<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 12pt;
font-family:Calibri
}
--></style></head>
<body class='hmmessage'><div dir='ltr'>background:<br>last month we enabled the feature on sendmail to do a reverse look-up of the name and verify the IP address before accepting an email for delivery FEATURE(`require_rdns')dnl. I know this breaks the RFC but given all the spam this actually helps weed out a few.<br><br>Received a call from purchasing today, that (all of a sudden) one of our vendors is no longer able to send us email. Checking the mail log I get:<br>Oct 28 05:30:48 smtp sendmail[9092]: r9SCUmtY009092: ruleset=check_rcpt, arg1=<rweeks@inksystems.com>, relay=[198.173.12.21], reject=550 5.7.1 <rweeks@inksystems.com>... Fix reverse DNS for 198.173.12.21<br>Oct 28 05:30:49 smtp sendmail[9092]: r9SCUmtY009092: from=<prvs=1013b1b09b=Hank@apollocolors.com>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=[198.173.12.21]<br><br>now normally the second line should end with relay=mailgw.apollocolors.com. [198.173.12.21] (not just the IP in brackets)<br><br>However, we implemented the rule over a month ago, and all of a sudden as of yesterday this stopped working??<br><br>Question:<br>When I dig the MX record I get mailgw.apollocolors.com. <br><br>pompt> dig apollocolors.com MX<br><br>; <<>> DiG 9.8.4-P1-RedHat-9.8.4-3.P1.fc16 <<>> apollocolors.com MX<br>;; global options: +cmd<br>;; Got answer:<br>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50104<br>;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 5<br><br>;; QUESTION SECTION:<br>;apollocolors.com. IN MX<br><br>;; ANSWER SECTION:<br>apollocolors.com. 3085 IN MX 10 mailgw.apollocolors.com.<br><br>;; AUTHORITY SECTION:<br>apollocolors.com. 3332 IN NS ns3.e2services.net.<br>apollocolors.com. 3332 IN NS ns4.e2services.net.<br>apollocolors.com. 3332 IN NS ns2.e2services.net.<br>apollocolors.com. 3332 IN NS ns1.e2services.net.<br><br>;; ADDITIONAL SECTION:<br>mailgw.apollocolors.com. 3085 IN A 198.173.12.21<br>ns1.e2services.net. 3079 IN A 216.35.163.10<br>ns2.e2services.net. 3079 IN A 216.35.163.11<br>ns3.e2services.net. 3079 IN A 64.14.233.10<br>ns4.e2services.net. 3079 IN A 64.14.233.11<br><br>;; Query time: 1 msec<br>;; SERVER: 12.238.189.39#53(12.238.189.39)<br>;; WHEN: Mon Oct 28 12:53:35 2013<br>;; MSG SIZE rcvd: 223<br><br><br>When I look-up the reverse at my recursive server I get:<br>prompt> dig -x 198.173.12.21 <br><br>; <<>> DiG 9.8.4-P1-RedHat-9.8.4-3.P1.fc16 <<>> -x 198.173.12.21<br>;; global options: +cmd<br>;; Got answer:<br>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33959<br>;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 4<br><br>;; QUESTION SECTION:<br>;21.12.173.198.in-addr.arpa. IN PTR<br><br>;; ANSWER SECTION:<br>21.12.173.198.in-addr.arpa. 8428 IN PTR mailgw.apollocolors.com.<br><br>;; AUTHORITY SECTION:<br>12.173.198.in-addr.arpa. 40828 IN NS auth2.dns.cogentco.com.<br>12.173.198.in-addr.arpa. 40828 IN NS auth5.dns.cogentco.com.<br>12.173.198.in-addr.arpa. 40828 IN NS auth4.dns.cogentco.com.<br>12.173.198.in-addr.arpa. 40828 IN NS auth1.dns.cogentco.com.<br><br>;; ADDITIONAL SECTION:<br>auth1.dns.cogentco.com. 16531 IN AAAA 2001:550:1:a::d<br>auth2.dns.cogentco.com. 30846 IN AAAA 2001:550:1:b::d<br>auth4.dns.cogentco.com. 30846 IN AAAA 2001:978:1:a::d<br>auth5.dns.cogentco.com. 30846 IN AAAA 2001:978:1:b::d<br><br>;; Query time: 1 msec<br>;; SERVER: 12.238.189.39#53(12.238.189.39)<br>;; WHEN: Mon Oct 28 12:55:16 2013<br>;; MSG SIZE rcvd: 286<br><br><br>However, and her is the rub, when I do the same reverse look-up at any of their servers I get a list of root servers back. Shouldn't I be getting back the IP address pointer back? Also according to IntoDNS two of their servers are misconfigured or non-existant.<br><br>Here is what I get instead:<br>prompt> dig @216.35.163.10 -x 198.173.12.21<br><br>; <<>> DiG 9.8.4-P1-RedHat-9.8.4-3.P1.fc16 <<>> @216.35.163.10 -x 198.173.12.21<br>; (1 server found)<br>;; global options: +cmd<br>;; Got answer:<br>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29478<br>;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 3<br>;; WARNING: recursion requested but not available<br><br>;; QUESTION SECTION:<br>;21.12.173.198.in-addr.arpa. IN PTR<br><br>;; AUTHORITY SECTION:<br>. 3600 IN NS j.root-servers.net.<br>. 3600 IN NS l.root-servers.net.<br>. 3600 IN NS i.root-servers.net.<br>. 3600 IN NS m.root-servers.net.<br>. 3600 IN NS a.root-servers.net.<br>. 3600 IN NS b.root-servers.net.<br>. 3600 IN NS c.root-servers.net.<br>. 3600 IN NS d.root-servers.net.<br>. 3600 IN NS e.root-servers.net.<br>. 3600 IN NS f.root-servers.net.<br>. 3600 IN NS g.root-servers.net.<br>. 3600 IN NS h.root-servers.net.<br>. 3600 IN NS k.root-servers.net.<br><br>;; ADDITIONAL SECTION:<br>j.root-servers.net. 3600 IN A 192.58.128.30<br>l.root-servers.net. 3600 IN A 199.7.83.42<br>i.root-servers.net. 3600 IN A 192.36.148.17<br><br>;; Query time: 59 msec<br>;; SERVER: 216.35.163.10#53(216.35.163.10)<br>;; WHEN: Mon Oct 28 13:00:29 2013<br>;; MSG SIZE rcvd: 507<br><br>Am I missing something or is their DNS misconfigured? <br><br>Any help is greatly appreciated. Want to verify they have a misconfiguration before letting the admin know. <br><br><br> </div></body>
</html>