SOLVED RDNS_NONE issue

Serra

Well-Known Member
Oct 27, 2005
267
18
168
Florida
I'm using /etc/mailips to send mail on a specific IP on the server. When it arrives at the destination I'm getting an RDNS_NONE error.

Code:
DKIM_SIGNED    0.10    Message has a DKIM or DK signature, not necessarily valid
DKIM_VALID    -0.10    Message has at least one valid DKIM or DK signature
DKIM_VALID_AU    -0.10    Message has a valid DKIM or DK signature from author's domain
HTML_FONT_TINY_NORDNS    1.50    Font too small to read, no rDNS
HTML_MESSAGE    0.00    HTML included in message
RDNS_NONE    2.00    Delivered to internal network by a host with no rDNS
SPF_HELO_SOFTFAIL    1.50    SPF: HELO does not match SPF record (softfail)
SPF_PASS    -0.00    SPF: sender matches SPF record
In MailScanner the sending IP is listed and that is being resolved to the FQDN of the host.

If I dig -x "IP" I get an rDNS that is correct and matches the HELO.

I'm also getting a softail error, but the IP is in the SPF record for the domain.

I tried by sending via Outlook and via Webmail to ensure it wasn't pointing to some other IP rather than the server, but that made no difference.

The PTR record is correctly set at the data center and can be verified.

One tricky part here is that the website is using Cloudflare, but that doesn't hurt anything when the /etc/mailips IP is not listed (using default)

Any idea why this would be happening?
 

Serra

Well-Known Member
Oct 27, 2005
267
18
168
Florida
This is the relevant data with the real IPs and domains removed. This is from the receiving server.

The IP I'm sending on is 11.22.33.55. Which is also ns1 for the domain records. The sending server's HELO is fqdn.domain.com.

Code:
[[email protected] ~]# dig a fqdn.domain.com

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.5 <<>> a fqdn.domain.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41078
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;fqdn.domain.com.                 IN      A

;; ANSWER SECTION:
fqdn.domain.com.          3600    IN      A       11.22.33.44

;; AUTHORITY SECTION:
domain.com.              3600    IN      NS      ns2.domain.com.
domain.com.              3600    IN      NS      ns1.domain.com.

;; ADDITIONAL SECTION:
ns1.domain.com.          3600    IN      A       11.22.33.55
ns2.domain.com.          3600    IN      A       11.22.33.66

;; Query time: 69 msec
;; SERVER: 10.10.10.10#53(10.10.10.10)
;; WHEN: Tue May 25 14:07:56 EDT 2021
;; MSG SIZE  rcvd: 126

[[email protected] ~]# dig -x 11.22.33.44

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.5 <<>> -x 11.22.33.44
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25914
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;26.33.22.11.in-addr.arpa.     IN      PTR

;; ANSWER SECTION:
26.33.22.11.in-addr.arpa. 86400 IN     PTR     fqdn.domain.com.

;; AUTHORITY SECTION:
33.22.11.in-addr.arpa. 259200  IN      NS      ns1.host.net.
33.22.11.in-addr.arpa. 259200  IN      NS      ns2.host.net.

;; Query time: 28 msec
;; SERVER: 10.10.10.10#53(10.10.10.10)
;; WHEN: Tue May 25 14:08:43 EDT 2021
;; MSG SIZE  rcvd: 123
So as far as I can tell, yes, the HELO has a valid A record. The HELO A record does not match the sending IP, because of the /etc/mailips override.
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
6,092
780
313
cPanel Access Level
Root Administrator
Thanks for those details. In addition to customizing the /etc/mailips file, you may also want to adjust /etc/mailhelo in this case. We have more details on that here:


I'd try that and see if that makes a difference with your sending.
 

Serra

Well-Known Member
Oct 27, 2005
267
18
168
Florida
Thanks, that worked! Here is what I did:

The server IP is 11.22.33.11 with an A record for fqdn.domain.com.

I set /ect/mailips to 11.22.33.22

Code:
sitedomain.com: 11.22.33.22
11.22.33.22 is actually NS1 for the domain.

I set /etc/mailhelo to

Code:
sitedomain.com: ns1.domain.com
I set the PTR for 11.22.33.22 to ns1.domain.com.

Doing that the HELO shows up on the email as ns1.domain.com and the PTR matches.

This will need to be done for each domain in mailips, so each will need a mailhelo to match.

So I guess that is the trick. Every mailips entry has to have a mailhelo to match and that HELO needs to have a PTR setup.

Thanks again. That was very ugly and I couldn't do it without your help.
 
Thread starter Similar threads Forum Replies Date
M Email 2
W Email 5
H Email 2
M Email 1
R Email 3