Hello,

I am currently using my root server to host multiple clients websites and emails. I am using a single shared IP address. A host in town has recently implemented an anti spam technique that requires all MX records to resolve to an IP address. Having only a single IP address and not running DNS on my servers (dependent on 1and1 for that) I am only able to setup revers DNS for a single domain.

I realize I can add more IP addresses which would work fine but I cannot see how to change the IP address in Plesk for each individual domain. So I either need to find out how to do this, or somehow trick all domains to resolve to the one single IP address.

Any help greatly appreciated. This must be an issue for many hosts who run shared servers with a single IP address don't you think?

Thanks,
Dylan

I would imagine that all you need to do is setup reverse DNS for your server name where the mail is being sent from.. Not each and every site your hosting.

Make sure reverse DNS is setup for your server name and you should be fine! :)

1. You have to order/buy the IP in the 1and1 control panel.

2. You then have to add the IP address to your server in the admin control panel under Server

3. You then have to add the IP to the pool of available IP's for each client

4. You then have to go into the domain under the client name and goto setup and there is a drop down where you can choose which IP the domain resolves to.

5. Sometimes you have to restart the HTTPD daemon to get the change to take effect properly

I'm thinking about your original problem......i might have some more comments in a minute. I can see your point, i'm just not 100% on what actually happens on shared domains with Plesk and Qmail.

Thanks for the step by step eWebtricity. I'll give your instructions a try but I still don't understand how a shared server using named based hosting is supposed to resolve all domains to a single IP address.

Thanks for the help.

Dylan,

I don't understand your problem, can you explain a little more what this host was complaining about?

An MX record can't map to an IP address directly. It points to another record, which has to be an A record. Maybe that's where your problem is.


mydomain.com MX mail.mydomain.com
mail.mydomain.com A 192.168.1.20


You could have it like this, which is wrong


mydomain.com MX mail.mydomain.com
mail.mydomain.com CNAME mydomain.com
mydomain.com A 192.168.1.20


Your MX record HAS to point to an A record, not a CNAME record.

Can you post your current DNS zone for the domain in question? You could send mail and just pretend to be xxx.com and I believe what the host meant was that he is doing a check on xxx.com to make sure it has an MX record and is not just some fake domain name. He could do an additional check and see if the IP address from the MX record (the A record which the MX record is pointing to) is the same as the SMTP server that sent the mail. I don't see how this would be a problem with shared IPs, it simply means that multiple domain MX records point to the same IP but that's ok.

Maybe I didn't understand the problem correctly.

Dan

Thanks for the help, here is a clip from the email that was sent from the host that was not accepting the message:

In our continuing efforts to decrease the amount of spam our clients get, we have made a small technical change to our mail servers. We now refuse with an error mail from hosts that are mis-configured and do not have a reverse DNS entry.

This should not affect anyone, since virtually all network administrators set up reverse DNS entries for their servers, but there may be some people who mail you who have not done this. Certainly there were a great many spammers who fit into this category!

Should you not be receiving mail from someone, ask them to ask their internet provider if their reverse DNS is correct.

Please note that we are unable to tell from our end if this is the reason you are not receiving email from someone, only the sender can tell this.

As always, if you prefer not to have your mail filtered in this way, we can change your email so that no spam filtering is done at all.
Simply email us and request we change your domain.

Please let us know if you have any questions regarding this or any other issues.

Note: Only you, as the billing contact in our database, will receive this email for your company. Please let your staff and/or clients know about this as well.

Thank you.

Thanks for the help, here is a clip from the email that was sent from the host that was not accepting the message:

In our continuing efforts to decrease the amount of spam our clients get, we have made a small technical change to our mail servers. We now refuse with an error mail from hosts that are mis-configured and do not have a reverse DNS entry.

This should not affect anyone, since virtually all network administrators set up reverse DNS entries for their servers, but there may be some people who mail you who have not done this. Certainly there were a great many spammers who fit into this category!

Should you not be receiving mail from someone, ask them to ask their internet provider if their reverse DNS is correct.

Please note that we are unable to tell from our end if this is the reason you are not receiving email from someone, only the sender can tell this.

As always, if you prefer not to have your mail filtered in this way, we can change your email so that no spam filtering is done at all.
Simply email us and request we change your domain.

Please let us know if you have any questions regarding this or any other issues.

Note: Only you, as the billing contact in our database, will receive this email for your company. Please let your staff and/or clients know about this as well.

Thank you.

What this says to me is that you need to have reverse DNS entries for your server that is sending the mail. Its normal that ISP's require a reverse DNS entry of the server that is sending the mail. AOL does this along with other ISP's.

Do you have a reverse DNS entry? 1&1 lets you set them in the control panel.

