Ask Slashdot: Is Reverse DNS a Worthy Standard For Fighting Spam? 301
drmartin66 makes it to the front page with this question: "Last weekend I installed a new spam filter server for a client, and enabled connection rejection if the sending server did not have a Reverse DNS record. Since then, I have had a number of emails rejected from regulator bodies that do not have a Reverse DNS record, and are refusing to have one created for their email server. What is your opinion of Reverse DNS records? Are they (or should they be) a standard, and required? Or are they useless for spam fighting?"
rDNS (Score:5, Insightful)
Re: (Score:2, Troll)
Yep, rDNS works really well until your DNS goes tits up, or until MY DNS goes tits up, or until Pakistan accidentally BGPs something that makes you unable to resolve the query... again.
If the email you receive is anecdotal crap, it won't be a big deal. If the email you receive is of merit, then this test makes an unreliable protocol even worse.
Re: (Score:2)
Yup, I tried this for a while years ago and lost a lot of good mail. Recently when my server on a rack in California died and I couldn't get to it for a couple of weeks, I set up a backup server on my home connection (which is Comcast Business, so they don't filter port 25, but I don't have an rDNS set up). Not a single message I sent was bounced. So I conclude that not only is it the case that this isn't an effective tactic, it's also not a technique that anybody uses, for some reasonable value of "a
Re: (Score:3)
Funny you mention comcast, because they do reject mail if it doesn't have proper rdns setup.
Re: (Score:3)
Lots of anti-spam systems DO NOT send bounces anymore. Because it's useless - if it's spam, then it's probably got a forged From: header, so sending a bounce does nothi
Re: (Score:2)
If your DNS goes tits up you are doing it wrong, DNS is teir1 infrastructure it should be AT LEAST as redundant and well protected/maintained as your mail server.
If MY DNS goes tits up don't worry I can't resolve your domain to send you any mail anyway.
If BGP gets hosed up, then DNS servers are no more able to reach each other than anything else, they won't be able to resolve A,AAA, and MX queries any more than they can PTR queries, and our mail servers won't be able to connect with each other even if we co
Re: (Score:2)
I soft fail for things like this. The issue will get resolved or it will time out on there end and they will get a note about it. I hard fair for more definite things like multiple RBL listings spammy content etc. In no event do I ever accept a message that does not go into somebody's inbox. Effectively if somebody sends a spammy message they should know within a few minutes that it was not delivered. If it temp fails there mail system may or may not tell them immediately but those are assumed to resol
Re: (Score:2)
Agreed, you can't hard fail on it because too many of your clients will have it configured incorrectly.
Absolutely required. (Score:2)
Yes. Absolutely. It works.
Re: (Score:3)
That's not how the reverse DNS check works. When your SMTP server connects to another computer, it announces itself with a HELO. That HELO should resolve to that server's IP address. The reverse DNS of that IP address should be the same DNS name given in the HELO. This has nothing to do with using a different outgoing vs. incoming server or anything in your SPF records.
Re: (Score:2, Interesting)
uh. negative.
i'm not sure what you are describing, but the way it work is this:
incoming connection says ehlo "my name is fleaflicker.bigbonus.tld"
my postfix server would note that the connection is coming from 10.10.205.71
It does a check for the ptr record of 10.10.205.71
IF YOU REREAD THE SUMMARY, he's just looking for a ptr record, ANY ptr record. You'd be surprised how many have no record at all. This is what we're looking for, and dropping.
When you do get a ptr record, who cares if it doesn't MATCH, 9
Re: (Score:3)
It takes five minutes to configure the HELO and DNS records to be the same if you know what you're doing. It works, just not the way you wish it works. HELO = DNS or you don't get to send me email.
This violates the RFC. The only check you can do is for the correct HELO syntax.
The argument to HELO is supposed to be an FDQN (although an IP-address literal is also valid, but a bare IP address is not). It does not have to resolve, nor does any PTR record have to return that same FQDN.
