Verizon email problems

bscott at ntisys.com bscott at ntisys.com
Wed Nov 12 21:31:02 EST 2003 

On 11 Nov 2003, at 8:00pm, jbd at codemeta.com wrote:
> Correct. Just to clarify and reiterate: not all SMTP receivers require
> their partner to have a reverse lookup. I believe sendmail does not make
> this requirement in the default configuration.

  This discussion appears to be treating two issues as one.

  One is that, to send mail to a domain name, you need either an MX record
or an A record.  If neither of those exist, the domain is considered
"unresolvable" for email purposes.  Many (most?) systems are configured to
reject mail claiming to be from a domain that does not resolve.  That makes
sense; if a domain cannot receive mail, it should not be sending mail
(otherwise, DSN's cannot be routed back to senders).

  The second issue we're dealing with is that some mail exchangers require
the sending MX's IP address to have a reverse DNS lookup (PTR) record.  
There is nothing in the standards that require this, nor does it have any
impact on mail routing.  Still, it is a recommended best practice.

  One other thing it is important to realize is that simply doing a reverse
lookup can be misleading.  If I control the reverse lookup for an IP
address, I can set it to be whatever I want.  For example, I could configure
my IP address to reverse to <www.microsoft.com.>.  So, if you are doing to
do anything with that information, it is critical that you do a "double
reverse lookup".  First, lookup the PTR record for the IP address, and then
verify that the resulting domain name (on the RHS of the PTR record)
includes an A record that matches the IP address.

> I commented out the 'accept_unresolvable_domains' feature on CodeMeta's
> mail server so that we wouldn't receive so much spam.

  The <threeofus.com> domain used by the OP has always been resolveable for
purposes of delivering mail.  That is to say, it has an MX record.

  True, the RHS of the MX record did specify a CNAME, which is a minor
standards violation.  However, most implementations don't care in the least
about this.  (Of course, Verizon's mail exchangers are decidedly *NOT* "most
implementations", which is why I recommended the OP fix the problem.  I do
not, however, know if this was actually the problem or not.)

  Until the OP made the recent changes, the IP address of the first mail
exchanger for <threeofus.com>, 199.232.38.4, did *NOT* have reverse lookup
information.  I'm not sure if this was the problem either, but, as noted, it
is a recommended practice, so fixing it is a good idea in any event.

  The really interesting part will be tomorrow, after TTL has expired.  At
that point, we can find out if the OP's wife can send mail to Verizon
addresses or not.

-- 
Ben Scott <bscott at ntisys.com>
| The opinions expressed in this message are those of the author and do  |
| not represent the views or policy of any other person or organization. |
| All information is provided without warranty of any kind.              |

More information about the gnhlug-discuss mailing list