Here is the sending server ip [r...@anastasia ~]# host 209.209.49.224 224.49.209.209.in-addr.arpa domain name pointer 209-209-49-224.static.oak.inreach.net.
[r...@anastasia ~]# host static.oak.inreach.net [r...@anastasia ~]# This would appear to be the problem. Suggestions on how to resolve it? Eric Shubert wrote: > That appears to be the reject-unresolvable-rdns filter. > So, what's the IP address of the sending server? Do > # host nn.nn.nn.nn > Then do a host command again on the domain name pointer value. That's > what's not resolving. > > Maxwell Smart wrote: >> I could be reading it wrong, but here's the cwatchall entry on the >> sending server. >> >> delivery 47: deferral: >> User_and_password_not_set,_continuing_without_authentication./64.168. >> 70.133_does_not_like_recipient./Remote_host_said:_421_Refused._Your_reverse_DNS_entry_does_not_resolve./Giving_up_on_64.168.70 >> >> .133./ >> >> >> Eric Shubert wrote: >>> Which spamdyke rejection message are you getting? >>> Check the spamdyke documentation for the rejection you're seeing. >>> >>> My understanding of spamdyke's reject-unresolvable-rdns rule is the >>> same as what Michael described, that the rDNS pointer needs to point >>> to an A record that resolves to something, but the resolved A record >>> doesn't necessarily need to match. >>> >>> Maxwell Smart wrote: >>>> Michael, >>>> >>>> While you are right, in most cases they will either delegate or >>>> change it. This is a bit trickier. I am using rack space that I am >>>> not paying for, a friend has a quarter rack and is only using a 1U >>>> server. So I don't know the contact person and really don't want to >>>> be a PITA right off the bat. >>>> >>>> They do in fact have rDNS setup. I guess then the question becomes, >>>> does Spamdyke strictly enforce the rDNS entry matching origination? >>>> If it does how do you set it up to only check if it has one whether >>>> it matches or not to accept mail? The mail server that's rejecting >>>> the mail is one of my own servers at my home location, so it may >>>> simply be that I have the security too tight and need to adjust it >>>> accordingly. >>>> CJ >>>> >>>> Michael Colvin wrote: >>>>> Ummmm... They should be. The should do one or the other. If they >>>>> won't >>>>> delegate the IP space to you so that you can create your own ptr for >>>>> that >>>>> IP, then they should do it for you. >>>>> If they won't do either, it's likely because they don't know how to, >>>>> which >>>>> means they likely don't know what they are doing, and I would run as >>>>> fast as >>>>> you can to another colo. >>>>> >>>>> I've never had a problem getting IP address that are assigned to me, >>>>> delegated to me. >>>>> >>>>> Also, usually, most IP's simply need the PTR to resolve to >>>>> SOMETHING. It >>>>> doesn't need to your mail server, per se, but it should resolve to >>>>> something...So, if they don't want to delegate it, they can at least >>>>> create >>>>> a PTR for it that resolves to something. >>>>> >>>>> You may also want to make sure that there is an a record for >>>>> whatever they >>>>> do point it to. IE, if they use "mail.domain.com" as the PTR, make >>>>> sure >>>>> that mail.domain.com resolves to something as well, even if the IP's >>>>> don't >>>>> match. >>>>> >>>>> >>>>> Michael J. Colvin >>>>> NorCal Internet Services >>>>> www.norcalisp.com >>>>> >>>>> >>>>> >>>>> >>>>> >>>>>> -----Original Message----- >>>>>> From: Maxwell Smart [mailto:[email