[App_rpt-users] HELP -- we are being forced to eat SPAM!

Steve Gladden steve at michiganbroadband.com
Tue Jun 1 23:45:24 UTC 2010


Or I'm way off base (been a LONG day) and should have been testing for the
allstartlink.org domain MX..  (which look ok) far as that
reverse stuff goes.






> *puts on ISP hat for a brief moment*
>
>
> Hint #1 -->Return-Path: <app_rpt-users-bounces at qrvc.com>
> Received: from sh.qrvc.com (67-23-8-125.qrvc.com [67.23.8.125] (may be
> forged))
>
> The entire problem is that your forward DNS lookup (mail.qrvc.com)
> does not match your reverse dns lookup (pointer) name
> on what you are using for a mail host.
>
> Get all these to match:
>
> 1. MX record you are publishing already OK
> 2. Forward host lookup (mail.qrvc.com) already OK
> 3. And reverse lookup (pointer) for IP should be mail.qrvc.com *need fix*
>
> Since you seem to be using the same IP for multiple uses..
> Would probably be best to set the MX to "qrvc.com" as to not cosmetically
> mess with anything else you might have in place.
> This is purely optional and is just what will get shown everywhere
> logs etc where your IP gets reverse looked up & logged.
> Otehrwise it will just show up as mail.qrvc.com
>
> It's the reverse pointer for 67.23.8.125 that's mainly biting you in the
> ass.
>
> It needs to match.. & the spam filters are expecting that.
>
> iridiumX:~# host mail.qrvc.com
> mail.qrvc.com has address 67.23.8.125
> iridiumX:~#
> (of course)
>
> iridiumX:~# host qrvc.com
> qrvc.com has address 67.23.8.125
> qrvc.com mail is handled by 10 mail.qrvc.com.
> iridiumX:~#
>
> (yup) that sorta saved me the MX step
>
>
>
> iridiumX:~# host 67.23.8.125
> 125.8.23.67.in-addr.arpa domain name pointer 67-23-8-125.qrvc.com.
> iridiumX:~#
> Not good! should come back as mail.qrvc.com.
> That is if you want people to get your mail :-)
>
>
> OK let's see who your DNS servers are:
>
> iridiumX:~# dig qrvc.com ns
>
> ; <<>> DiG 9.5.1-P3 <<>> qrvc.com ns
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59513
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 4
>
> ;; QUESTION SECTION:
> ;qrvc.com.                      IN      NS
>
> ;; ANSWER SECTION:
> qrvc.com.               85744   IN      NS      ns1.everydns.net.
> qrvc.com.               85744   IN      NS      ns2.everydns.net.
> qrvc.com.               85744   IN      NS      ns3.everydns.net.
> qrvc.com.               85744   IN      NS      ns4.everydns.net.
>
> ;; ADDITIONAL SECTION:
> ns1.everydns.net.       53496   IN      A       208.76.61.100
> ns2.everydns.net.       53496   IN      A       208.76.62.100
> ns3.everydns.net.       53496   IN      A       208.76.63.100
> ns4.everydns.net.       53496   IN      A       208.76.60.100
>
> ;; Query time: 1 msec
> ;; SERVER: 10.73.73.20#53(10.73.73.20)
> ;; WHEN: Tue Jun  1 19:36:45 2010
> ;; MSG SIZE  rcvd: 174
>
> iridiumX:~#
>
> ...Some DNS hosting company :-) Cool.
>
> OK let's see who's responsible for reverse dns
>
> iridiumX:~# dig 8.23.67.in-addr.arpa ns
>
> ; <<>> DiG 9.5.1-P3 <<>> 8.23.67.in-addr.arpa ns
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26400
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2
>
> ;; QUESTION SECTION:
> ;8.23.67.in-addr.arpa.          IN      NS
>
> ;; ANSWER SECTION:
> 8.23.67.in-addr.arpa.   84591   IN      NS      ns1.slicehost.net.
> 8.23.67.in-addr.arpa.   84591   IN      NS      ns2.slicehost.net.
>
> ;; ADDITIONAL SECTION:
> ns1.slicehost.net.      2496    IN      A       67.23.4.57
> ns2.slicehost.net.      2493    IN      A       173.45.224.132
>
> ;; Query time: 1 msec
> ;; SERVER: 10.73.73.20#53(10.73.73.20)
> ;; WHEN: Tue Jun  1 19:40:52 2010
> ;; MSG SIZE  rcvd: 119
>
> iridiumX:~#
> Ok that seems to be somewhere else (rackspace) but i'm sure it's under
> your control..
>
> OK here's the homework...
>
> 1. Your forward DNS record needs to be the same as your reverse lookup.
>    Have your DNS folks (slicehost/rackspace) assist on getting that to
> match..
>    the reverse lookup should be a PTR record set to "mail.qrvc.com."
>
> and yes with the trailing "." you see there. :-)
> If they have a web interface to update it you *may* not need the trailing
> "." but that's what ends up in the zone file for the DNS itself.
>
> Nice 4 letter domain name BTW-
>
> You're giving "QVC" some competition.
>
>
>  :-)  I still have odlc.com
>
> Those are pretty rare.
>
> Cheers!
>
> -Steve
>
>
>
>
>
>
> Michigan Broadband Systems Inc.
> "Always Connected"
>
> (734)527-7150
>
> Steve's cellphone: (734)904-1811
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> _______________________________________________
> App_rpt-users mailing list
> App_rpt-users at qrvc.com
> http://qrvc.com/mailman/listinfo/app_rpt-users
>


Michigan Broadband Systems Inc.
"Always Connected"

(734)527-7150

Steve's cellphone: (734)904-1811


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.




More information about the App_rpt-users mailing list