[Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 473
  • Last Modified:

dns PTR issue

Hello All;

My ISP Has set my Static IP Address to my FQDN ie: mail.cffdaemon.com
http://www.iptools.com/dnstools.php?tool=rdns&user_data=216.97.166.158

Now, using the http://www.dnsgoodies.com/ site
It states that I do not have a PTR for the mail.cffdaemon.com


A      216.97.166.158
MX      10 mail.cffdaemon.com.
CNAME      No CNAME record found.
NS      carrz-server.carrz-fox-fire.local.
ns1.cffdaemon.com.
ns2.cffdaemon.com.
PTR      No PTR record found.
SOA      carrz-server.carrz-fox-fire.local. hostmaster.carrz-fox-fire.local
14 900 600 86400 3600

When I send mail, it is not going anywhere, and I believe that this issue, is what is causing it.
I have checked my IP, and it is not black listed.

I have the proper ports routed to the Mail Server, of which incl:
DNS, Mail, and Web. (Yes, a cluster, until I get a new 64 bit server, this is what I have to use/test with)

Any idea's on what could be causing the PTR Not to work?
Thank You
Carrzkiss
0
Wayne Barron
Asked:
Wayne Barron
  • 20
  • 10
  • 6
  • +2
6 Solutions
 
Krzysztof PytkoActive Directory EngineerCommented:
Unfortunately you would not be able to modify PTR records yourself. You need to ask ISP for that because you have no access to its reverse lookup zone.

So, please call ISP and ask it for that change

Regards,
Krzysztof
0
 
ABCStoreCommented:
When I send mail, it is not going anywhere, and I believe that this issue, is what is causing it

If only some mail doesn't get delivered, then, yes. If none of your mail is being sent out then it's a different issue. (DNS, routing, firewall etc)
0
 
Wayne BarronAuthor Commented:
@iSiek
My ISP has already created the PTR Record for me.
What else do they need to do?

@ABCStore
What would I need to check on?
The Router is already opened for the proper ports.
The following ports are open
DNS = 53
Pop3 = 100
SMTP = 25

among others.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
Wayne BarronAuthor Commented:
OK, what was happening, is that I had assigned the Static IPs to my NIC.
And was assigning the IP Address to the Mail Account, of which was not working.
This was causing it not to send out.

So, I have just the internal IP Address assigned, however, the issue is now that I have the mail sending out, it is sending with the wrong IP Address in the header.
Instead of using the [158] it is using the routers IP Address of [157]

So. That is what I am having to deal with right now.
0
 
Ernie BeekCommented:
So you should set up a 1:1 nat from the 158 public address to the internal address of your mailserver. How to do that depends on what type of router you have.
0
 
Wayne BarronAuthor Commented:
I have a Cisco PIX router in storage, of which I will be moving in a month (hopefully), so that will be utilized then, at the moment, I am using the "Windstream Modem".
I have requested the ISP to assign a PTR to the 157, so that I can use it as a temp for the moment. I have both IP Addresses as NS Records from the mail domain.
Hopefully the PTR for the 157, will be done today, so that I can test everything out over the weekend, and hopefully start sending out mail by Monday.
0
 
Ernie BeekCommented:
For now that would be the easiest option (point the PTR to 157). When you move to the PIX it should be fairly simple to setup a separate public IP for your mailserver. And if you can't figure it out, we are here (I'm quite handy with the PIX/ASA if I do say so myself :).
0
 
Wayne BarronAuthor Commented:
Thanks Ernie.
I have a Thread on EE, that was done around the summer of 2006, that luckily, thanks to EE, is still on here, that has all the information that I need to set that baby back up again.
I really do miss using it,though I may need help in configuring everything, we will just have to wait until that bridge is ready to cross.

Take care guys and gals, that come in here.
You all have a great weekend.
Carrzkiss
0
 
Ernie BeekCommented:
U 2

Let us know how things work out with the PTR.
0
 
Wayne BarronAuthor Commented:
Well, got the new PTR from the ISP, however, the site is still showing it as NO PTR, what is going on? I do not understand this at all.
If the ISP has the record created, then why would the site shows NO PTR.
http://www.dnsgoodies.com/

A      216.97.166.157
MX      10 mail.cffdaemon.com.
5 mail1.cffdaemon.com.
CNAME      No CNAME record found.
NS      ns2.cffdaemon.com.
carrz-server.carrz-fox-fire.local.
ns1.cffdaemon.com.
PTR      No PTR record found.

This is really annoying to say the least.
And also I have this as well.

http://www.debouncer.com/reverse-dns-check

FCrDNS test result:
216.97.166.157 resolved to mail1.cffdaemon.com.
mail1.cffdaemon.com resolved to 216.239.120.41;
rDNS is NOT forward confirmed.

I am doing research on: rDNS is NOT forward confirmed
0
 
Ernie BeekCommented:
Ok......

