SMTP communication problem (RDNS Reverse DNS)

There was a SMTP communication problem with the recipient's email server.
Please contact your system administrator.

<videomagic.com #5.5.0 smtp;554
<tn-76-7-160-155.sta.embarqhsd.net[76.7.160.155]>: Client host rejected:
Please use SMTP relay of your ISP or setup non-generic DNS>





I get this when I try to email to craigslist emails. I think it has to do
with reverse dns. How do I setup my SBS 2003 server to handle this
correctly? I have a static IP (76.7.160.155) that runs the SBS. It receives
email for the following domains


videomagic.com
dionysuswinery.com
romanticescapades.com
shoptricitiesfirst.com
tricityweb.com

 

How can I get the rdns to state it is from my domain (videomagic.com)?

 

Except that pretty well all the blacklists will automatically include
generic-type PTRs such as the OP's. I do it a different way, I look for
generic 'hostnames' in PTR and/or HELO and refuse them, but it comes to
the same thing.

There really is no substitute for an ISP that knows something about the
Internet, and has an interest in keeping its customers. The big boys
couldn't give a damn about one account in hundreds of thousands.

I have a customer with a static IP address on a 'business' account with
my country's monopoly telecoms provider, and because it returns a
generic PTR, he can't send email. He's on SORBS, among others, who
publicly state this as a policy.

 

I have to disagree with this. MOST blacklists do *not* include generic PTR
records. As you stated, the big boys have thousands of customers. If
blacklist managers like spamcop and spamhaus started rejecting mail simply
because the PTR record was generic, you'd see this newsgroup LIT UP with
problems. There are also small businesses that use completely hosted (and
shared) services. If you get a shared 1&1 account, for example, your email
server is also the email server for dozens, or even hundreds of other
domains. It is *impossible* to set a PTR record to match the domain in this
case, because the server itself services multiple domains. Legitimately
even. There are plenty of reasons for a PTR record to mismatch, and blaming
the ISP or implying that they are uncooperative is, IMHO, inaccurate and
could be misleading.

What *is* increasingly common is small businesses using DYNAMIC ip
addresses. And companies like Comcast have recently been submitting those
lists to the major blacklist providers because hosting a business server on
a residential account is specifically breaking terms of service. Of course
the current practice to 'get around' this is to use a smarthost like DynDNS.
But that practice too will soon come under scrutiny. Comcast has been, for
some time, playing with protocol analysis...currently to scale bit-torrent
traffic, but soon to find and target account abuse. :/ Sorry to say.

But at any rate, it is *rarely* necessary for the PTR record to match the
sending domain.

-Cliff

 

Generic rDNS can be scored negatively in email policy checks on
individual mail servers, not necessarily listed in block lists.

The PTR record doesn't need to match the sending domain (impossible as
Cliff points out), but it can match the A record of the HELO string of
the connecting server. This is sometimes taken into account on email
policy checks and can help detect forgeries. Messages may not be
immediately rejected, but the result can count in an overall score used
to determine if the mail gets through.

However, the checks against generic rDNS are just to ensure that the
mail server administrator has made the effort to get a customized DNS
record (i.e not one with an IP address embedded etc.). This customized
address can be anything. If you have a static IP from a decent ISP, they
will usually customize the PTR record on your behalf or allow you to do
so yourself. If you can't get a customized PTR, you should use a smarthost.

If you are getting a customized PTR for your connecting IP, you should
make it match the HELO string of your mail server, for example, the A
record for mail.example.com should point to your outbound IP, the PTR
for this IP should be mail.example.com, and you should set the FQDN in
the SMTP connector to mail.example.com to set the HELO greeting the same.

Please note that none of this is anything to do with MX records as they
are for *inbound* mail. Your MX record may point to mail.example.com,
but it may also point to an external relay such as messagelabs or
exchange defender.

 

Since you mention 1&1, they use SORBS and hence will not accept mail
from an IP address with a generic PTR. This was the case I mentioned:
1&1 won't accept mail from a BT business account with a static IP
address, because of the dodgy PTR. The BT account owner could of course
use Yahoo, as advised by their partner BT, which does not offer a
smarthost on this 'business' service.

Mine doesn't. But it is a proper hostname, actually a sub-domain of my
ISP, with a matching A record in public DNS.