I am trying to find out if i need and how to set up PTR in the mycompany.com zone for my mail server and I refer to this qoute from http://forums.serverbeach.com/showthread.php?5469-Setting-up-PTR-s-(aka-Reverse-DNS)
Now, let's look at what happens when a mail server receives mail. A
mail server receives mail from an IP address. The mail server then
does a PTR look up on that IP address and retrieves a domain name. It
then does a DNS lookup on that domain name and retrieves another IP
address. If that IP address that it retrieves matches the IP address
that the mail originated from, the mail passes the Reverse DNS check,
and the mail is delivered. If the IP's do not match, or a PTR is not
set up, or the domain does not resolve, then the mail is not
delivered.
If my mail server is behind a firewall, would my IP still appear to the receiving server as the IP for mail.mycompany.com? Wouldn't it appear as the IP of the firewall?
EDIT: Sorry for the bad question, the truth is i am suddenly quite confused.
According to my understanding there are 2 ways to reach my (mail) server behind a firewall.
- I have 1 WAN IP (static or dynamic) assigned by ISP. External servers connect to me at that IP and firewall port forward to the mail server at LAN IP.
- I have a range of WAN IP (static) assigned by ISP. ISP forwards all the IP to my firewall. My firewall checks the IP and forward/switch to my mail server which we internally assign it the IP.
What will the IP appear to other servers if instead my mail server connects to them in each case?
EDIT 2: OK everyone, thanks for the responses, but really, my question is not "How to set up PTR for mail server"; it is "What is the IP of mail server behind firewall" in the above 2 cases stated. I think I wasn't clear enough, sorry about that.
Best Answer
In the case of option 1, your firewall will be doing NAT. What NAT does is mangle the IP header. So when your mailserver makes an outgoing connection, NAT will change the SourceIP in the header, from the private IP assigned to the mailserver to the public IP assigned to the firewall.
In option 1, other mailservers will see your single public IP as the source address. You will want to assign a PTR record for this IP.
In the case of option 2, if your firewall is not performing NAT, then your mailserver will be assigned an IP out of the range of public IPs, and the firewall is just acting as switch (transparent firewall). In this case, other mailservers will see the IP assigned to your mailserver as the source address. You will want to assign a PTR record for the IP address assigned to the mailserver.
In short, if your firewall is performing NAT, other mailservers will see whichever public IP address your firewall is using as the source address of your mailserver, regardless of which IP is actually assigned to your mailserver. If your firewall is not performing NAT, they will see the actual address of your mailserver as the source address.