[server-admins] Reverse DNS (and mailman, and iptables??)

Troy A. Griffitts scribe at crosswire.org
Tue Jan 25 19:29:40 MST 2011 

OK guys.  Jonathan has done a great job setting up reverse DNS for our
new server IP.

I'm still getting bounced messages (I've switched my outbound SMTP to
smtp.googlemail.com).

Any ideas what we need to do next?  I tried following one of the links
in a bounced message to resolve the problem and applied for our IP to be
removed from their BL.

host sbcmx3.prodigy.net [207.115.21.22]: 553 5.3.0 flpd115 DNSBL:ATTRBL
521< 64.71.190.106 >_is_blocked.__For_information_see_http://att.net/blocks

I filled out a form and received an email (about 12 hours ago) that we
would be removed from their BL, but just received another bounce.  Not
sure how long I should wait.

I tried to follow this link, but after exploring couldn't figure out
what to do to resolve the issue:

host mx4.hotmail.com [65.55.92.168]: 550 SC-001 Unfortunately, messages
from 64.71.190.106 weren't sent. Please contact your Internet service
provider since part of their network is on our block list. You can also
refer your provider to
http://mail.live.com/mail/troubleshooting.aspx#errors.

This might be painful.  I wonder if there might still be something we
can dig up in our configuration that might help us be whitelisted?  Any
ideas?  Some of these links do suggest configuration things that I don't
understand.

Troy


On 01/24/2011 06:55 AM, Jonathan Marsden wrote:
> Troy,
> 
> On 01/23/2011 09:37 PM, Jonathan Marsden wrote:
> 
>> So, let's just go for it, we can't break anything, since there is
>> nothing in place now (for crosswire.org reverse DNS) to break :)
> 
> OK, I've now set up RFC4183-style reverse DNS on both crosswire.org and
> codns.computeroptions.net -- and it appears to actually work (!).
> 
> So, once the delegation from the ISP takes effect, that should be taken
> care of (BUT see below).  In other words, I can now do:
> 
>   dig @crosswire.org 106.104-29.190.71.64.in-addr.arpa. ptr +short
> 
> on crosswire.org and get the right answer back.
> 
> IMPORTANT: ARE WE BLOCKING DNS TRAFFIC TO THE SERVER?
> 
> I can't get DNS info from the crosswire.org server anywhere else.  I
> suspect you may be running an iptables firewall that is blocking some
> traffic?  Can you check this please?  TCP and UDP ports 53 need to allow
> all inbound traffic on crosswire.org.
> 
> To check this, compare:
> 
>   dig @crosswire.org 106.104-29.190.71.64.in-addr.arpa. ptr +short
> 
> with
> 
>   dig @codns.computeroptions.net crosswire.org
> 106.104-29.190.71.64.in-addr.arpa. ptr +short
> 
> when each is run from some other machine somewhere.  Same issue for
> 
>   dig @crosswire.org crosswire.org a +short
> 
> and
> 
>   dig @codns.computeroptions.net crosswire.org a +short
> 
> Thanks,
> 
> Jonathan

More information about the server-admins mailing list