When looking at mxtoolbox.com I get:

Status      Result
OK - 216.97.166.157 resolves to mail1.cffdaemon.com
OK - Reverse DNS matches SMTP Banner
Warning - Does not support TLS.
0 seconds - Good on Connection time
OK - Not an open relay.
0.328 seconds - Good on Transaction Time
0
 
Wayne BarronAuthor Commented:
Yes, all that is good, however, when looking at:
http://www.dnsgoodies.com/
I get: PTR      No PTR record found.

My mail is getting put in the SPAM folder in Hotmail, and is not showing up to Yahoo.com
However, it does show up when google to my Google Apps account, for my main domain which is cffcs.com
0
 
Wayne BarronAuthor Commented:
OK, lets try this again (EE Was down for a little while, so I lost when I submitted to air)

I can now send to the inbox of:
Yahoo.com, Gmail.com

I am still in the Spam Folder of:
Hotmail.com

Not sure about other mail servers.
I have ran the following test, and have passed every one of them.

#1:
Created a SPF Record from this site:  Sender ID Framework SPF Record Wizard , I put the SPF Record in my Database and Reloaded, and it is seen by the test as being there, and has PASSED!

However, in the HOTMAIL Header of my email that I sent, it stated the the
Sender ID=none
Which means that I am SPAM??? Go Figure, their software sees it, however, their mail server does not, maybe later on today or tomorrow, we will just have to wait and see.

#1a
This website test tool for SPF records, http://www.kitterman.com
States the following:
SPF records should also be published in DNS as type SPF records.
However, it does find my SPF record that I do have, of which I generated using Microsoft tool, from their site, so how can it not be there, when it is there?

No type SPF records found.
Checking to see if there is a valid SPF record.
No valid SPF record found of either type TXT or type SPF.

#2:
Reverse DNS test
Ran this one, where I got an error the other day:
rDNS is NOT forward confirmed.
It PASSED Today!!
rDNS if forward confirmed.

#3:
Remote Connectivity Analyzer
Tested it the first time today, and it failed on a BAD MX Record.
I removed the BAD record, and now it PASSES!!! Every test under: Internet E-Mail Test

So, there is everything that I have right now.
I am slowly getting things working, however, there are some area's that are pushing me backwards.
Hopefully this evening, after another 12 hours have gone by, things will start to look up with more time passed.
0
 
Ernie BeekCommented:
Regarding the SPF, how did you set it up exactly?
0
 
Wayne BarronAuthor Commented:
Followed this link here
http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/default.aspx

v=spf1
a
mx
ptr
a:mail.cffdaemon.com
a:cffdaemon.com
mx:mail.cffdaemon.com
-all
0
 
Ernie BeekCommented:
And (perhaps asking the obvious) you did put that in a TXT record?
0
 
Wayne BarronAuthor Commented:
Yes, it is a txt record
0
 
DrDave242Commented:
Nslookup on my end shows that your SPF record may be incorrectly formatted.  It looks like you've got each of those mechanisms on a separate line.  This is certainly nonstandard, and it may not work at all.  You've also got several redundancies in that record.  The "a" mechanism states that any machine with a host record in your domain's public DNS is permitted to send mail from your domain, so you can basically cut the rest of the record out.  You'll end up with this:
v=spf1 a -all
0
 
Wayne BarronAuthor Commented:
Dave, what did you use to check on it with?
And yes, I did not realize that I had them on separate lines.
I just copied and pasted out of the Microsoft page.

I have updated the SPF in the DNS.
Check it out now.
0
 
DrDave242Commented:
I just used the nslookup utility built into Windows to check it.  Your SPF record looks better now, as it's all on one line, but oddly enough, I don't see an MX record for your domain.
0
 
Wayne BarronAuthor Commented:
The MX is there.
mail.cffdaemon.com
You are most likely looking at the  
cffdaemon.com
Of which I forgot to add in an MX for it, as it is not being used for Mail
Only mail.daemon.com is for mail, which has it own DNS all together.
0
 
DrDave242Commented:
You're right; I was looking at cffdaemon.com.  I see the MX record now.
0
 
Wayne BarronAuthor Commented:
Finally got Hotmail to do a: sender-id=pass
So that is good, however, they are still putting me in the SPAM folder.

ie: I had to remove the invalid
a:cffdaemon.com
From the SPF record under the mail.cffdaemon.com DNS
0
 
Wayne BarronAuthor Commented:
AOL Is being an pain in the butt
I hate dealing with their servers.
0
 
DrDave242Commented:
How are things looking today?  What's still not working, if anything?
0
 
Wayne BarronAuthor Commented:
DNSGoodies.com
Still reporting that I do not have a: No PTR record found.

