"Please setup matching DNS and rDNS records" when trying to e-mail Craigslist 1

[irbk]

While I don't much care for my users attempting to e-mail craigslist pages, it has brought a possible problem with my DNS setup to my attention. I'm not sure what I need to do to correct the situation or if there is anything I need to correct at all.
Let me break down the current setup.
Website & DNS is hosted by Web.com
E-mail is hosted by an on-site exchange server
SmartHost is between the exchange server and the web
A reverse DNS trace from

http://www.reversednstrace.com

reveals the following:

The reverse DNS for your IP is: otie.com.
Unfortunately you did not pass the triple DNS hostname mail server check.
1. Your reverse DNS for your IP goes to "otie.com.".
2. This hostname configured in your mail server was "mail.otie.com".
3. Your forward DNS for "otie.com." does not go back to your IP of 74.62.88.166.

So it looks like everything is set up correctly until we get to step 3 and this is where I'm getting confused. Since "otie.com" & "

http://www.otie.com"

should point to our website, not our mail server, I'm confused as to how this is an "error". Could someone please enlighten me as to what is "wrong" or what I might do to configure it correctly? I'm sort of surprised that, to my knowledge, we are only having problems sending mail to craigslist and from the searching that I've done this is quite a common problem.

Thanks.

 

[Noway2]

Using the tool nslookup here is what I see for your domain:

otie.com:
Non-authoritative answer:
Name:   otie.com
Address: 209.237.151.17

mail.otie.com
Non-authoritative answer:
Name:   mail.otie.com
Address: 74.62.88.166

set type=mx
> otie.com
Non-authoritative answer:
otie.com        mail exchanger = 7 mail.otie.com.

Authoritative answers can be found from:
otie.com        nameserver = c.ns.interland.net.
otie.com        nameserver = b.ns.interland.net.
otie.com        nameserver = a.ns.interland.net.
mail.otie.com   internet address = 74.62.88.166
a.ns.interland.net      internet address = 64.226.28.33
b.ns.interland.net      internet address = 209.237.137.10

[b]
> 74.62.88.166
Non-authoritative answer:
166.88.62.74.in-addr.arpa       name = otie.com.
[/b]

> 209.237.151.17
Non-authoritative answer:
17.151.237.209.in-addr.arpa     name = wdpfarm003.sites.myregisteredsite.com.

For the most part, it looks like you have set things up correctly. You are using a mail server that is different than your

http://www server

which appears to also be where the parent domain points. This is fine. You have also declared an MX record that correctly points to your mail server. The only thing that I see as a discrepancy (see the part in bold), which may be what craigslis list complaining about is that the reverse DNS on your mail host (74.62.88.166) resolves to otie.com. and not mail.otie.com, where as the server would have (likely) identified itself as mail.otie.com.

 

[irbk]

Hmm... Sounds like I need to contact our ISP had have them put in a reverse lookup for 74.62.88.166 to point to mail.otie.com then?
Seems like it's still got the domain name in the reverse (otie.com) and almost seems too picky that (if this is the case) it doesn't resolve directly to mail.otie.com. I could see it being a problem if say mail.otie.com resolved to 74.62.88.166 and the reverse came up as some-other-domain.com. Picky picky picky. Of course the real question is if I have my ISP inject the reverse lookup what other servers might be ticked off that it resolves to mail.otie.com rather than otie.com. I seem to recall that I had to contact them to get the otie.com reverse lookup added so we could exchange e-mail with the government or they would reject our messages.

 

[Noway2]

I think if you get the rdns changed to mail.otie.com for this particular IP that it wont't cause you any issues as the forward and reverse naming will match the fully qualified name. Rereading your initial post and looking at it in terms of this being the problem, the error messages make sense. The error is saying the (reverse) look up of the IP that the message was received from resolves to otie.com, but the server identified itself as mail.otie.com and (the forward) otie.com does not resolve to the IP that the message originated from, which make it look like a possible spoof. I agree, this is being a bit picky but a lot of spammers try to spoof the headers.

 

[irbk]

Well after sitting on hold with Time Warner Cable for 4 frigging hours yesterday and then another hour today, I finally got them to change the ptr for 74.62.88.166 to point to mail.otie.com rather than just otie.com. Hopefully that will do the trick. Probably take until 9/21 before we see any changes in the DNS though.

