Own mail server and reverse DNS with Uverse
I am getting conflicting information from AT&T and so I'd like to run this by the forum to see what insight I can get.
For many years, previously on DSL in CA and now on UVerse in IL, we have run our own mail server which covers 5 domains using an internal RHEL box (rhserver). All of the domains have an MX record which points to the WAN address of the router (now a 2 Wire 3801HGV) and the router has a pinhole defined to route port 25 traffic to rhserver. Works fine except...
We recently posted some queries on Craigslist and trying to respond to some of the responses we found that Craigslist has implemented a policy such that they block mail from address which return a "generic" response to a reverse DNS. Among the criteria which defines "generic" is containing an IP address. Since the IP for the router belongs to AT&T's space, the standard response does contain the IP.
AT&T tells me they can't assign my domain to be the reverse DNS for the router address because the router address is obtained via DHCP and could therefore change. I have been told, but so far am unable to confirm from AT&T, that the address returned by DHCP comes from a table linked by the MAC address of the router. I.e., the address won't change unless the router changes or someone fiddles with the table. If this is true, I see no reason why they can't apply the reverse DNS to that address and simply change it when and if something changes.
In pursuing this with AT&T lately, it was suggested that I use the sticky static IPs and make one of those the address for mail so that reverse DNS could be applied to that. My attempt to experiment with this resulted in no mail coming through and a port scan shows port 25 being blocked, which would seem to explain that, although AT&T claims that port 25 is not blocked.
Assuming I could get past this blockage, I also wonder if it is going to help. Is that sticky static going to be used for *outgoing* mail or will the mail continue to appear to come from the WAN address of the router? If the latter, then the reverse DNS on the sticky static will do no good. We do have the sticky static defined now in Add Additional Network, so if that is what is supposed to change the origin IP, it isn't currently working.
NormanSI gave her time to steal my mind awayPremium,MVMReviews:
San Jose, CA
·Pacific Bell - SBC
AFAIK, residential AT&T U-verse is considered dynamic, even if the result is sticky. AT&T controls host names for dynamically assigned IP addresses. The only way around that is to order their static IP service, which is, I believe, a business class service; and will cost more.
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum
|reply to tamhas |
Buy a block of static IP addresses. Setup RDNS. »attis-dns.sbcglobal.net/
fukitolSolon for PresidentPremium
At the top of the page behind that link is a note stating that the form is for non-Uverse DSL customers only. At the bottom of the page is a number for Uverse customers to call instead.
|reply to NormanS |
This is a business. I have been paying for static, under the mistaken impression that this was necessary to keep the router address fixed.
We have tried "fixing" the issue with the sticky statics, but as indicated, I can't get mail in that way yet because port 25 is blocked. They claim it isn't, but a port scan says it is.
And, as noted, I am skeptical that the use of a sticky static for the inbound mail will change the apparent address from which the outbound mail is coming and, if it doesn't do that, there is no advantage.
Empirically, the WAN address of the router only changed when the physical router, i.e., the MAC address, changed (thanks to a nearby lightning strike!). For over a year, it has been constant, so it clearly isn't just being assigned dynamically at random.
|reply to Forosnai |
I manage my own DNS at Zoneedit. It is only the reverse DNS that AT&T provides. They have set up reverse DNS for the statics I have, but that does me no good unless I can get port 25 open.
And, as noted, I'm not sure it will do any good since it is the reverse DNS of the outbound IP I need to change.
If you have Business Class U-Verse, you have to call Tech Support, ask for Tier 2, and ask for the Port 25 block to be removed
Port 25 is blocked by default on U-Verse. Business Class customers can have the block removed via Tech Support
Done that. They claim it is not blocked, but a port scan says otherwise. 18.104.22.168 is the IP in question.
My current contact is the Tier 2 supervisor. FWIW
I usually have pretty good luck getting Port 25 opened for business customers when requested
If it continues to be an issue, might consider an AT&T Direct forum post and/or shoot off an email to email@example.com - David and/or the Social Media Support team is pretty good at diving into issues beyond regular Tech Support (with major kudos to David »/profile/637748 )