Question : Reverse DNS - confusion

Hi All,

Please help..

I have an exchange server (MX record = 100.1.1.31). When we send email to external people, it sends as 100.1.1.30 instead of 100.1.1.31 IP address..
100.1.1.30 is my cisco asa external ip address...
Recently we have a problem sending email to this company as this company is running very strict filter and doing a forward and reverse lookups using DNS for every incoming emails.

When we sent an email to this company, the error as below:

Your message did not reach some or all of the intended recipients.

      Subject:             TEST - PLEASE REPLY IF YOU RECEIVE THIS
      Sent:                 1/09/2009 9:57 AM

The following recipient(s) could not be reached:

      [email protected] on 3/09/2009 12:53 PM
            The e-mail system was unable to deliver the message, but did not report a specific reason.  Check the address and try again.  If it still fails, contact your system administrator.
            < postmaster.XXX.com #4.0.0 X-Spam-&-Virus-Firewall; host smtp.BBB.com[25.25.0.3]    said: 450 4.7.1 Client host rejected: cannot find your hostname,    [100.1.1.30] (in reply to RCPT TO command)>

The technician told me because they can't find a reverse lookup for postmaster.XXX.com.
My questions are:

1. Do you set up reverse lookup for the ASA (100.1.1.30) or the mail server(100.1.1.31)?

2. postmaster.XXX.com is just a name that i set up for bounced error message..

3. How reverse DNS lookup actually work? in this case, what actually they are checking ?

Any advise pls...

So confused...

thank you

c00kie

Answer : Reverse DNS - confusion

You need to look at your NAT configuration.
If you want email to come out of another IP address than the default, then the NAT needs to be setup correctly. The NDR shows how the remote side is seeing the message. It is seeing the "wrong" IP address. That is a problem with your ASA configuration.

What I normally suggest with clients with multiple IP addresses is that all of the addresses have a reverse DNS address set, even if this is generic like office1.example.com, office2.example.com etc (where office1 is for their first IP address, and example.com is their own domain). Then change specific IP addresses as required later on.

Simon.
Random Solutions  
 
programming4us programming4us