Re: PTR record for mail server

To: debian-user@lists.debian.org
Subject: Re: PTR record for mail server
From: Joe <joe@jretrading.com>
Date: Fri, 2 Jun 2023 18:04:25 +0100
Message-id: <[🔎] 20230602180425.0233d9d3@jrenewsid.jretrading.com>
In-reply-to: <[🔎] 5c9d9bb3-5ac5-8a92-0902-3cc82ca85aff@ymail.com>
References: <5c9d9bb3-5ac5-8a92-0902-3cc82ca85aff.ref@ymail.com> <[🔎] 5c9d9bb3-5ac5-8a92-0902-3cc82ca85aff@ymail.com>

On Fri, 2 Jun 2023 12:46:04 +0100
Andrew Wood <andrewjameswood@ymail.com> wrote:

> Hi
> 
> Can I clarify my understanding of an issue with a Debian Postfix
> server please. We have a mail server which is a VPS running Debian
> hosted by OVH. Its hostname is of the form vps-xyz.vps.ovh.net the
> PTR for the IP resolves to that.
> 
> The the issue is our server sends mail for our own domains and we are 
> getting mail rejected from some recipient servers with 550 PTR
> rejected: Please use a non-generic PTR (in reply to RCPT TO command.
> 
> 
> My understanding is that as we are sending email from our own domain
> e.g "example.com" its complaining because the PTR is ovh.net not
> example.com?

It's the format of the PTR string i.e. it looks like a customer of a
domestic-type ISP and therefore probably malware, as domestic Internet
users never send mail direct.
> 
> 
> As its not recommended to have more than one PTR for an IP is there 
> anything we can do about this given that our server handles mail for
> a couple of domains?

As does mine. My PTR is one generated by my ISP, and nobody has
complained about that. I can send mail to AOL, which is reputed to be
one of the pickiest destinations.

What is vital, and what my mail server looks for in received mail, is
that the sender PTR is resolvable in public DNS, and the string it
returns also resolves in public DNS (i.e. it should be a computer
hostname, not a bare domain name) to an A record pointing to the same
IP address. My PTR-A pair bear no relationship to any of the domains my
mail server handles. My HELO/EHLO is mail.jretrading.com which is also
the MX record of all of my domains, and which again has an A record
resolvable in public DNS. My mail server is not, of course, called
'mail', and sits behind NAT, so nobody can call it directly anyway.

As you suggest, there will be one PTR for the mail server's public
address, so it cannot match more than one domain, and need not match
any of them. A mail server returns the HELO/EHLO before it knows who
the incoming mail is directed to, so for incoming mail it too cannot
match the domain of the mail. It can do so with outgoing email, the
mail server can have a HELO/EHLO for each domain if you like, but I've
never bothered. Again, the HELO/EHLO must resolve to an A record in
public DNS, which is why it is convenient to use a domain MX string for
it.

-- 
Joe

Reply to:

References:
- PTR record for mail server
  - From: Andrew Wood <andrewjameswood@ymail.com>

Prev by Date: Re: A hypervisor for a headless server?
Next by Date: Re: X11 should not run as root or?
Previous by thread: Re: PTR record for mail server
Next by thread: Re: PTR record for mail server
Index(es):
- Date
- Thread