Help Please - DNS issue?

[Johnson]

I have a firewall - one to one NAT turned on pointing to
my internal Exchange server, reverse DNS works.

I installed SPAM filter, changed the NAT to point to SPAM
filter, then route port 25 to Exchange server. Now the
reverse DNS doesn't work. (according to AOL)

The FQDN is still the same, MX record is still the same,
the only change is the machine name (Exchange server
is "LD1", SPAM filter is "mail") and the internal IP,
which should not make any difference.

When I do Reverse DNS testing with either configuration it
shows it's
working, however, we have multiple people that have AOL
account that our users communicate with, and mail is not
reaching them when my SPAM filter is in the mix, I have
contacted AOL and they tell me it's because of the non
reverse DNS?

Maybe I need to step out of the box, because I am not
seeing what's causing this.

TIA for anyone able to shed a light on this for me

 

[ObiWan]

I have a firewall - one to one NAT turned on pointing to

my internal Exchange server, reverse DNS works.

Ok, so if I got it right the config should be ...

mailserver <---> nat <----> internet

with a port forward on NAT to allow port
25 to be published on the 'net

I installed SPAM filter, changed the NAT to point to
SPAM filter, then route port 25 to Exchange server.

Ok, this means

mailserver <--> spamfilter<->nat <--> internet

and I assume that the external (public) address
wasn't changed i.e. what the internet sees is the
same IP address as before

Now the reverse DNS doesn't work. (according to AOL)

The FQDN is still the same, MX record is still the same,
the only change is the machine name (Exchange server
is "LD1", SPAM filter is "mail") and the internal IP,
which should not make any difference.

Hmmm ... I wonder if the problem may be caused from the
"HELO" answer, that is, with the previous configuration the
mailserver banner was probably "ld1.yourdomain.com"
while now it may be "mail.yourdomain.com" this in turn
means that if an external mailserver checks to see if your
mailserver answers with the same name registered in the
DNS this check will fail; imho a solution may be setting up
the spam filter so that its banner will be the same as before
i.e. "ld1..." this way your problem should be fixed

Let me/us (the newsgroup) know please

 

[Johnson]

Thanks for the feedback (ext IP still the same), good
point about the banner, I will check that and post a reply
here, I would also like to ask your permission to e-mail
you directly.

Thanks for now

 

[Jonathan de Boyne Pollard]

J> The FQDN is still the same, MX record is still the same,
J> the only change is the machine name [...] and the internal IP,

If nothing externally visible changes as you switch back and forth, then the
problem is not as AOL has described it to you. Of course "Your reverse
lookup isn't correct." is a stock response amongst mail administrators
nowadays. I've seen people fobbed off with it quite often.

J> TIA for anyone able to shed a light on this for me

How do you think that anyone is going to be able to shed light on it when
you don't tell us the IP address, don't show us the DNS data, and don't tell
us what the error message text in the bounce messages is ?

<URL:http://homepages.tesco.net./~J.deBoynePollard/FGA/problem-report-standard-litany.html>
<URL:http://homepages.tesco.net./~J.deBoynePollard/FGA/dont-obscure-your-dns-data.html>

 

[ObiWan]

Thanks for the feedback (ext IP still the same), good
point about the banner, I will check that and post a reply
here, I would also like to ask your permission to e-mail
you directly.

Well ... I'd like to keep the discussion here since this way
others may benefit from the thread; by the way, if you feel
that there's something you can't discuss on a public NG
feel free to drop me a mail; just remove the "nospam"