1

I run a small webserver that hosts a handful of domains which I use for personal and testing purposes. I want to set it up as a mail server as well, and I'm trying to understand the rDNS lookup that checks against the SMTP HELO header.

The problem is that I have no control over the PTR records for my server's IP address, and there's no chance the ISP would delegate that to me. Let's say my IP address is 123.45.67.89. Then the PTR record for my IP resolves to a hostname like 123-045-067-089.customers.my-isp.net.

TL;DR -- I'm trying to understand what rDNS domain is being looked for in the SMTP HELO header? Is it the domain name of the email's sender (e.g. [email protected]) or the hostname of the mail exchange server even IF the server has a completely different domain name than the sender?

If I were to use the ISP's hostname of my IP address (e.g. 123-045-067-089.customers.my-isp.net) as the HELO header** for emails sent from mydomain.com, would that validate emails from [email protected] sent by my mail server at IP address 123.45.67.89, or does the PTR record for 123.45.67.89 need to resolve to mydomain.com?

**I could also obtain a TLS cert for 123-045-067-089.customers.my-isp.net, and have the MX record and TXT-spf record for mydomain.com point to 123-045-067-089.customers.my-isp.net

Long version:

Here's my very novice understanding of how the SMTP HELO check against rDNS works. Let's say my domain was mydomain.com, and I wanted to send an email from [email protected] to [email protected]. I'd first connect my desktop client to my mail server. The mail server (at IP address 123.45.67.89) would then connect to the mail server at gmail.com. In this scenario, let's say the HELO header listed mydomain.com as its domain name. So the gmail server would then do rDNS lookup on my server's IP address, only to discover that 123.45.67.89 resolves to hostname 123-045-067-089.customers.my-isp.net. Because this does not match the domain provided in the HELO header, the gmail server assumes this is spam and rejects it.

So far so good? Or no?

Now, let's suppose instead of putting mydomain.com as the SMTP HELO header, my mail server instead puts 123-045-067-089.customers.my-isp.net, and furthermore has a TLS certificate for that domain signed by an established CA. Also, the MX and TXT-spf records for mydomain.com point to 123-045-067-089.customers.my-isp.net as the established mail server.

(Note: It's not clear to me whether the SMTP HELO also dictates the domain of the sender's email???)

In this second scenario, would the email being sent from [email protected] to [email protected] be validated by the gmail server and recognized as a legitimate email? Or would it still fail because 123-045-067-089.customers.my-isp.net provided in HELO does not match the email sender's mydomain.com. (again... it's not clear to me whether this is even possible with the SMTP protocol... I'm very new to email servers)

Of course (this should go without saying...) I DO have full control over all of the DNS forward zone records for the domains I own. Also, I do have a stable long-term IP address, and all of my domains (and sub-domains) are configured to resolve back to my established IP address.

Improve this question

1 Answer 1

Reset to default
2

A server can send mail for a lot of different domains, even in one connection, that only has one HELO/EHLO. From that it's quite easy to see that the HELO/EHLO can not relate to any specific mail, instead it relates to the mail server, typically it's something that resolves to the ip the mail server is on.

Technically any mail server receiving a HELO/EHLO can validate the information in any way that server likes, and use that information in validating any thing else in the mail. But typically you're good if the value after HELO/EHLO resolves to the ip your server is on, i.e. rDNS for the ip typically doesn't matter.

Improve this answer
2
  • Thanks! Yeah I do realize that it's upto each individual server how it wants to validate the legitimacy of email it is receiving. I suppose I just want to be covered for the strictest cases that would typically be encountered. Commented Dec 8, 2022 at 19:16
  • If I understand correctly -- I CAN use the hostname of my ISP's PTR record (e.g. 123-045-067-089.customers.my-isp.net) for the HELO header, rather than my domain name (e.g. mydomain.com) even though the email is coming from mydomain.com? And this will pass the strict rDNS checks? I'm assuming the other server will typically also be checking the TXT spf record (...and possibly the MX record...?) for my domain as well, so I should also use the ISP's hostname there, as opposed to mydomain.com ??? (even though they both resolve to the same ip address) Commented Dec 8, 2022 at 19:24

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.