[Exchange] RE: Earthlink Contact?

[Michael B. Smith]

What I think you have described is perfectly legal.

Let’s put some fake data to it, since we obviously aren’t talking about 
pittcountync.gov.

ISP1 egress IP = 10.1.1.1
ISP2 egress IP = 10.2.2.2

rDNS ISP1 egress IP:
               10.1.1.1 PTR mail.example.com
rDNS ISP2 egress IP:
10.2.2.2 PTR mail.example.com

Exchange HELO/EHLO header = mail.example.com

example.com zone:
mail A 10.1.1.1
mail A 10.2.2.2

Network flow:
<<Exchange server>> --> <<load balancer>> --> <<random ISP egress router>> --> 
<<Internet>>

This is a completely valid configuration.


From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Mayo, Bill
Sent: Thursday, February 8, 2018 8:45 AM
To: exchange@lists.myitforum.com
Subject: [Exchange] RE: Earthlink Contact?

I told Earthlink that we had 2 different IP’s for the mail server, and that we 
had seen rejections from both. He asked for the first IP, which I gave him. He 
then went to mxtoolbox.com and looked up the domain name. It returned a 
different IP than the one I gave him and he suggested that was an issue. I told 
him that was the other IP and that they were load-balanced; that at any given 
time an A record lookup would return one or the other. That said, the reverse 
DNS (PTR) record for each of the IP’s is correct. He told me that he didn’t 
know what load balancing meant and that he would have to talk to someone else 
to see what could be done.

I am happy to admit I might have some misunderstandings about DNS, but I don’t 
think that having multiple A records for a given domain name is unusual. I 
therefore assume they wouldn’t actually try to confirm legitimacy by doing an A 
lookup and comparing that to the IP. I do want to be clear that he didn’t 
explicitly say that was the problem. I did try to point out that their error 
message complained about a missing or mismatched PTR record, and I believe that 
is all correct.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Michael B. Smith
Sent: Wednesday, February 07, 2018 7:08 PM
To: exchange@lists.myitforum.com<mailto:exchange@lists.myitforum.com>
Subject: [Exchange] RE: Earthlink Contact?

I’m sorry, I can’t follow your logic. It seems to fall apart in the sentence 
beginning “What EarthLink seems…” Could you be a bit more concrete please?

In general, I agree with Micheal – you shouldn’t have a PTR mismatch, but 
that’s not what I get out of your explanation.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Mayo, Bill
Sent: Wednesday, February 7, 2018 4:46 PM
To: exchange@lists.myitforum.com<mailto:exchange@lists.myitforum.com>
Subject: [Exchange] RE: Earthlink Contact?

My attempts at postmas...@earthlink.net<mailto:postmas...@earthlink.net> and 
trou...@earthlink.net<mailto:trou...@earthlink.net> did not work, so I tried 
the Twitter route. It took a while, but I did ultimately get a response today 
where they gave me a phone number to call. So, thanks to Michael and everyone 
else that responded. That said, based on the conversation that I had, I would 
appreciate a reality check.

We have 2 different ISPs and load balance outbound SMTP connections, as well as 
inbound DNS queries. So, we basically have 2 different IP’s that are used at 
the edge. We have an MX record that points to the domain name. DNS lookups to 
that domain name will return one of the 2 IP’s. Both of those IP’s will reverse 
lookup to the domain name. The HELO/EHLO greeting from the server gives the 
same domain name as the MX record. Additionally, we have an SPF record that 
indicates both of those IP’s.  What Earthlink seems to be initially suggesting 
is that they are doing an A record lookup of the domain name and comparing that 
to the connecting IP address (which seems contrary to the error message). In 
our setup, this will not always be a match. I can understand that they would do 
a reverse DNS on the IP to make sure it matches the HELO/EHLO greeting, and I 
can understand that they might also do an SPF and/or MX lookup to make sure 
that matches. I don’t understand doing a forward lookup and comparing that to 
the IP, since I don’t think that having multiple A records for a given domain 
name is particularly uncommon. Is what they are suggesting a legitimate issue?

Bill Mayo

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Michael B. Smith
Sent: Friday, February 02, 2018 10:49 AM
To: exchange@lists.myitforum.com<mailto:exchange@lists.myitforum.com>
Subject: [Exchange] RE: Earthlink Contact?

Twitter shame them. @Earthlink and @weCareEarthlink

And yes, I’m completely serious.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Mayo, Bill
Sent: Friday, February 2, 2018 10:16 AM
To: exchange@lists.myitforum.com<mailto:exchange@lists.myitforum.com>
Subject: [Exchange] Earthlink Contact?


We are having emails sent to Earthlink being intermittently rejected with the 
reason “550 ERROR: No or mismatched reverse DNS (PTR) entries”. We have done 
quite a bit of troubleshooting on this, and the problem does not appear to be 
on our end. I actually have logs that show 2 consecutive messages where the 
first one is accepted and the second one rejected. I also see “421 Load too 
high” messages in the log from Earthlink when these happen.

I am trying to figure out how to contact Earthlink to get some assistance, but 
am striking out with how to contact them. The have a special page if you are 
getting a “blocked by EarthLink” response, but that doesn’t apply here. There 
contact page has chat support that requires you to provide an Earthlink 
account. Does anybody know how to get in touch with someone at Earthlink that 
could actually help with this problem?



Bill Mayo