Now the question is if the host just wants any reverse DNS entry or if it has to match the MX mapping in the domain. If it has to match the MX mapping then you simply have to change the MX mapping to match it. It is allowed to have a different domain processing mail than the domain itself.

192.168.1.20 PTR mydomain.com

xyzdomain MX mydomain.com
mydomain.com A 192.168.1.20

I thought it went something like this per the RFC


mailserver.yourdomain.com connects to mailserver.theirdomain.com on port 25 and issues the helo or ehlo to identify itself as mailserver.yourdomain.com to mailserver.theirdomain.com


then


mailserver.theirdomain.com says you connected to me from source IP of 77.77.77.77 and you say your name is mailserver.yourdomain.com. Let me do a reverse lookup on your IP to make sure your name is correct.


then


mailserver.theirdomain.com does a reverse lookup on your IP and if your reverse lookup does not match your name that you specified in the ehlo/helo then it rejects the connection


So you have to make sure that your hostname, forward lookup, and reverse lookup all match.

Not to mention the recent introduction of SPF records now used by Verizon and alot of other large ISP's, but that's a whole nother can of worms.

Did you ever run a test at dnsreport.com and see what it says?

Here is what I do on my server, and it seems to work so far, haven't had any rejected messages.

My main hosting domain is xyz.com and the main ip address reverse DNS resolution goes back to xyz.com. So that's a clean forward/reverse resolution.

All my hosted domains haf this MX record
domain1.com MX mail.xyz.com
domain2.com MX mail.xyz.com
etc...

This shows that my main domain is responsible for all mail from all domains. Now qmail runs on all interfaces but when you connect to any of them the greeting always shows the main domain.

If I had the default mapping like this
domain1.com MX mail.domain1.com
it could cause a problem (one DNSREPORT.COM will test). I connect to mail.domain1.com to send my mail for that domain but the greeting says xyz.com, ok, let's check. So I lookup xyz.com and the ip address it resolves to is not the same as mail.domain1.com I just connected to becasue they are hosted on different IPs. The problem is that when I connect to the SMTP server the server does not know which of the domains I want to send mail for and therefore it does not know which greeting to show, unless there is only one domain per IP.

By setting up MX records that direct all mail activity to the main domain a system that wants to send mail to domain2.com will see that mail.xyz.com is handling the mail for domain2.com and will connect to that server, which will greet with xyz.com which then also resolves properly forward and backward with the IP that mail.xyz.com maps to.

Now if I am another host and I receive mail from domain2.com the mail will be sent by qmail from the first IP address. So I get the mail from jdoe@domain2.com and I will check:
The remote ip address that is sending me the mail is reverse mapping to xyz.com, and xyz.com resolved to the same ip again. Hm, that looks strange, why is domain xyz.com sending mail for domain2.com? So I look at the MX record for domain2.com and discover that xyz.com is actually the domain that handles all mail for domain2.com, so it must be ok.

It's all confusing but with this setup I had no rejected mails from any host yet.

Dan

Thanks for all the great help guys. I ran a dns report after setting up the new IP address and received the following:

WARNING: One or more of your mailservers is claiming to be a host other than what it really is (the SMTP greeting should be a 3-digit code, followed by a space or a dash, then the host name). This probably won't cause any harm, but is a technical violation of RFC821 4.3 (and RFC2821 4.3.1). Note that the hostname given in the SMTP greeting should have an A record pointing back to the same server.

mydomain.com claims to be host XXXXXX.onlinehome-server.com [but that host is at [server IP address], not [domain specific IP address]].


After reading all of your posts the issue may not be my server at all as it is not being used as the smtp server. The smtp server is an Exchange server in the office that DOES NOT have a registered DNS name assigned to it. It sends out mail with the server name of servername.domain.com which isn't a registered name. I'm sure this is now the issue am looking for a solution on the Exchange server which of course is not a topic of this forum so I won't ask any questions. :wink:

You can get rid of this warning the way I suggested in my previous post.

The DNSReport did lookup the MX entry for your domain and establish an SMTP session with it (as if it had mail to deliver to your domain). The SMTP server greeted with the default name for the first IP address on your server. You could change that ugly name by following the instructions somewhere on this site, I believe in the tutorial section.

Anyway, the problem is that the greeting will always be the same, regardless of which IP address you connect to on your server (SMTP listens on all). You can avoid the problem by changing the MX record for the domain. Simply point the MX record to your main hosting domain that's on the main IP address. Now if SMTP greets with that name it will not raise a red flag because the MX record indicated that the mail would be handled by that domain, so all is well.

Delivery of mail from your Exchange server to the outside is another story.

Dan

I ended up getting another static IP address from 1and1 and assigning it specifically to the domain in question and it seems to be working now.