Redline Software Inc. - Winnipeg's Leader in Ruby on Rails Development

Reverse DNS and Email

So you’ve setup your SPF records and your web app isn’t sending emails that contain any of the following words “FREE, enlarge, penis” etc, but email still isn’t reaching its destination?

RTFL! (where L is logs in this case)

/var/log/mail.log (or wherever your logs might be) might show something like:

1
2
3
4
5

Feb  4 06:42:49 yourhost postfix/smtp[5381]: 738F212E41A9: host mailin-04.mx.aol.com[64.12.138.88] said: 421-:  (DNS:NR)  http://postmaster.info.aol.com/errors/421dnsnr.html 421 SERVIC
E NOT AVAILABLE (in reply to end of DATA command)
Feb  4 06:42:49 yourhost postfix/smtp[5381]: connect to mailin-02.mx.aol.com[64.12.137.168]: server dropped connection without sending the initial SMTP greeting (port 25)
Feb  4 06:42:51 yourhost postfix/smtp[5381]: 738F212E41A9: to=<somerandomdude2939338829@aol.com>, relay=mailin-04.mx.aol.com[64.12.138.57], delay=1780, status=deferred (host mailin-04.mx.aol.com
[64.12.138.57] said: 421-:  (DNS:NR)  http://postmaster.info.aol.com/errors/421dnsnr.html 421 SERVICE NOT AVAILABLE (in reply to end of DATA command))

So you load up http://postmaster.info.aol.com/info/rdns.html and find out that your server is missing a reverse DNS entry. Great now what?

Well if you don’t know what a reverse DNS entry is, it’s really not a hard concept. On a normal DNS lookup you’re usually asking for an IP address for a given domain name. A reverse entry is asking what domain is assigned to a particular IP address. This is useful in the battle against spammers.

First lets use dig to see if you really don’t have a reverse entry. Let’s pretend your email server is example.com and your IP address for that mail server is 208.77.188.166.

1

dig -x example.com +short

The -x in the dig command will reverse that domain for you and the +short will cut straight to the answer for you. You should hopefully see something like:

1
2

dig -x 208.77.188.166 +short
  www.example.com.

Give it a try with your IP, and if you get nothing back then you have no reverse pointer. To get one, you’ll likely have to request that your ISP add the record for you. If you’re on a VPS or something similar, put in a request to their support team to do this. Many of these companies have a form you can fill out online to do so.

Once they add it, give the above command a try again and you should be 1 step closer to being able to send legitimate email. Unfortunately there’s always more steps, but remember the logs are your friends…hopefully not your only friends though.

Comments