2

We have a set up with two dedicated IP addresses that send e-mails from multiple domains. As an example, the dedicated IP addresses are 192.0.2.1 and 192.0.2.2, and the domains are example.com, example.net & example.org. Any IP address can send an email from any domain.

How would the PTR and SRV record set up need to look in this situation?

My understanding of PTR records is that there needs to be a 1:1 relationship between the sending IP address and the domain name that each email is being sent from. So we could set up PTR records that would establish 192.0.2.1 <-> example.com, however this does not help when 192.0.2.1 sends an email from example.net or when 192.0.2.2 send an example from example.net.

I apologise if my understanding is incorrect and am more than happy to be corrected.

Improve this question

2 Answers 2

Reset to default
2

The SMTP server software probably has one mailname it uses in the HELO / EHLO commands and as the SMTP banner. It is recommended (not necessary) that it matches the reverse DNS PTR record, which MUST have a matching forward A record, as some receiving mail systems may treat mismatches between those two as an indicator of spam, increasing spam score. David Barr recommends matching PTR & A in his informational RFC 1912, 2.1, and MxToolBox has these recommendations:

  • SMTP Reverse DNS Mismatch

    Some receiving mail servers may use this as an indication of a possible spam source in a scoring system. Most will not reject incoming mail solely on this basis. We recommend that you contact your ISP and ask them to setup a reverse record (PTR) that matches the hostname of your mail server.

  • SMTP Banner Check

    Some receiving mail servers may use a mismatched or masked banner as an indication of a possible spam source in a scoring system, but most will not reject incoming mail solely on this basis.

    If you do not have a PTR record, or your record does not match your hostname, we recommend that you contact your ISP and ask them to setup a reverse (PTR) record that matches the hostname of your mail server.

I would not recommend having the same hostname for both of these IP addresses, either, but simply use a single IP address with any hostname with a matching HELO hostname, A & PTR. That does not need to be any of the domains the server send mail from, nor a subdomain of one. It is perfectly fine to send, e.g.,

< 220 mail.example.org ESMTP > HELO example.com < 250 mail.example.org > MAIL FROM:<[email protected]> < 250 2.1.0 Ok

Here, the example.net and mail.example.org are recommended to have SPF records, as SPF is used both for MAIL FROM (RFC 7208, 2.4) and HELO hostnames (RFC 7208, 2.3). E.g.,

mail.example.com. IN A 192.0.2.1 mail.example.com. IN TXT "v=spf1 +a -all" example.net. IN TXT "v=spf1 +a:mail1.example.com -all"

or

mail.example.com. IN TXT "v=spf1 +ip4:192.0.2.1 -all" example.net. IN TXT "v=spf1 +ip4:192.0.2.1 -all"

If you add DMARC, you might want to use ~all instead of -all. I won't write yet another full tutorial, as there is already, e.g., The Ultimate SPF / DKIM / DMARC Best Practices 2024 from Freddie Leeman.

Improve this answer
1

The PTR record doesn't necessarily need to match the domains sending mail through this IP, but should refer to the hostname of the mail server, which needs to resolve to the same IP.

The PTR records

1.2.0.192.in-addr.arpa. IN PTR mail1.example.com. 2.2.0.192.in-addr.arpa. IN PTR mail2.example.com.

Matching records in example.com's DNS:

mail1.example.com. IN A 192.0.2.1 mail2.example.com. IN A 192.0.2.2

The SPF record of each domain can then be modified to allow mail from this server, either by IP addreses, hostnames or an include from another domains SPF record.

example.com. IN TXT "v=spf1 +ip4:192.0.2.1 +ip4:192.0.2.2 -all" example.net. IN TXT "v=spf1 +a:mail1.example.com +a:mail2.example.com -all" example.org. IN TXT "v=spf1 include:example.com -all"
Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.