Sebastian Ries wrote: > Hi there > > I just want to know some opinions on the following DNS Setup for a mail > server: > > # host -t MX example.com > example.com mail is handled by 100 mail.example.com. > > # host mail.example.com > mail.example.com is an alias for hostname.example.com. > hostname.example.com has address 1.2.3.4 > > # host 1.2.3.4 > 4.3.2.1.in-addr.arpa domain name pointer hostname.example.com. > > The mailserver (postfix) connects saying it is hostname.example.com. > > > Should this be a correct setup? > In general it is recommended to not point a MX record to a CNAME, but that's just to reduce repetative querries. It is extraordinarily commonplace in the real world, and AFAIK 100% RFC legal.
reverse-lookup mismatch also happens a lot with non-cnames, particularly when the hostname has multiple A record IP addresses associated. Often those IPs won't all have the same PTR results, even though they all came from the same A record. > One partner we want to send mails to does BOUNCE mails with > 554 5.7.1 DNS Blacklisted by in-addr.arpa (in reply to MAIL FROM > command) > Do you think this is correct? > Well, at that point you'd be looking at their smarthosts, not their MXes, but it's pretty common there too. (MX is their inbound mail servers, which for a large domain are very rarely the same servers as the ones that send mail out) > I think this also prevents from getting mail from googlemail: > [EMAIL PROTECTED]:~$ host -t MX googlemail.com > googlemail.com mail is handled by 5 gmail-smtp-in.l.google.com. > googlemail.com mail is handled by 10 alt1.gmail-smtp-in.l.google.com. > googlemail.com mail is handled by 10 alt2.gmail-smtp-in.l.google.com. > googlemail.com mail is handled by 50 gsmtp147.google.com. > googlemail.com mail is handled by 50 gsmtp183.google.com. > [EMAIL PROTECTED]:~$ host gmail-smtp-in.l.google.com. > gmail-smtp-in.l.google.com has address 209.85.129.27 > gmail-smtp-in.l.google.com has address 209.85.129.114 > [EMAIL PROTECTED]:~$ host 209.85.129.27 > 27.129.85.209.in-addr.arpa domain name pointer fk-in-f27.google.com. > > Is this true? > Well, do you expect your "host" command is lying? There are dozens of other large domains that do this. Here's another: MX lookup for aol.com: aol.com MX preference = 15, mail exchanger = mailin-04.mx.aol.com aol.com MX preference = 15, mail exchanger = mailin-01.mx.aol.com aol.com MX preference = 15, mail exchanger = mailin-02.mx.aol.com aol.com MX preference = 15, mail exchanger = mailin-03.mx.aol.com Looking up the A record of one of those: Name: mailin-04.mx.aol.com Addresses: 64.12.138.57, 205.188.159.216, 64.12.138.88 Reverse lookup of the IPS: Address: 64.12.138.57 Name: md.mx.aol.com Address: 205.188.159.216 Name: db.mx.aol.com Address: 64.12.138.88 Name: me.mx.aol.com > Regards > Sebastian Ries > >