 

[irbk]

Looks like the ptr is already taking effect. Noway2 would you mind running those NSLookups against my domain again? Thanks.

 

[Noway2]

Certainly, I am happy to help. Here is what I am currently seeing:

nslookup
> otie.com
Non-authoritative answer:
Name: otie.com
Address: 209.237.151.17

> mail.otie.com

Non-authoritative answer:
Name: mail.otie.com
Address: 74.62.88.166
> 209.237.151.17

Non-authoritative answer:
17.151.237.209.in-addr.arpa name = wdpfarm003.sites.myregisteredsite.com.

> 74.62.88.166
Non-authoritative answer:
166.88.62.74.in-addr.arpa name = mail.otie.com.

Authoritative answers can be found from:
88.62.74.in-addr.arpa nameserver = ns2.biz.rr.com.
88.62.74.in-addr.arpa nameserver = dns4.rr.com.
88.62.74.in-addr.arpa nameserver = ns1.biz.rr.com.
ns1.biz.rr.com internet address = 24.30.200.19
ns2.biz.rr.com internet address = 24.30.201.19
dns4.rr.com internet address = 65.24.0.172
>

 

[irbk]

excellent. It looked good from the tools that I ran this AM, but still got the rejected message from CraigsList (damn that Craig). I figured I'd give them a day to rep and try again tomorrow morning.
Thanks for the assist.

 

[Noway2]

Do you have the headers containing the reject or is it the same as the information in your first post?

A couple of other things: 1) do you have an SPF record?, 2) I would normally ask if your IP is static, but since you are using TWC-business class and have a reverse pointer, it pretty much has to be. Having an IP from a "residential" block can cause problems, but I doubt this is happening.

I ran your mail domain against mxtoolbox (an excellent tool for DNS and mail server testing in case you haven't heard of it before. It reports that your are not listed on any black lists and gives the following (clean) report:

	OK - 74.62.88.166 resolves to mail.otie.com
	OK - Reverse DNS matches SMTP Banner
	Warning - Does not support TLS.
	0 seconds - Good on Connection time
	OK - Not an open relay.
	3.448 seconds - Good on Transaction Time

EHLO please-read-policy.mxtoolbox.com
250-Warden.otie.com Hello mxtb-pws3.mxtoolbox.com [64.20.227.133], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-DELIVERBY
250 HELP [47 ms]
MAIL FROM: <supertool@mxtoolbox.com>
250 2.1.0 <supertool@mxtoolbox.com>... Sender ok [31 ms]
RCPT TO: <test@example.com>
550 5.7.0 <test@example.com>... No Such User [140 ms]
QUIT
221 2.0.0 Warden.otie.com closing connection [31 ms]

Consequently, it looks like you are properly configured. I think your contacting CraigsList is the correct course of action as they may be using some method of white listing or looking for something in particular as an anti-spam measure.

 

[irbk]

Yeah that mxtoolbox is pretty cool. I actually used that to resolve and SMTP banner issue I didn't even know I had. At first the Reverse DNS didn't match the SMTP Banner and I thought that might have been the "problem" (I say "problem" because to my knowledge only CraigsList has been rejecting our e-mail messages, everyone else is happy with it). However, that was apparently only 1 part of the issue. Checking now, reverse DNS trace from

http://www.reversednstrace.com

says

Congratulations! Your mail server fully passed the triple DNS mail server hostname check! 
1. Your reverse DNS for your IP goes to "mail.otie.com.".
2. This hostname configured in your mail server was "mail.otie.com".
3. Your forward DNS for "mail.otie.com." goes back to your IP of 74.62.88.166.

And as you already posted MXToolBox is pretty happy with everything (except we don't support TLS, I should turn that on one of these days...). At this exact moment in time, I sent a message to a post on CraigsList about 8 minutes ago and so far no rejection! I believe I was getting rejections within 5 minutes when there was the improper configuration.
Hopefully I've got this nailed (been 11 minutes now and no rejection). Thanks for the assist Noway2.

 

[irbk]

YEAH! It's offical! Got a response back from the CL add I sent a test e-mail for. Woot! Thanks so much for your help Noway2!