Other than that issue, and Hotmail and AOL issues, everything seems to be ok.
0
 
DrDave242Commented:
I see PTR records for 216.97.166.157 and .158, so I'm not sure why it's saying there isn't one.  BTW, you've got carrz-server.carrz-fox-fire.local listed as a nameserver for that domain.  You'll probably want to remove that, since its name can't be resolved on the Internet.
0
 
Wayne BarronAuthor Commented:
How can I remove it?
I have tried, and once I reboot DNS, it appears right back again.
Trust me, I have tried several times.
I believe it is because this is the Domain Server, is the reason why it is there, and the reason why it will not stay removed.
So I am thinking that it is there to stay.
Hopefully before Christmas, I will have another server in house for Mail, so until then, I have to use what I have.
0
 
DrDave242Commented:
Ah, so you've got a server hosting both your internal and external DNS?  If that's the case, you're right; I don't think there's anything you can do about that.
0
 
Wayne BarronAuthor Commented:
OK.
AOL Has removed my IP Address from their Block list.
I will test this all out by the end of the weekend or Monday.

Does anyone know what a:   feedback loop for the IP
is?

That was at the bottom of the email that was sent to me.
0
 
DrDave242Commented:
I'm not sure what they mean by a feedback loop for the address.  Can you post that portion of the e-mail?
0
 
Wayne BarronAuthor Commented:
If you are the administrator of the IP submitted in this request, please consider getting a feedback loop for the IP at http://postmaster.aol.com/SupportRequest.FBL.php

I can finally send to AOL mail now.
So that is taken care of, the only thing that I have to do now, is get HOTMAIL so that it does not put me in their SPAM Folder.

Heck, AOL was easier to deal with than Hotmail is being.
0
 
DrDave242Commented:
Looks like the feedback loop thing is just AOL's way of asking for an e-mail address that's authorized to receive and process abuse complaints for your domain.  I wouldn't worry about it.
0
 
Wayne BarronAuthor Commented:
Yea, I am more concerned at the moment with Hotmail and their issue with putting me in Spam.
0
 
DrDave242Commented:
Can you look at the header of a message sent from your domain to Hotmail?  It might give you some idea of what's going on.
0
 
Wayne BarronAuthor Commented:
Here is the header from Hotmail.

x-store-info:w5JOV+GpEg16Hd3Liu8PdTjitHWAp2RPDJiCSW8vo8XkzLZxlqVeScToYGT30moUlmdy0UyzF0TkCe8JHGjmHmevlWi0c26omr8yvRf2vuLiOx8LSaW0pYmPoidCsNWDNZ0mDijHlBw=
Authentication-Results: hotmail.com; sender-id=pass (sender IP is 216.97.166.157) header.from=daemon@mail.domain.com; dkim=none header.d=mail.cffdaemon.com; x-hmca=pass
X-SID-PRA: daemon@mail.cffdaemon.com
X-DKIM-Result: None
X-SID-Result: Pass
X-AUTH-Result: PASS
X-Message-Status: n:n
X-Message-Delivery: Vj0xLjE7dXM9MDtsPTA7YT0xO0Q9MjtHRD0xO1NDTD00
X-Message-Info: 7FmAUICozuu5v/NHXGaQenH/aphP1EUODsIr8OEY0HImjce5PY58inleh9f++Y0wdPy34pwEb8AVF+MHP5r33qLy0wPYr8RULul8wpjGQ7Oi0aiSr0W24rABYS49SW1fS9mkI2tPDB9skb9WdE0LLQ==
Received: from mail.domain.com ([216.97.166.157]) by SNT0-MC1-F11.Snt0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4900);
       Thu, 20 Sep 2012 18:02:44 -0700
Received: from CARRZ7 [192.168.2.12] by mail.domain.com with ESMTP
  (SMTPD32-8.10) id ACF82CE0116; Thu, 20 Sep 2012 21:03:52 -0400
0
 
DrDave242Commented:
Looks like you've got everything set up correctly.  You don't have DKIM configured, but from what I've been reading, that can actually cause more problems with Hotmail than it fixes, so I would not recommend configuring it at this time.

You may end up having to contact the Hotmail folks (i.e., Microsoft) to get this straightened out, as you're definitely not the only person experiencing this kind of thing.  My company's web filter blocks webmail, and Hotmail falls into that category, so I can't pull up the site to try and find a contact form.  You might try the Hotmail forum for starters, though.
0
 
Wayne BarronAuthor Commented:
Forgot all about this thread.
Well, I have been so busy working on other projects, and also had some down time, that I did not mess with anything. So.

The way that Hotmail has everything set up, you have to send mail to several accounts, and if those accounts mark you are safe, than you will be listed in their white list.
That is what I found out about a month ago, just have not messed with it.
However, starting next week, I will be sending out emails to our members, and there are several Hotmail members, so I will have to contact them personally on a good standing email address, and let them know about the SPAM issue with Hotmail.

What is so weird about it, is that during my first set of configurations of our mail server, I was able to send to Hotmail, and it not get spammed.
So, I am thinking that with the IP Address, and then 2 different domains, they thought I was a Spam Bot or something, not really sure.

I am going to close this one out, as there is not very much more that can be done.
I am going to award all that tried to assist point.

Thanks all;
Merry Christmas.
Carrzkiss
0

Featured Post

Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

  • 20
  • 10
  • 6
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now