protected]] >>>>>> Sent: Tuesday, November 03, 2009 9:41 PM >>>>>> To: [email protected] >>>>>> Subject: Re: [qmailtoaster] Re: rdns >>>>>> >>>>>> That's what I thought. I had this problem once before. I am not >>>>>> sure I >>>>>> am going to be able to get the delegation this time. At my primary >>>>>> location I have my own delegation and that works fine, but they may >>>>>> not >>>>>> be so keen at this colocation. >>>>>> >>>>>> Thanks for your insight. >>>>>> >>>>>> CJ >>>>>> >>>>>> Eric Shubert wrote: >>>>>> >>>>>>> The ISP, as owner of the IP address they've given you to use, >>>>>>> controls >>>>>>> the rDNS entry. You need to get them to change it to your host >>>>>>> name. >>>>>>> >>>>>>> There are rare situations where an ISP might delegate rDNS >>>>>>> entries to >>>>>>> a customer, but I wouldn't count on that. I've also heard of >>>>>>> situations where the customer can use a web app to change their >>>>>>> rDNS >>>>>>> values. You'll need to contact your ISP and see how they handle it. >>>>>>> You can simply tell them what you want it to be, and they should >>>>>>> change it. >>>>>>> >>>>>>> Maxwell Smart wrote: >>>>>>> >>>>>>>> OK I know that, but that doesn't resolve my problem. Without >>>>>>>> being >>>>>>>> able to setup an rDNS entry for this IP address my server mail >>>>>>>> gets >>>>>>>> rejected with a non matching rDNS entry. How is this resolved? I >>>>>>>> can't be the only one that has a server at a co location facility >>>>>>>> where I don't control the DNS. >>>>>>>> >>>>>>>> Eric Shubert wrote: >>>>>>>> >>>>>>>>> Maxwell Smart wrote: >>>>>>>>> >>>>>>>>>> I have searched, but really don't know how to ask this >>>>>>>>>> question. I >>>>>>>>>> know >>>>>>>>>> most on the list have been confronted with this. If anyone >>>>>>>>>> could >>>>>>>>>> point >>>>>>>>>> me in the direction of the answer that would be sufficient. >>>>>>>>>> >>>>>>>>>> I have a qmailtoaster that I just put into a co location >>>>>>>>>> facility. >>>>>>>>>> >>>>>> It >>>>>> >>>>>>>>>> has rDNS pointed to it's domain name, as it's supposed to. How >>>>>>>>>> do I >>>>>>>>>> setup my rDNS entries for mail clients on the server at that >>>>>>>>>> location? Is there a way to use a PTR record that indicates >>>>>>>>>> that >>>>>>>>>> it's supposed to >>>>>>>>>> resolve to colo.example.com? What's the correct method of >>>>>>>>>> addressing this? >>>>>>>>>> >>>>>>>>>> CJ >>>>>>>>>> >>>>>>>>>> >>>>>>>>> There's only one rDNS entry for a given IP address. That entry >>>>>>>>> should be a ptr record that points to (some other) type A record >>>>>>>>> that hopefully resolves to the same address which the rDNS entry >>>>>>>>> has. >>>>>>>>> >>>>>>>>> For example: >>>>>>>>> shu...@edwin:~$ dig doris.shubes.net >>>>>>>>> >>>>>>>>> ; <<>> DiG 9.4.2-P2 <<>> doris.shubes.net >>>>>>>>> ;; global options: printcmd >>>>>>>>> ;; Got answer: >>>>>>>>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4288 >>>>>>>>> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, >>>>>>>>> ADDITIONAL: 0 >>>>>>>>> >>>>>>>>> ;; QUESTION SECTION: >>>>>>>>> ;doris.shubes.net. IN A >>>>>>>>> >>>>>>>>> ;; ANSWER SECTION: >>>>>>>>> doris.shubes.net. 592 IN A 174.17.83.232 >>>>>>>>> >>>>>>>>> ;; Query time: 0 msec >>>>>>>>> ;; SERVER: 192.168.70.253#53(192.168.70.253) >>>>>>>>> ;; WHEN: Tue Nov 3 19:55:59 2009 >>>>>>>>> ;; MSG SIZE rcvd: 50 >>>>>>>>> >>>>>>>>> shu...