There are so many badly configured DNS and mail servers out there!! Recently I installed and configured Postfix on this server and set it as the main mail exchanger (MX). In an effort to combat the amount of spam I receive I’ve made the default restrictions fairly hash but not, I think, irrationally so. Yet many legitimate mail sources are getting bounced due to their hosting ISP’s complete and utter incompetence when it comes to DNS.
The main issue is usually inaccurate PTR to A RR lookups. Ie, a host with an IP 220.127.116.11 has a PTR record that resolves to ip-1-2-3-4.example.com but when you look up the A record for ip-1-2-3-4.example.com you get NXDOMAIN. FECK! That is so completely broken! Postfix of course, rightly assumes that this could be a DNS spoofing attack and temporarily rejects (SMTP reponse 450) the mail as coming from an “unknown host”.
Another right doozy is when mail servers say “HELO im.this.host.com” when im.this.host.com doesn’t resolve because it’s an internal (to the sending network) host name. Or better yet say “HELO smtp.example.com” yet their IP resolves to something completely different.
A prayer to all network admins: “Fix your fucking DNS!!!”.
Some tools to help you:
- DNSReport.com (free, and the best)
- DNS Check Tool (free)
- Dlint – DNS Zone Checking System (free)
- CheckDNS.net (free)
- DNSLint (Command Line tool from Microsoft)