4

I'm setting up an email server for my business and personal use. I have a public static ip address from Cincinnati Bell (now altafiber). I tried getting them to setup/delegate reverse dns lookup via ns record so I could host all my email domains, business & personal. However every time I contact them about reverse dns entry's they tell me they don't support it.

So I'm trying to find a solution to this problem. Most of my research suggests that it has to be my internet provider that handles this.

Here are my questions: Is there any way to have the reverse lookup directed to my dns server? Or somehow resolve to at-least 1 ptr record for my business email?

If not then, what are some other alternatives?

Would like to host the server myself and not use another paid service such as https://www.rapidseedbox.com/

Will using a smtp relay solve this appropriately. Are there any secure (SSL) smtp relays that are free?

b.sullender
  • 43
  • 6
  • We cannot recommend services to you here, much less local ones. You should remove those parts from your question. – Daniel B Sep 06 '22 at 11:20
  • @DanielB Noted and post edited. – b.sullender Sep 06 '22 at 11:41
  • Do you have any options to change internet service provider? Or are you in a single-provider ghetto? Are you technically comfortable with running a VM in one of the cloud or VPS providers? – Criggie Sep 07 '22 at 02:52
  • 1
    Do you have "business" or "residential" internet service from your ISP? They often don’t offer such services on accounts branded and priced as "residential". – Todd Wilcox Sep 07 '22 at 08:29
  • @ToddWilcox Residential. I had asked if I could do anything to get support for reverse dns and they told me no. Of course this was before I actually started my business so I hadn't considered getting a business plan and didn't know i needed one for reverse dns. I will probably upgrade to a business plan in the future. But at the moment its not a huge concern for me as long as I can host my services. – b.sullender Sep 07 '22 at 09:25

3 Answers3

11

There is no way to set up a redirection for PTR. The IP space is owned by your ISP, and the PTR records are delegated to their nameservers. There is no way around that without their help, and if they're unwilling to do it, you're stuck.

The biggest problem here would be mail submission, as PTR is often checked as anti-spam measure (exactly for this reason, so the owner of the IP subnet knows there's a mail server and approves of it). You could get a public relayhost for a couple of euro/dollar a month, and route all mail through them. As long as this relay host doesn't check, you're good.

Another solution is to set the name of your mailserver and the MX records to whatever PTR record is assigned to your IP. It's not pretty, but as long as the forward and reverse is the same, functionally it should be fine.

mtak
  • 16,513
  • 2
  • 52
  • 64
  • "set the name of your mailserver and the MX records to whatever PTR record is assigned to your IP".. That is an interesting solution. I may try this if nothing else works. – b.sullender Sep 06 '22 at 11:46
  • Does this mean I would need the same domain name as what the PTR record has? Or do I just need 2 MX records?. Im not sure this could be done with what's in the PTR record. Its value is xxx.xxx.xxx.xx.ded-dsl.fuse.net – b.sullender Sep 06 '22 at 15:17
  • 2
    @b.sullender It’s just for outgoing mail. When connecting to another server, your server says `HELO` (or `EHLO`). The name sent with this command must match its IP address in both forward and reverse DNS. You domains’ MX server can be whatever, nobody cares. – Daniel B Sep 06 '22 at 17:14
  • Would SPF override the PTR check? – user253751 Sep 06 '22 at 19:47
  • @DanielB oh ok. I think I misunderstood how the MX record was used. I think I understand now. This looks like the best short-term solution. – b.sullender Sep 06 '22 at 23:42
8

It is indeed the IP owner (and only the IP owner) that can set up reverse DNS entries. Much like forward DNS, where a whole domain is delegated to you (or rather the registrar), the reverse zone is delegated to the IP owner only. You cannot interfere with other domains’ forward DNS, you cannot interfere with others’ IPs’ reverse DNS.

It is relatively unlikely a business plan with an ISP would not include such a feature. If you do not have a business plan, you need one.

If you cannot make this work with your ISP, you are out of luck as far as sending directly from home is concerned. You can still receive just fine.