Luckily, you're not doing much harm. I ran my mail servers for over a year checking (logged only) for both whether the HELO resolved at all, and if it matched the PTR lookup from the connecting IP. Since I reject for bad
Re: (Score:3)
They can write you a personal letter about how your job at Foocorp is stressing you out and not only leaving you with less energy at the end of the day, but that the stupid meeting Johnson scheduled for Monday morning has you discouraged and feeling down all weekend, and that this is why you can't get it up, so you might want to at least stop taking everything so seriously, and most importantly, quit worrying about things that are beyond your control and you'll find your sex life
Re: (Score:3)
Probably useless (Score:3)
In all but the most closed groups, having a system that generates lots of false positives is in most cases going to be a bad move in my opinion.
Re: (Score:2)
Better Question... (Score:5, Insightful)
What reason would anyone have to be running an SMTP server without a PTR record?
Re: (Score:3)
A lot of small organizations have ISPs (or just service plans) that will not let them choose RDNS records. They would have to outsource their mail services to send outbound mail through a computer with a valid RDNS record.
Re: (Score:3)
You don't have to choose the record. The ISP just has to ensure that the PTR for an IP resolves to a name, and the A for that name resolves to the original IP. The name can be completely up to them and doesn't even need to reflect the domain for which you're sending mail. However it should avoid using a name that makes it appear to be a dynamic IP, which some receivers may penalize you for.
Re: (Score:2)
In practice, that doesn't help much. Before switching to my current Internet connection, I had business-class cable modem service because that was required to get a static IP address from that ISP. My IP address had a PTR record with a non-resolving hostname (which looked a fair bit like a dynamic address, in spite of being static). When I tried to call the ISP about it, I got a bunch of confused tech support people who could never figure out who could fix the PTR.
Re: (Score:2)
You gave an example of a broken setup to demonstrate how a working setup doesn't help much?
Re: (Score:2)
No, I gave an example of a broken setup to demonstrate that a lot of small organizations (who still pay for business-class service that should work properly) cannot always get valid reverse DNS records for their mail servers. Clear enough now?
Re:Better Question... (Score:5, Interesting)
I hate to say it but you have way too high of an expectation of ISP's
I have a static address on a business account via a major ISP. I have a Domain name and have DNS. My DNS resolves to www.mycompany.com but the ISP has the PTR set to 111.222.333.444.static.ISPDOMAIN.COM
They will not change it no matter what I ask and E-mail from my domain through my e-mail server is rejected because the PTR does not match the A record. It has gotten so bad that I had to pay for a mail relay host to push my mail through. To me, this is a risk because they (The relay) could intercept, monitor, or filter the private e-mail between me and my customers which would directly effect my business.
So, personally I say it is a bad idea!
Re: (Score:3)
I think ISPs do this on purpose to make people pay more. I have the same problem with Comcast. I have business class cable for hosting my websites and they only allow you to change the PTR record if you buy hosting through them too.
They used to allow me to relay through a mail server, but took that away earlier this year. I have static IPs and they know I'm doing this. It's in the contract. In fact, I had a few questions from them because of the anonymous FTP server used for ISOs and all the IPv6 tunne
Re: (Score:3)
However, reverse dns is a completely different beast. Whoever has the ipv4 subnet controls the rdns for that subnet. If an isp is nice, they can delegate smaller subnets of their larger block to individuals, but this is rare.
This should help clarify [wikipedia.org]
Re: (Score:3)
Those same ISP's which do not support rDNS for customers typically host a well-configured SMTP server which customers can use as a smarthost. So, you configure your SMTP server to relay mail through your ISP's SMTP server.
This solves the rDNS problem.
Re: (Score:2)
Cite for "typically", please? Mine did not.
Re: (Score:2)
Re: (Score:2)
Maybe they're hosting multiple e-mail domains from the same site? (I do).
Re: (Score:2)
Re: (Score:3)
Reverse DNS doesn't have to match the domain that they are sending mail from. It should just match the name that the mail server is presenting when it does a HELO.
Absolutely. In fact, it's extremely rare for the mailserver to have the same name as the mail it's sending. For example, I got an inbound connection from mail-yw0-f63.google.com to deliver a message from somelist@googlegroups.com.
