resolves in DNS to the IP address that you are sending from.  That's it.

So if you use mail.domain.com as your Reverse DNS record and your Fixed IP is 123.123.123.123, then mail.domain.com MUST resolve to IP 123.123.123.123.
0
 

Author Closing Comment

by:infosys3
Comment Utility
Many thanks for the speedy replies.  Yes, I made the request for mail.domainname.com changes with AT&T.  All is well.  Good job.
0

Featured Post

How does your email signature look on mobiles?

Do your employees use mobile devices to reply to emails? With mobile becoming increasingly important to the business world, it is in your best interest to make sure that your email signature looks great across all types of devices.

Join & Write a Comment

We are happy to announce a brand new addition to our line of acclaimed email signature management products – CodeTwo Email Signatures for Office 365.
This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now