On 28 Dec 2015, at 19:15, Dennis Steinkamp wrote:
Hey there,
i read many times that 'myhostname' in the postfix configuration
should be the same as the ptr and some say even the same as the mx
record.
So i played around with it a little bit and figured, that even though
i ve set the 'myhostname' to mail.greatserver.com, whereas the
hostname of the machine running postifx and the ptr is
just greatserver.com, the smtp banner check on mxtoolbox reports
everything is fine.
I ve read through the smtp banner check description on mxtoolbox.com
and it says:
/
//"//You will get this warning if the name you present yourself as is
not in the same //*domain*//as the hostname we get when we perform a
PTR lookup on your IP Address."/
MXToolbox's "banner check" is an arbitrary test, invented unilaterally,
based on a "MAY" suggestion in RFC2821 and RFC5321, which replaced an
unqualified assertion in a note in RFC821 that the greeting banner has
the "official name of the server host" following the 220 reply code.
Note also that MXToolbox is a commercial concern, not a standards body.
Confusing tests that don't mean anything significant promote their
commercial interest.
No sanely-run SMTP client tries to validate banner greeting hostnames. A
client that refuses to send mail because a banner hostname isn't what it
expects is a broken client. Worrying about the hostname in a banner
greeting is a complete waste of mental energy.
The more important use of myhostname is in HELO/EHLO commands. That's
where it CAN influence how others react to your system as a SMTP client.
So i am asking myself, is it really necessary that the HELO of my
postfix server and the ptr are exactly the same?
Not strictly. However, it helps. More importantly:
1. The HELO name should have an A record that resolves to the IP you use
as a SMTP client from the point of view of servers (i.e. maybe that's a
NAT address, rather than an address on a server interface)
2. If you can, make the PTR for that IP point to that name as well. If
you CAN'T make a PTR for that IP resolve to a name you choose,
reconsider your provider choice.
3. Make sure your PTR doesn't resolve to a name that is "generic," i.e.
robotically generated from the IP address.
4. NEVER use such a generic name as myhostname, i.e. in HELO/EHLO, for
strict port 25 SMTP. If you use a "smarthost" for relaying your mail via
authenticated submission (i.e. port 587) it should be safe to use a
valid generic name or even an IP literal.
5. Your IP should have a PTR to a name with an A record resolving it
back to the same IP.
No PTR at all is worse than a PTR to a generic name, but failing to
follow ANY of the above can cause some sites to reject your mail, either
unconditionally or as part of scoring spam filters. If the PTR for your
IP is controlled by someone who won't make it non-generic for you, they
are providing you a 3rd-rate service.
Excuse me if it sounds like a stupid question but i am new to all of
this and i just wanna do things right from the start and understand it
correctly.
Which is actually a bit of a challenge, since the RFCs have evolved over
33 years and don't mention many modern real-world concerns. Formally,
one is not supposed to reject mail solely because of a shady HELO, yet
doing so is common. It can be both very useful and very safe to do so
carefully.
So basically if i wanna set myhostname to mail.greatserver.com i have
to change the ptr to mail.greatserver.com too to comply with the RFCs
and "best practices" or is only the same domain part relevant like
mxtoolbox says?
As it stands at this moment, the fact that mail.greatserver.com has an A
record with a 5-minute TTL pointing to an IP with no PTR at all makes
you look VERY shady. Once you work out your name issues, bump up the TTL
to at least half a day so you don't look like a fast-flux spammer...
Ignore the MXToolbox mumbo-jumbo about domains. Meet (5) above with a
non-generic name, make that Postfix's myhostname, and you're done.