Re: (Score:2)
I've got a PTR record for mine, but my DNS server isn't authoritative for the colo's netblock, so nobody will ever ask for it.
Re: (Score:3)
Lack of access to the reverse DNS tree, or else running multiple domains on the same server. Reverse DNS is not guaranteed to be correct, and is not useful for filtering spam; its highest use is in troubleshooting, because a human being is using it, and can evaluate how meaningful the data there is.
Re: (Score:2)
Both ACs below seem to agree.
Re: (Score:2)
Re:Better Question... (Score:4, Informative)
You don't need IP delegation. Most ISP's offering business class Internet will just set the reverse DNS records up for you on your static IP address. Yes, you have to get in touch with their support, and yes, you have to get a rep that knows what you're talking about - but there's typically not even an extra charge.
Re: (Score:3)
Get another one, then. (Score:4, Informative)
If email is important to your organization then the cost of a correctly configured mail server is insignificant.
Seriously, your email server can be anywhere in the world. There's no reason that you have to go through a specific ISP. Even if they're blocking port 25, you can get a different ISP to accept mail from you on a different port. Even Google offers that option.
Indicative only (Score:3)
As with most spam fighting metrics it's up to you. Mail from a server without reverse DNS that doesn't trigger any of your other flags generally shouldn't be treated as spam if you care about false positives, if it's borderline then maybe the lack of reverse DNS will be enough to justify tagging it as spam. The decision of how heavily to weight the lack of reverse DNS is yours, personally I don't give it much weight but it does add a little to the score. Some people go hardcore and reject anything that doesn't have come from a machine with reverse DNS, they accept the significant false positive rate usually for idealogical reasons (while I like a properly configured system I'm not going to bite my nose off to spite my face).
Useful (Score:2)
If your email server does not have rDNS records then it's very likely half your mail is not getting delivered. aol.com, gmail, hotmail, etc all require rDNS.
Blocking on invalid rDNS, invalid or missing A records and not following proper smtp protocol is helpful on a email gateway. However, if you are a relay for clients you'll have problems.
Just deny DSL / Cable IPs (Score:2)
smtpd_client_restrictions = permit_mynetworks,
permit_sasl_authenticated,
check_client_access regexp:/etc/postfix/maps/relaying_stoplist,
permit
And here's the content of my
Re: (Score:2)
Human-readable error messages may also be a good idea. Surely you can do better than "We aren't accept direct connection not from dedicated SMTP servers."
Re: (Score:3)
Magnificent. Seriously, giving back retarded English is a stoke of genius, and I'm not being sarcastic. Real admins will chuckle, jerks and asshats will flame you (and now you know to add them to your deny), and machines aren't reading it anyways, you had them at 553.
I think there's a recipe out there to automate dropping the connections after a set number of tries and rejects. For my denies, I just ignore the connection and let them timeout. This seems to trigger a lot of spammers to stop wasting time
Re: (Score:2)
I think he should provide a link to your post in the reply!
Re: (Score:2)
So I shouldn't have used the strabo.mydomain.com as the outgoing SMTP server. And pytheas.mydomain.com was available too, god damn it!
Re: (Score:2)
You're part of the problem. Not EVERY CABLE MODEM IS AN END USER.
I have a business class cable package. My employer also does. DHCP is one thing, but static blocks should be excluded from your list. You can get 3 cable packages for the cost of a T1 here. It's insane to buy a T1 to host a website.
This is an attempt to make the internet smaller and get rid of the little guys.
Re: (Score:2)
Depends on how badly you want mail.... (Score:3)
It is possible to configure your mailer to require all sorts of things, like rDNS. If you configure all of them you will get almost no spam, but you'll also not get 50% of your legitimate e-mail. Perhaps that's ok with you, you're willing to only talk to the "clueful".
Most people though want to get mail. The old Internet axiom "Be conservative with what you send, be liberal with what you accept" applies. WIth spam fighting this generally means use every mechanism at your disposal (including rDNS existence, or matching with forward DNS); but use it only to affect the score of a message. That way the guy who doesn't have rDNS right, but does everything else right will still get through.
