DNS PTR question

[Guest]

Here is my setup and issue. I am having issue with a few domains bouncing my
email connections. I know I am not on any spam lists and I have spoken to one
of the Admins of the domains that is giving me an 550 SMTP error and he
suggested it was more then likely an error with my DNS PTR record for my
domain.
Here is my setup I have a PIX 515 at the edge of my network and between my
intrenal network and the PIX I have an ISA 2004 server for an inside
firewall, for extra security and to publish my Exchange 2003. So it goes Pix
515 > ISA 2004 > Symantec SMTP security server > Exchange 2003 server. (This
is not my real email server name, domain, or IP address. These are just
examples) My exchange server is email1.domain.com and the MX record is
10.10.10.2 and the outside address of my PIX 515 that is used to NAT all
internal outgoing traffic is 10.10.10.1. Because my email server
email1.domain.com is behind my ISA server and because ISA can't do one-to-one
NAT on outgoing traffic my outgoing SMTP is NAT'd to the same address as all
other outgoing traffic. 10.10.10.1 but my MX record is 10.10.10.2 for
incoming email. Should my PTR record for my email system be set to point to
the IP address of my PIX since that is the IP address that the traffic is
going from or should it be the IP address of my MX record? Should the
hostname that the PTR record resolves to be the name of my email server
email1.domain.com? If I point the PTR record to the ouside IP address of the
PIX (10.10.10.1) and the MX is (10.10.10.2) will this cause any other issues
down the road. I hope this make sense. Thanks for any help. JP

 

[Ace Fekay [MVP]]

In

Here is my setup and issue. I am having issue with a few domains
bouncing my email connections. I know I am not on any spam lists and
I have spoken to one of the Admins of the domains that is giving me
an 550 SMTP error and he suggested it was more then likely an error
with my DNS PTR record for my domain.
Here is my setup I have a PIX 515 at the edge of my network and
between my intrenal network and the PIX I have an ISA 2004 server for
an inside firewall, for extra security and to publish my Exchange
2003. So it goes Pix 515 > ISA 2004 > Symantec SMTP security server >
Exchange 2003 server. (This is not my real email server name, domain,
or IP address. These are just examples) My exchange server is
email1.domain.com and the MX record is
10.10.10.2 and the outside address of my PIX 515 that is used to NAT
all internal outgoing traffic is 10.10.10.1. Because my email server
email1.domain.com is behind my ISA server and because ISA can't do
one-to-one NAT on outgoing traffic my outgoing SMTP is NAT'd to the
same address as all other outgoing traffic. 10.10.10.1 but my MX
record is 10.10.10.2 for incoming email. Should my PTR record for my
email system be set to point to the IP address of my PIX since that
is the IP address that the traffic is going from or should it be the
IP address of my MX record? Should the hostname that the PTR record
resolves to be the name of my email server email1.domain.com? If I
point the PTR record to the ouside IP address of the PIX (10.10.10.1)
and the MX is (10.10.10.2) will this cause any other issues down the
road. I hope this make sense. Thanks for any help. JP

Hi JP,

Simply put, the MX record is for your public domain name should point to the
public mail.yourdomain.com FQDN, which of course, should point to the
outside IP that Internet traffic will be comming into your network, which
seems to be your PIX. Keep in mind, an MX record is just a pointer (with a
blank hostname) that points to your resource record, whatever that name is
on the public side, that tell other mail servers on the Internet who is the
mail server accepting mail for your domain. If incoming connections go thru
the outside IP of the PIX, then there you have it.

As for the PTR, you will need to contact your ISP to create a PTR entry for
your mail host record, since the IP block belongs to them and they are
authorative for the block.

As for the 5.5.0 error, it's more of a generic delivery failure error
(protocol error, missing PTR, relay reject, etc etc etc), so we'll need to
see the full error and the data along with it or the NDR you are receiving
(unedited) to determine the exact cause. It can possibly mean that a PTR
does not exist for the mail resource record in your case, but can't
determine that until we look at the error.


--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.