@edwin:~$ dig -x 174.17.83.232 >>>>>>>>> >>>>>>>>> ; <<>> DiG 9.4.2-P2 <<>> -x 174.17.83.232 >>>>>>>>> ;; global options: printcmd >>>>>>>>> ;; Got answer: >>>>>>>>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38386 >>>>>>>>> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, >>>>>>>>> ADDITIONAL: 0 >>>>>>>>> >>>>>>>>> ;; QUESTION SECTION: >>>>>>>>> ;232.83.17.174.in-addr.arpa. IN PTR >>>>>>>>> >>>>>>>>> ;; ANSWER SECTION: >>>>>>>>> 232.83.17.174.in-addr.arpa. 43031 IN PTR >>>>>>>>> 174-17-83-232.phnx.qwest.net. >>>>>>>>> >>>>>>>>> ;; Query time: 0 msec >>>>>>>>> ;; SERVER: 192.168.70.253#53(192.168.70.253) >>>>>>>>> ;; WHEN: Tue Nov 3 19:56:38 2009 >>>>>>>>> ;; MSG SIZE rcvd: 86 >>>>>>>>> >>>>>>>>> shu...@edwin:~$ dig 174-17-83-232.phnx.qwest.net >>>>>>>>> >>>>>>>>> ; <<>> DiG 9.4.2-P2 <<>> 174-17-83-232.phnx.qwest.net >>>>>>>>> ;; global options: printcmd >>>>>>>>> ;; Got answer: >>>>>>>>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59486 >>>>>>>>> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, >>>>>>>>> ADDITIONAL: 0 >>>>>>>>> >>>>>>>>> ;; QUESTION SECTION: >>>>>>>>> ;174-17-83-232.phnx.qwest.net. IN A >>>>>>>>> >>>>>>>>> ;; ANSWER SECTION: >>>>>>>>> 174-17-83-232.phnx.qwest.net. 43010 IN A 174.17.83.232 >>>>>>>>> >>>>>>>>> ;; Query time: 0 msec >>>>>>>>> ;; SERVER: 192.168.70.253#53(192.168.70.253) >>>>>>>>> ;; WHEN: Tue Nov 3 19:57:18 2009 >>>>>>>>> ;; MSG SIZE rcvd: 62 >>>>>>>>> >>>>>>>>> shu...@edwin:~$ >>>>>>>>> >>>>>>>>> HTH >>>>>>>>> >>>>>>>>> >>>>>>> >>>>>> -- >>>>>> Cecil Yother, Jr. "cj" >>>>>> cj's >>>>>> 2318 Clement Ave >>>>>> Alameda, CA 94501 >>>>>> >>>>>> tel 510.865.2787 | fax 510.864.7300 >>>>>> http://yother.com >>>>>> >>>>>> >>>>>> -------------------------------------------------------------------------- >>>>>> >>>>>> >>>>>> ------- >>>>>> Qmailtoaster is sponsored by Vickers Consulting Group >>>>>> (www.vickersconsulting.com) >>>>>> Vickers Consulting Group offers Qmailtoaster support and >>>>>> installations. >>>>>> If you need professional help with your setup, contact them >>>>>> today! >>>>>> -------------------------------------------------------------------------- >>>>>> >>>>>> >>>>>> ------- >>>>>> Please visit qmailtoaster.com for the latest news, updates, and >>>>>> packages. >>>>>> >>>>>> To unsubscribe, e-mail: qmailtoaster-list- >>>>>> [email protected] >>>>>> For additional commands, e-mail: qmailtoaster-list- >>>>>> [email protected] >>>>>> >>>>>> >>>>> >>>>> >>>>> --------------------------------------------------------------------------------- >>>>> >>>>> >>>>> Qmailtoaster is sponsored by Vickers Consulting Group >>>>> (www.vickersconsulting.com) >>>>> Vickers Consulting Group offers Qmailtoaster support and >>>>> installations. >>>>> If you need professional help with your setup, contact them >>>>> today! >>>>> --------------------------------------------------------------------------------- >>>>> >>>>> >>>>> Please visit qmailtoaster.com for the latest news, updates, and >>>>> packages. >>>>> To unsubscribe, e-mail: >>>>> [email protected] >>>>> For additional commands, e-mail: >>>>> [email protected] >>>>> >>>>> >>>>> >>> >> > > -- Cecil Yother, Jr. "cj" cj's 2318 Clement Ave Alameda, CA 94501 tel 1.510.865.2787 | fax 1.510.864.7300 http://yother.com --------------------------------------------------------------------------------- Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! --------------------------------------------------------------------------------- Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
