Postfix: bouncing mail (reverse DNS issue)

email postfix email-server reverse-dns email-bounces

15,862

Solution 1

Assume your mail server name is multiformeingegno.it (myhostname value in postfix) and your server has two IPs 1.2.3.4 and 1.2.3.5 and you are sending a mail from [email protected], setting up all the following is always recommended.

A record of multiformeingegno.it pointing to 1.2.3.4 and 1.2.3.5
PTR record for 1.2.3.4 and 1.2.3.5 pointing to multiformeingegno.it
SPF record for otherdomain.tld should include both 1.2.3.4 and 1.2.3.5
otherdomain.tld should have proper MX record or a A record

Hope that was clear. To clarify you one more thing, your system's name has nothing to do here.

Solution 2

To fix this, you need to make sure that your PTR record for your server's IP address corresponds to your server's advertised hostname.

Your hosting provider (or whoever provided you with the IP address) should be able to help you with this, as reverse DNS administration (usually) lies with the controlling ISP, normally defined in WHOIS.

Essentially, whatever IP your server resolves to must have a reverse DNS pointing to the same hostname, or at a minimum Postfix's myhostname configuration variable, which is the name it uses when sending a HELO request to another SMTP server.

This is more than simply good practice when you run a public mailserver, as checking PTR addresses is part of the anti-spam setup of many mailserver administrators (including me) due to the fact that many spammers use dynamic IP addresses or non-matching A/PTR combinations.

A slightly more in-depth explanation is this:

The bounce message you're seeing is being generated by the receiving MTA at mail.domain.tld.
This server sees that your Postfix server is using the IP 1.2.3.4 (I've used a placeholder as you haven't given yours).
The receiving MTA checks the RDNS entry for 1.2.3.4 against the hostname that it appears to be from according to the HELO it receives.
If the RDNS matches, it shows you are a responsible mailserver admin and the mail passes that particular check
Be aware that this is just one check, and your message may fail others.

A real-world example:

~ $ nslookup vps.vikingserv.net
Server:     192.168.50.11
Address:    192.168.50.11#53

Non-authoritative answer:
Name:   vps.vikingserv.net
Address: 31.3.251.12

~ $ nslookup 31.3.251.12
Server:     192.168.50.11
Address:    192.168.50.11#53

Non-authoritative answer:
12.251.3.31.in-addr.arpa    name = vps.vikingserv.net.

15,862

Author by

MultiformeIngegno

Updated on September 18, 2022

Comments

MultiformeIngegno over 1 year
I have a problem with Postfix. I get this with some email address:
```
to=<[email protected]>, relay=mail.domain.tld[IP_ADDRESS]:25, delay=3, delays=0/0/2.5/0.52, dsn=5.7.1, status=bounced (host mail.domain.tld[IP_ADDRESS] said: 550 5.7.1 <[email protected]>... Fix reverse DNS for MY_SERVER_IP_ADDRESS,or use your ISP server (in reply to RCPT TO command))
```
I read something and it should be related to my HELO/EHLO hostname. Postfix runs on the same server of the script sending mails, same IP address. When I type hostname -f ubuntu returns "localhost". But in /etc/hostname I have "domain.tld" (one of my domains).

Here's my main.cf file:
```
### Postfix SMTP Server
myhostname = $mydomain
mydomain = domain.tld
myorigin = $mydomain
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
smtpd_banner = $myhostname ESMTP $mail_name (multiformeingegno)
biff = no
append_dot_mydomain = no
readme_directory = no
relayhost = 
inet_interfaces = all
local_transport = error:local delivery is disabled

mydestination = domain.tld, localhost.domain.tld, localhost
mynetworks = 127.0.0.0/8 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_protocols = all
```
- NickW about 10 years
  
  You've specified the domain which helps a bit. 1. Do you have an MX record for multiformeingegno.it ? 2. What is the mailserver hostname mail.multiformeingegno.it? Have you either set up, or requested RDNS for that hostname?
- MultiformeIngegno about 10 years
  
  I have no MX record for multiformeingegno.it. But I can manage them.. Should I set my Server IP address as MX server?
- NickW about 10 years
  
  Well, an MX record should be something like IN MX 10 mail.multiformeingegno.it then you will need an A record for mail. The A record should be your server IP. In boca al lupo!
- MultiformeIngegno about 10 years
  
  Can't it be the domain itself and not mail.domain.tld ?
MultiformeIngegno about 10 years

Uhm I had a look at my VPS control panel (DigitalOcean). My IP by default has a PTR with same name of the droplet with a dot at the end (multiformeingegno.) . What should I do? Maybe change the droplet name to "multiformeingegno.it" ? So it's the same domain of the hostname I specified in /etc/hostname ?
MultiformeIngegno about 10 years

Well I have all of these except that PTR of my server's IP is by default my VPS name (which is just "multiformeingegno", not "multiformeingegno.it"). To change it I have to change my VPS name. I'm going to try now
clement about 10 years

@MultiformeIngegno Ya ok. Check the "THE FQDN" paragraph in "man hostname"