Gateway reverse lookup

Hi Everyone

What is the best practice for gateways. For example we got blacklisted a while ago and public ip is still blacklisted on spam rats. It says about reverse lookup not being setup

the exact message "Does IP Address comply with reverse hostname naming convention". While letting my isp know we were told to liase directly with spamrats which i did but the ip has not been given ok by spamrats. I think that they want us to set reverse DNS on gateway.

1) What is the best practice for gateways?
2) What happens if i give it a name with my domain? nnn.kkk.school.fj.
3) Does it interrupt my traffic?
4) Do i have to change my firewall rules based on the name change?
5) What all do i have to do to get this done?
6) What is the whole purpose of reverse dns on gateway as i was told by my ISP that they only setup if told by a customer to do so?
Member_2_6474242Senior Systems AdministratorAsked:
Who is Participating?
 
nociSoftware EngineerCommented:
if your  IP address is 1.2.3.4
and your mail server has the name mail.example.com  then
it should present itself  with: HELO mail.example.com
(from the ip address 1.2.3.4.....)

Then the remote mail server will lookup where the connect was from (ie. 1.2.3.4 and ask for the PTR 4.3.2.1.in-addr.arpa
and that answer SHOULD be mail.example.com  (only your ISP can arrange this reverse lookup....)

OTOH: if the ISP will not change then if the reverse lookup delivers... cust1234.isp.example.com  -- then maybe you need to  configure you mailserver to present cust1234.isp.example.com as the mailserver's name.

After this is fixed: lookinto SPF , DKIM & DMARC.
1
 
Blue Street TechLast KnightCommented:
1) What is the best practice for gateways?
Not sure what you are asking here.
2) What happens if i give it a name with my domain? nnn.kkk.school.fj.
Not sure what you are asking here again, but I belive noci addressed this.
3) Does it interrupt my traffic?
Nope!
4) Do i have to change my firewall rules based on the name change?
No.
5) What all do i have to do to get this done?
Your ISP needs to set this record so contact them to do so.
6) What is the whole purpose of reverse dns on gateway as i was told by my ISP that they only setup if told by a customer to do so?
Noci already answered this quite well!

Some other items you should consider to prevent blacklisting is:
• Remove all open relays
• SPF, DKIM & DMARC as noci stated.
• Consider offboarding your security & anti-spam engine to the cloud like Microsoft EOP (Exchange Online Protection) - it works for cloud, hybrid and on-premise Exchange environments.

Microsoft EOP is a cloud-based email filtering service that protects your company against spam & malware, and includes features to safeguard you from messaging-policy violations (like the one you got!). EOP can simplify the management of your messaging environment and alleviate many of the burdens that come with maintaining on-premises hardware & software, especially Sender IP-reputation. https://technet.microsoft.com/library/exchange-online-protection-service-description.aspx

There are others besides Microsoft EOP such as Google Postini, SonicWALL Hosted Email Security, Barracuda Spam, Cisco IronPort & so on but I prefer Microsoft EOP and its relatively inexpensive.

They all function similarly in that you use their IPs instead of your own so your liability & risk is shifted to them. You don't have to worry about getting your IP blacklisted and that halting your ability to function and send/receive mail because again the IPs you are sending from are not yours and they [the providers] are very diligent to make sure their IPs do not get blacklisted.
0
 
Member_2_6474242Senior Systems AdministratorAuthor Commented:
1) What is the best practice for gateways? example is it the right practice to setup reverse dns for gateways. if so why is it needed, Why have we been blacklisted based on gateway IP for reverse dns

2) What happens if i give it a name with my domain? Lets say my public ip is 1.2.3.4 if i tell my isp to setup  reverse dns of xxx.kkk.school.fj

What does it impact? what are the things to consider before doing it?
0
WEBINAR: 10 Easy Ways to Lose a Password

Join us on June 27th at 8 am PDT to learn about the methods that hackers use to lift real, working credentials from even the most security-savvy employees. We'll cover the importance of multi-factor authentication and how these solutions can better protect your business!

 
Blue Street TechLast KnightCommented:
1) What is the best practice for gateways? example is it the right practice to setup reverse dns for gateways. if so why is it needed, Why have we been blacklisted based on gateway IP for reverse dns
Your IP for your mail host nnn.kkk.school.fj must have a PTR record setup by your ISP. When your mail server is queried it will respond with nnn.kkk.school.fj from IP: 1.1.1.1 (your actual Public IP address). Then the IP address (1.1.1.1) is queried to see if it actually points to your mail server (nnn.kkk.school.fj). If you don't have a PTR record setup by your ISP when someone queries your IP address it will not show that it belongs to nnn.kkk.school.fj. It is a form of a Trusted Chain. Does that make sense?
noci already answered this in comment: https:#a42480838

2) What happens if i give it a name with my domain? Lets say my public ip is 1.2.3.4 if i tell my isp to setup  reverse dns of xxx.kkk.school.fj
I explained this in my first response above!

What does it impact? what are the things to consider before doing it?
You should have done it when you setup the mail server. You should do it immediately - there is no harm only positives for you! ISPs take a long time to do anything submit that you want it ASAP!
0
 
Member_2_6474242Senior Systems AdministratorAuthor Commented:
Thanks
0
 
Blue Street TechLast KnightCommented:
You are welcome! Glad I could help and thanks for the points!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.