Slashdot Mirror

← Back to Stories (view on slashdot.org)

Are PTR Records Important?

Posted by Cliff on from the legal-spam-fighting-tactic-or-unnecessary-hassle dept.

erfmuffin asks: "I work for a medium-sized regional ISP. Recently we configured our email gateway to refuse connections to IP addresses that do not resolve (ie no reverse DNS). I am amazed at how many legitimate domains use mail servers with no PTR record! At the same time, we have avoided a great deal of junk mail in one swoop. Wouldn't it be better for mankind if all mail servers refused mail from non-resolvable IPs? Should all legitimate mail servers have valid PTR records or has the world become too lazy to make email delivery, easier?"

8 of 138 comments (clear)

  1. Yes and no. by FreeLinux · · Score: 4, Informative

    PTR records are not necessary. They are not required for the internet to work acceptably. But, PTR records do add considerable convenience to network operation and they are a part of the DNS standard specification so, they should be used.

    The fact that mail systems that require PTR records before accepting mail significantly reduces spam is reason enough that PTR records should be required. I too experience a great deal of mail problems due to a lack of PTR records but, it is worth the effort to stick to this policy. If you don't have a PTR record, you can't send me mail!

    1. Re:Yes and no. by FreeLinux · · Score: 3, Informative

      That's completely wrongheaded. Mail should be delivered.

      I gues that you are entitled to your opinion but, I feel that the action is correct. The fact is that this policy works very well for me. The mail does go through, eventually.

      Here's how it works. A user tries to send a message to someone inside my company. The message fails, of course, because my mail server rejects the connection due to the lack of a PTR. After a few attempts the sender either calls their admin or the intended recipient, who then calls me. Either way, the admin and I talk. He/she says your mail server is broken. I say no, it isn't, yours is misconfigured. Try sending a message from your Yahoo account and you will find that it is delivered. He/she then says, so why can't I send any mails to your domain. I respond that it is because your DNS is misconfigured. Call your ISP and ask them to add a PTR record for your mail server and the mail will flow.

      Sometimes there is question about this along the lines of; well why can I send to these other domains? I explain that some administrators are willing to accept mail from misconfigured systems because there are so many of them and it makes the administrator's life easier. I then say; Trust me, call your ISP. It only takes a couple of minutes and you will never have to deal with this problem again.

      Typically, I get a thanks via email the next day. If they refuse to make the changes I point out to my user that they are receiving mail from everywhere else just fine and they can even send to this broken domain. Thus, our mail system is working correctly and the problem is at the far end. Done.

  2. Discussion on spam, reverse DNS, etc. by knightwolf · · Score: 3, Informative
    You can find a small discussion of the topic on the Missouri Linux Users group - See this for a sample and just look for the "More spam" subject messages.

    There are a LOT of places though that don't set these records, and filtering out these sites will drop a LOT of emails that actually might be valid.

  3. Re:No it wouldnt be better by Zeriel · · Score: 4, Informative

    Doesn't your ISP have PTR records anyway, though? Even if it resolves to something like modem212-yourstate-yrcty.adelphia.com like my cable modem does, it's still a valid PTR record.

    If your ISP doesn't do this, might I suggest shopping around for a new one?

    I was under the impression the original question referred to completely nonexistent PTR records (that resolve to NXDOMAIN or similar).

    --
    "America has done some terrible things. But I know that Americans don't cheer when innocents die." -Dave Barry
  4. Yes, it has by linuxwrangler · · Score: 4, Informative
    ...has the world become too lazy to make email delivery, easier?

    I don't know of any specific RFC that requires reverse DNS for SMTP but the RFCs do require that the HELO/EHLO be 1) fully qualified and 2) resolvable.

    I strongly recommend enforcing that rule even though you will be amazed at the number of mailservers that are not configured properly to follow this basic requirement of RFC2821.

    Naturally it's not a bad idea to then look up the EHLO domain and make sure it resolves back to the connecting IP. Something like 25% of the mail I reject is rejected for greeting me with my own IP or hostname.

    --

    ~~~~~~~
    "You are not remembered for doing what is expected of you." - Atul Chitnis
  5. Re:Legitimate mail from unknown IPs by Polo · · Score: 2, Informative

    I think you just have to make sure the ptr record resolves to SOMETHING, not necessarily the same thing as the A record.

    By this I mean:

    1) your company is called company.com and sends mail from either your old mailserver 4.5.6.7 or your new mailserver 1.2.3.4

    2) your shiny new mailserver's ip address may reverse lookup from 1.2.3.4 to t1-65.gateway4.myisp.com.

    Your ISP probably does this for you already.

    3) you could have t1-65.gateway4.myisp.com resolve to 1.2.3.4.

    I don't even know if 3 matching 2 is necessary.

    The IP address of "company.com" doesn't have to be associated with 4.5.6.7 or 1.2.3.4.

    However, if your mail server 1.2.3.4 is sending mail to someone, they should be able to reverse lookup 1.2.3.4 and get something.

    If they take it one additional step, the something might need to forward lookup to 1.2.3.4.

  6. Re:Setting up postfix to do this? by Deagol · · Score: 2, Informative
    I don't have the link, but search for the homepage of Ralph Hillendrandt (possible mis-spelling). He's a postfix guru who frequently posts to the postfix list. His homepage is chock full of sample configs.

    Also, the sample configs provided in the postfix distribution are a great resource. I haven't found a good definitive list of all postfix parameters and what they do in an easy-to-browse form. For now, we're stuck with trudging through the postfix documentation.

    --
    Method of processing duck feet
  7. Re:PTRs should not be required by Harik · · Score: 3, Informative
    I personally run a mail server on my computer, and don't gateway mail it sends. That's the way email was designed to work, and still the way it works best. I think that's pretty legitimate. I get an immediate response when mail delivery fails, can set how long I want resends to be done, and don't have to remember to change my gateway when I move from home to college and back. I have no reason to run out and buy a domain -- I don't have any reason to present a domain to the world.
    With all due respect, you're an idiot.

    Requiring a reverse DNS record isn't forcing you to go out and buy a domain, just to bitch at your ISP to give you a valid reverse DNS. It can be in your domain, or in theirs, it just has to exist.

    --Dan