Re:Depends on how badly you want mail.... (Score:5, Informative)
It's been a long time since I wrote up some spam-filtering instructions [freesoftwaremagazine.com], but I'd still stand by most of my recommendations. In general, yes: just increase the spam score. I do have several litmus tests, though. If you fail one of these, I'm not accepting your mail:
"Be liberal with what you accept" is a great idea to a point, but there are some things that correlate very strongly with spamminess. Back to the subject at hand: I don't think that lack of reverse DNS is one of those things.
From the other side (Score:3)
In an organization operating a mailserver without a PTR record for their SMTP, the users should be having so much difficulty sending outbound mail that they know something is wrong. I know this from experience, having set up an SMTP without reverse DNS, and then observing that half my test messages bounced back.
rDNS bad (Score:2)
Many email servers do not have rDNS, therefore it is not advisable to filter based on a lack of rDNS alone.
It can be argued that it should have an rDNS, but if they don't, you have no control over that since it's their system. Then you'll be spending way too much of your time tweaking spam filters and creating white lists, contacting the sending company's administrators...
It's just a bad idea, don't do it.
That said, I prefer SaaS email spam filtering like Symantec's Messagelabs. (Disclosure, I am an ML part
Its useless if nobody uses it (Score:2)
A bit over a year ago, I performed a reverse dns scan of the entire internet [youtube.com]. It took around 4 months and amounted to about 62GB of data which I haven't sorted through just yet, but I'd guess based on what I've seen so far that only 20-30% of the utilized Internet has reverse DNS entries. This is kinda what I suspected all along, but I now have data to back that up. How can anything properly use reverse DNS with that low of an adoption rate. Its sad because so many more services could be offered if it was
Re: (Score:2)
Probably the number of addresses in the utilized Internet that are intended to send mail is much lower than that 20-30%.
So it could still be a good method.
Real men.... (Score:3)
Real men would scan the IPv6 space too.... :)
-Charlie
Re: (Score:2)
Real men would scan the IPv6 space too.... :)
I know you're joking as that would take longer than the age of the universe, even if you could scan it at a rate of 2^32 IPs per second.
However, one of the reasons why I did it is to gather data about where hosts are going in the transition from IPv4 -> IPv6. Some of the information I have includes IPv6 and IPv4 data paired together. So although you couldn't scan someone's block, you can get an idea of where they put their stuff in the new IP era and maybe compare what people usually did in their migra
No (Score:4, Interesting)
You know....I hate spam. It made usenet useless for years, it continues to degrade the usefulness of email, spamers steal resources and are underhanded dickwads.
All that said, some of the anti-spam people are ridiculous zealots who don't care who gets caught in the crossfire.
I have a server in colo. Its my mail server, but it also does a number of other things. Until recently, it ran a tor node. Why? Because i had sooo much more allocated bandwidth than I was using on a monthly basis that it cost me nothing extra to run. Ran it for at least 6 years on the same node.
Its now shut off, why? Because some idiots at Spamhaus decided that running a tor server was suspect. Never mind that it was disallowed from exiting on port 25, which is publically posted info in its service descriptor....no... Of course, I think they are also fooled by the fact that several windows users have shell accounts and use it as a web proxy.... so somehow my box also was infected with a Windows trojan according to these geniuses.
We got it cleared up, but still are not able to donate excess bandwidth allowance to the tor network.... which is bad enough, but this isn't the first time I have had my server blacklisted for no good reason at all. I don't even remember what BS it was last time, just that it was... BS.
Now will this kill me? No.... I have reverse DNS setup and have for years but...come on.... seriously? Bouncing mail sucks, especially when you suddenly start doing it to whole domains.
If it were just me, my opinion is that anyone using one of these RBLs has a misconfigured mail server, I wouldn't have "fixed it".... but I host other peoeple's email domains, so the black ball tactics worked.
Re: (Score:2)
Second IP address too expensive? Just curious.
Re: (Score:2)
How would a second IP help? Spamhaus likes to carpet bomb whole subnets.
e-mail server (Score:3)
Being fed up with postfix and exim, I recently wrote a simple e-mail server using python. I followed the RFC standard as well as I could, but to my surprise, I noticed there are numerous special undocumented tricks one needs to know to get mail through to the recipient in a reliable way (whitelists, blacklists, reverse dns, etc). I am wondering if anybody here knows if there is a place on the net where such tricks are documented.
PS: IANAS (I am not a spammer, honestly)
Re: (Score:3)
Only 1 worthy contender (Score:2)
Just whitelist any email that has a verified digital signature. Everything else you can't trust.
Good luck getting anyone to actually set up and use digital signatures/encryption, though :-P But if you make it a matter of policy and give them the tools to use it, there's no better way.
The world of senders is not black and white (Score:2)
Remember that not every non-spam email originates from a perfectly-configured self-hosted SMTP server. Many organizations outsource their email, spam filtering, compliance filtering, notice / statement delivery, etc. While it's easy to posit that the IT departments in such organizations have a duty to maintain reverse DNS records for all their partners' servers, don't fall into the trap of thinking that every organization has a fully-staffed, knowledgeable IT department... or an IT department at all.
Should be a factor, but not a red flag (Score:2)
Having a reverse DNS is a good practice, and anyone with a mail server should be doing it. That said, a lot of small businesses don't have reverse DNS set up, don't know what you mean when you tell them to do it, or have ISPs that are a pain to deal with. I'd mark up the spam score on a message without reverse DNS on the sending server (and I do on my own server) but I wouldn't block it entirely unless it sets off a lot more flags than just that one.
I use Kerio Connect on my server - I add 2 points for lack
A warning (Score:2)
The windows admin where I work hates reverse DNS. He thinks it's stupid and refuses to keep it updated. So... if there are more people like him out there, you might have issues getting email from them.
Re: (Score:2)
Hope he likes updating his resume.
Re: (Score:2)
Lucky for him, Windows will keep reverse DNS reasonably well maintained (provided you're using a Windows DNS server) until you decommission a host and reuse a host name or IP address. Then it seems to have huge issues getting things cleaned up. I haven't any idea why because I try to stay away from it.
Re: (Score:2)
Hates what about it? That almost doesn't even make sense.
Re: (Score:2)
He hates that some apps/protocols use it as a security measure, by doing a reverse lookup on the IP they were just given and trying to match that to the host name they were given. That means he has to pay attention to whether or not Windows is maintaining that info correctly, and as I've said in other replies, it often doesn't if you've ever reused an IP or hostname.
Re: (Score:2)
Yeah, it creates them just fine. It just doesn't seem to ever want to keep that info up to date if you change hostnames or reuse IP addresses. Like I said in another reply, I'm not a Windows guy, so I haven't any clue why it doesn't seem to like to clean up after itself. It works great as long as you never delete a host and try to reuse its IP or hostname, then it has issues.
In theory, yes. In practice, no. (Score:2)
useless, possibly harmful. (Score:2)
The requirement for reverse dns is in hindsight a part of the "security theater" where various claims are made, and remedies suggested against perceived ills. The suggestion for reverse DNS comes solidly from the era of TCP wrappers, another supposed saviour of ill maintained systems from outside evils.
In reality, there is no actual increase of security from checking if some address has reverse dns as for ages most of the dial up and broadband lines all have reverse dns. Also, as reverse dns zones are by an
Re: (Score:2)
Checking for a matching reverse DNS that matches a forward DNS. Not all reverse DNS resolves forward. Apparently my ISP does that. Stupid ISP. Of course it's a consumer ISP and they block port 25 inbound AND outbound. That's right, they don't even want me RECEIVING spam for myself.
The real problem (Score:2)
The real problem is that while this would really help fight spam, there's collateral damage. Just like the judicial systems in civilized countries tend to operate on the principle that it's better to set 100 guilty people free rather than imprison 1 innocent person, most people who receive email would rather receive and delete 100 spam messages than miss one legit email inquiry from a potential customer or long-lost friend.
Sender Policy Framework seems even better than simple reverse DNS in theory, but it
Definitely necessary (Score:2)
This is simple stuff here. Firstly, it verifies ownership of the domain. I will never accept email from a host that does not resolve. Doing so will of course allow a ridiculous amount of spam from infected computers around the globe from regular IP addresses. The email address needs to match the host in which it is sending from as well. It requires hardly *any* work. Why are we even talking about this?
HELO, ELO, wants the hostname as well. Are we expecting millions of mail servers to simple change the way t
Spam is not the reason (Score:3)
The question "Is Reverse DNS a Worthy Standard For Fighting Spam?" is incorrect. Spam is not the reason; using it as a measure of clue is. Servers that emit spam and and clue level can be related, though. If someone is clueful enough to set up a mail server properly they're going to make sure it has reverse DNS. A mail server run by a less than clueful individual (or set-and-forget with no admin) is more likely to be a problem source either now or in the future than the ones that are cluefully configured and actively maintained.
Of course you are going to have spammers that are clueful mail admins and will set up their servers properly. That's why you can't pigeonhole reverse DNS as some kind of spam fighting method alone. But it can always be used as a measure of cluefulness.
Greylisting (Score:2)
Re: (Score:2)
I actually found SPF to work pretty well. That was until a business we work with didn't know how to configure theirs, and they created records to instruct all mail servers to reject any e-mail from them. Relayed this to them several times, but eventually, the order came do
Re: (Score:2)
Whitelist the one domain past the spf checking?
Re: (Score:2)
It's also an enormous pain.
The email service for the department at the university I used to work for used greylisting, and incoming mail was routinely delayed for 30+ minutes. While I realize that email is not a time-critical service, it is still a hassle to wait for incoming email.
Even if greylisting could completely eliminate all spam, I would rather tolerate a small amount of spam than deal with the delays. Google Mail (who provides email for my domain)'s spam filter is so good that it is a rare occasion
You have to do this (Score:2, Interesting)
Its right, its not fair; but its needed. Legitimate sites should have no problems setting up reverse records or getting their provider to do if for them.
Anyone who is not in a position get PTR records in place for their mail server is not actually in a position to be running a mail server anyway. Sorry that is just the way it is. PTR records are nice to have for any number of mail delivery troubleshooting and validation issues outside of SPAM.
As a mail admin I'd kinda consider them a requirement anyway.
As an ISP we require rDNS it works well. (Score:2)
I work for an ISP and we require rDNS records for all incoming mail. You will filter out a TON of spam email with that simple rule. It's much easier on the CPU load to filter on a simple reverse DNS check than to run spam assassin on that message. There are the occasional (not as many as you'd think) misconfigured servers that don't have rDNS. In those rare cases we contact the other end and let them know they're incorrectly setup, and usually add a temporary allow until they get the issue fixed.
I highly re
Re: (Score:2)
Re: (Score:2)
Don't use that as the only criteria. (Score:2)
Use other things as well, like, SPF, whether the connecting machine is an MX for the domain, greylisting of various kinds (possibly), and weighting on lists like SBL and XBL. PBL will block hobbiests like me, fortunately gmail doesn't do that.
And then once you accept it you can do more thorough bayesian checks on headers and content.
In any case, absolute reliance on any of 'em is a problem. Spam Assassin is awesome at doing weightings, IMO.
How I use rDNS for my email customers (Score:2)
If the PTR request results in NXDOMAIN:
then add a X-Warning-no-RDNS header.
Customers are informed of this header. If they wish to make a client-side quarantine rule, they can. Customers are advised not to make rules to automatically delete such emails, as rDNS can get overloaded.
Also - if the rDNS resolves, and the answer is a KNOWN "dynamic or residential" rdns type name, then graylist that sender for 15 minutes. Most spam bots will not queue and retry their spam... they just move on and attack an easier
Can't do it (Score:2)
It's a poor differentiator (Score:4, Insightful)
Filtering based on lack of rDNS is an old technique that actually did a good job of detecting spam without an excess of false positives for about a week in the late '90s. It has for some reason become enshrined as policy by a great many people now. These days it is occasionally a better indicator of NOTspam since the spammers all make sure they have rDNS set up and have done so since that week or so in the '90s.
