Why rDNS matters for mail!
My old ISP had gone to hell. They had started shaping and throttling traffic aggressively and I simply wasn't getting what I paid for...
The result being that I moved to a new ISP (Vox Telecom). I signed up and eagerly awaited my details via email, yet they never arrived.
As I manage my own email server I decided to log in, and see if I could spot any issues, which I soon did.
Vox's mail servers aren't configured correctly (go figure). They a) haven't setup rDNS and b) resolve to a local DNS entry - so my mailserver had blocked them.
Checking mail logs I found:
Nov 20 18:59:22 meyling postfix/smtpd: NOQUEUE: reject: RCPT from unknown[18.104.22.168]: 450 4.7.1
: Helo command rejected: Host not found; firstname.lastname@example.org email@example.com proto=ESMTP helo=
I reject mail if I can't verify the helo hostname - as it not being verifiable generally means you're a SPAMMER.
root@meyling:/# cat /etc/postfix/main.cf | grep reject_unknown reject_unknown_sender_domain reject_unknown_helo_hostname, reject_unknown_reverse_client_hostname,
A quick dig on the IP confirms what I suspected. They've got no rDNS record for the IP set and thus any decent mailserver will refuse their mail.
root@meyling:# dig -x 22.214.171.124
; <<>> DiG 9.9.5-9+deb8u3-Debian <<>> -x 126.96.36.199 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 54847 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;188.8.131.52.in-addr.arpa. IN PTR
;; AUTHORITY SECTION: 37.203.209.in-addr.arpa. 189 IN SOA ns1.datapro.co.za. hostmaster.datapro.co.za. 2013013004 1800 900 86400 3600
;; Query time: 0 msec ;; SERVER: 184.108.40.206#53(220.127.116.11) ;; WHEN: Fri Nov 20 19:31:13 SAST 2015 ;; MSG SIZE rcvd: 120
So they need to setup rDNS and configure the server to use titania.localdomain as the server name if applicable.
Additionally they're not conforming to RFC 2821 (https://www.ietf.org/rfc/rfc2821.txt) for mail and for a huge ISP that offers connectivity / hosting / mail - I'd expect more:
"The domain name given in the EHLO command MUST BE either a primary host name (a domain name that resolves to an A RR) or, if the host has no name, an address literal as described in section 18.104.22.168"
I've let their support know, but I doubt they'll bother to fix. For now I'll whitelist them in my Postfix config. If you're interested in how, then check the next post.