I've taken on the task of running a small email server, and the world of spam makes it more challenging for an individual, as many MTAs are highly paranoid about accepting email.
I think I've configured nearly everything that could be a problem successfully: A commercial SSL certificate, DKIM, a proper domain, and static IP address. My (piddly) email in fact goes out almost all of the time. But the most paranoid MTA's are still rejecting my email – Craigslist for example – and it appears to be my reverse lookup at fault.
I've recently changed my static IP address, and my service with my ISP. When they changed it, I tried to get this configured correctly, but I fear it is not. But I'm not 100% certain what is wrong, or what my reverse record should look like.
I especially don't want to approach my ISP with a "Look, I don't know what the problem is, but you need to fix it anyhow" attitude. If there's a problem I want to be able to describe exactly what it is before I get on the phone with the NOC. They don't offer a control panel for this as far as I can tell, so I don't want to try anyone's patience with a bunch of trial and error.
OK, the specifics, redacted & fictional, but consistent:
Domain: funkeedomain.org
Mailserver (DNS MX record): mx.funkeedomain.org
Static IP address: 111.222.333.444
Static IP address reversed: 444.333.222.111
FQDN originally requested of the ISP for reverse lookups: main.funkeedomain.org
Here's a typical rejection notice from my mail server (hMailServer):
Your message did not reach some or all of the intended recipients.
Sent: Thu, 12 Jan 2017 11:53:50 -0800 (PST)
Subject: Blah blah blah
The following recipient(s) could not be reached:
2125551111@tmomail.net
Error Type: SMTP
Remote server (64.235.154.109) issued an error.
hMailServer sent: .
Remote server replied: 550 permanent failure for one or more recipients (2125551111@tmomail.net:550 Sender IP reverse lookup rejected)
hMailServer
A commercial email-sending checker tells me:
main.funkeedomain.org.333.222.111.in-addr.arpa Failed - No A Record Found in DNS
So, fine. What do DNS tools tell me?
stew@griffin:~$ host 111.222.333.444
444.333.222.111.in-addr.arpa domain name pointer main.funkeedomain.org.333.222.111.in-addr.arpa.
stew@griffin:~$ dig -x 111.222.333.444
; <<>> DiG 9.10.3-P4-Ubuntu <<>> -x 111.222.333.444
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16150
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;444.333.222.111.in-addr.arpa. IN PTR
;; ANSWER SECTION:
444.333.222.111.in-addr.arpa. 86365 IN PTR main.funkeedomain.org.333.222.111.in-addr.arpa.
;; Query time: 0 msec
;; SERVER: 10.0.0.4#53(10.0.0.4)
;; WHEN: Thu Jan 12 19:09:11 PST 2017
;; MSG SIZE rcvd: 93
From reading examples (http://www.gettingemaildelivered.com/how-to-set-up-reverse-dns-rdns for instance), my strong impression is that this is wrong, and my reverse record set up by my ISP should be a PTR to "main.funkeedomain.org", NOT "main.funkeedomain.org.333.222.111.in-addr.arpa."
Am I right to think this? What should I be expecting in my reverse record if not what I'm finding?
Thanks all who responded, and my post-post grammar copy-editor.
Both HBruijn and Andrew B's answers were correct, but they appear to want me to select HBruijn's, which is also shorter, and so I have.
I had to call no less than five times to get this resolved. Having a 100% accurate diagnosis was surely key to me getting this passed blindly up 3 levels of escalation successfully – I was never allowed to talk to the DNS department directly.
Thank you all again.
Best Answer
Seems that in the reverse DNS zone data somebody forgot to add a trailing period . to your hostname to indicate that it is a fully qualified hostname. In DNS shorthand any simple hostname gets appended with $ORIGIN.
The correct zone data would be
or in DNS short-hand you can optionally omit the
$ORIGINi.e.333.222.111.in-addr.arpa: