hossameldein osman
asked on
is it possible to have two PTR Record for the same MX record
I published Exchange server via a firewall .We have an MX record and PTR record in our host dns.
The problem is when we send to anybody.the email will looks like that we send it from the firewall IP not the exchange published IP.and we donot have PTR records for the firewall.some emails domain for some companies we do business with their firewall policies check for ptr record for the sender and when that happen it comes an error message at exchange 451 4.4.0 primary target ip address responded with 554 5.7.1 delivery not authorised(reverse dns record missing attempted failover to alternate host but that did not succeeds either there are no alternate hosts or delivery failed to all alternate hosts) .I donot want to mess with NAT at the firewall.
My question .can i solve this from DNS .our DNS on hostgator.com.And is it possible to have two PTR Record for the same MX record fqdn.
The problem is when we send to anybody.the email will looks like that we send it from the firewall IP not the exchange published IP.and we donot have PTR records for the firewall.some emails domain for some companies we do business with their firewall policies check for ptr record for the sender and when that happen it comes an error message at exchange 451 4.4.0 primary target ip address responded with 554 5.7.1 delivery not authorised(reverse dns record missing attempted failover to alternate host but that did not succeeds either there are no alternate hosts or delivery failed to all alternate hosts) .I donot want to mess with NAT at the firewall.
My question .can i solve this from DNS .our DNS on hostgator.com.And is it possible to have two PTR Record for the same MX record fqdn.
Yes it can, but it would not be the correct setting....
mailservers are pickey about the name they get connected from.
host1.example.com A 192.0.2.1
host2.example.com A 192.0.2.2
example.com MX 100 host1.example.com
example.com MX 100 host2.example.com
;then PTR's need to be:
1.2.0.192.in-addr.arpa. PTR host1.example.com
2.2.0.192.in-addr.arpa. PTR host2.example.com
; SPF=
example.com TXT "v=spf1 ipv4:192.0.2.1 ipv4:192.0.2.2 -all"
;atc....
Host 1 should say host1.example.com in its HELO/EHLO and connect from IP source = 192.0.2.1
Host 2 should say host2.example.com in its HELO/EHLO and connect from IP source= 192.0.2.2
Without this you probably will get your mail marked as spam.
mailservers are pickey about the name they get connected from.
host1.example.com A 192.0.2.1
host2.example.com A 192.0.2.2
example.com MX 100 host1.example.com
example.com MX 100 host2.example.com
;then PTR's need to be:
1.2.0.192.in-addr.arpa. PTR host1.example.com
2.2.0.192.in-addr.arpa. PTR host2.example.com
; SPF=
example.com TXT "v=spf1 ipv4:192.0.2.1 ipv4:192.0.2.2 -all"
;atc....
Host 1 should say host1.example.com in its HELO/EHLO and connect from IP source = 192.0.2.1
Host 2 should say host2.example.com in its HELO/EHLO and connect from IP source= 192.0.2.2
Without this you probably will get your mail marked as spam.
You need to set SPF records on your domain registrar dns settings.
This question needs an answer!
Become an EE member today
7 DAY FREE TRIALMembers can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Instead create only one PTR record with your Public IP on firewall with ISP DNS servers as only public IP owner (ISP) can create PTR on their DNS servers. Since firewall Ip is in picture, PTR for your exchange server outbound public interface is not required
You do need matching Host (A) record pointing to public IP in your public DNS zone so that Host (A) to IP and IP to hostname resolution should match
Also only rDNS should not be measure of authenticated sender, you should have at least SPF record published or you can have SPF and DKIM and DMARC both to avoid emails rejection at recipient end