Consider, if someone in a striped shirt wrote your business a bad check a decade ago, would you maintain a policy of not doing business with people who wear striped shirts?
You have to have it (Score:2)
A reverse DNS check is only one possible test (Score:3)
My approach, using Exim4, is not to reject messages outright based on single issues, such as not having a proper reverse DNS entry, but to reject based on combinations of them. This is a great way to limit false positives.
For instance, an incoming message may also have a bad HELO, a bad sender domain, be blacklisted locally or by a DNSBL service, or not have a working callout so that the existence of the sender's account can't be verified. There are more issues like these to look for. My systems count the number of these transgressions per message and reject when a certain value is reached, say three, while dumping messages that score one or two end in the recipient's spambox folder. With Exim, this kind of solution is surprisingly easy to construct using ACL statements with user-defined variables that include arithmetic statements. The last checks that are performed involve Clamd and SpamAssassin, because they are so resource-intensive.
I should also mention that my systems also perform a number of checks up front for obvious spam that is rejected immediately, e.g. if the sender address domain is gmail.com, but the sender HELO name is not part of the google.com domain.
Re: (Score:2)
You got it. Today, unless you have a dedicated Email server guy it's retarded to run an Exchange server in house. Outside companies do it better and when the Company Fiber goes down YET AGAIN (Thanks AT&T) you dont lose 24 hours of emails, we actually lost 72 hours worth as AT&T decided that working over the weekend was not important.
Re: (Score:3)
For short term outages, sending servers will queue messages and try again later. You can avoid long term outages like this one by having redundant Internet connections from different providers.
Re: (Score:3)
Uhh...not to nitpick, but that is what backup MX servers [wikipedia.org] are for. When your primary server is not available, mail is delivered to one of the others. If your e-mail is that critical then you need to have a store-and-forward server somewhere else, just in case your link goes down.
There are lots of services that provide this, if you don't want to do it yourself. But setting up a simple store-and-forward server isn't all that complicated and doesn't need a full Exchange deployment.
Re: (Score:2)
Sounds like a plan, care to explain that to the CTO? I tried several times and was told that it is a "zero payback expense"
Re: (Score:2)
Sounds like a good reason to go job hunting before getting fired for his incompetence.
Re: (Score:2)
We pay our ISP to provide 'queue service' in the event our connection/Exchange box goes down. When 'selling' this service to the bosses I put it this way - How much will it cost the firm to not only be without email during an outage, but to lose all emails sent to the firm during that time period?
I feel your frustration though... IT is often seen as a 'zero payback expense'.
It is possible in all the situations that matter. (Score:2)
Unless you are one of the lucky few who have a full class address space, you are stuck with the will of the ISP to either setup reverse entries for you or to delegate resolution to you. Alphatel has it right. Use it if you choose, and grade along with other tests.
Any ISP will setup rDNS entries if you have a business account. The only time this is an issue is if you are trying to run a server from a home account. Most of the ISPs I have used or looked into prohibited running servers with a consumer account. Those that didn't were also happy to provide a rDNS entry if you paid for a static IP.
Trying to run a server when your ISP is opposed to you doing so is inherently problematic, rDNS just being one of your many concerns. It is fine for experimenting and learning,
Re: (Score:2)
Any ISP will setup rDNS entries if you have a business account
For certain subsets of "any", that is. I'm with two rather large national-scale ISPs, on business class accounts with both of them, and asking for rDNS makes their eyes glaze over and that's the end of that. Our previous ISP, also a large company, was just as inept...
Re: (Score:3)
I think you're missing the point. Configuring DNS means that someone with clue set out to create a mail server and intends for it to be such rather than just slapping something together without any clue. Whether or not that mail server is sending anything desirable is not related.
Re: (Score:2)
They can only use reverse DNS for IP's they own if they're using their own mail servers.
Re: (Score:2)