A so-called smart host can help with this problem, yes. It can also help with IP reputation problems you may get. It will not be free if you want good reputation.

Daniel B
  • 60,360
  • 9
  • 122
  • 163
2

What you are looking to do is completely, and easily doable...

I have roughly the same setup myself. I have a DHCP address issued by my ISP that I do not have any control over. I don't own any of the DNS records associated with the IP address, nor can I control if or when the address changes. I also host my own mail server internally at my home, not using any 3rd party resources. I have a residential internet connection, not a business one.

You'll need to register a domain name and subscribe to a DDNS service. I use Google Domains because for $12/year I get both.

As for the email flow specifics...

Inbound mail will simply find your domain via DNS and the mail will be directed to the IP address associated to your domain via the DDNS service. Inbound mail is the easy part.

Outbound mail is where things get a little tricky, but not really. The problem you eluded to is introduced by the receiving email server trying to verify that it's not getting a bunch of spam. One way it does this is to verify the sender's domain name and IP address. The way to tackle this is to bounce your outbound emails through your ISP's SMTP relay. When you do this, the receiving system sees the ISP's IP address and it's fully reversible address. This passes the first test.

The next most common anti-spam mechanism is the verification that the sending domain is allowed to come from the IP address the connection is made from. This can be tackled in a couple of ways... SPF and/or DKIM DNS records that define "who" is allowed to send mail as your domain.

For example, I use an SPF record that says mydomain.com is allowed to come from the subnet range of the ISP SMTP relay that I use, as well as the domain names of my ISP (ie. myisp.com, smtp.myisp.com). This means that when the receiving server gets an email from me@mydomain.com that comes from smtp.myisp.com with a reverse IP lookup within the subnet I specified (ie. 1.2.3.0/24) it will accept it because I told it to in the SPF record in DNS (at Google).

I have a script that monitors my external (public) IP address. If the address changes, it automatically updates my Google DDNS record with the new address so inbound mail is not interrupted by a DHCP change. Since you have a static IP address, you wouldn't need to worry about this part, but if your ISP ever forces you to use a non-static address, at least you'll have an idea how to handle it.

If you don't know what your ISP's SMTP relay is, check their documentation on how to configure email clients like Thunderbird, or the email on your iPhone or Android phone. In nearly every case, the instructions will give you the name of their relay(s).

Note that this solution results in ZERO rejected emails from destination servers because the address they see the email comes from is forward and reverse resolvable (since it's the ISP's public addresses and names) and the SPF record allows email from my domain to come from my ISP's relay.

This is all very, very basic SMTP stuff and you can find gobs of information on the exact details on how to do each of these steps with some Google searches.

mikem
  • 439
  • 2
  • 9
  • PS You might can skip the DDNS part since you have a static address, but you'll need DNS service somewhere. Most registrars provide DNS service, but not all provide DDNS. – mikem Sep 07 '22 at 05:28
  • Thanks for a detailed explanation everyone can understand. I also am using Google domains because of the great pricing and dns settings. I had used smtp relay in my previous configuration, but I was worried about security and if any mail would be blocked. Let's say I have a site where users sign up for email newsletters, so I send a bunch of email out at the same time monthly. I had the concern that a relay would also limit my sending limit. – b.sullender Sep 07 '22 at 09:16
  • 1
    ISP's typically have some limits on either the number of emails per day, or the number of recipients a given email can have. Business accounts tend to have higher limits than residential accounts. If you really want to do newsletters, there are companies that specialize in bulk email that you could use for that purpose, but use your ISP's relay for day-to-day email traffic. – mikem Sep 07 '22 at 09:21
  • 1
    ISP-operated SMTP relays are rare nowadays. – Daniel B Sep 07 '22 at 09:24
  • DDNS services for mail server is a terrible idea. Just don't, especially for business. – JFL Sep 07 '22 at 10:17
  • 2
    @JFL I've been using DDNS for mail for over 20 years without a single issue. It works perfectly. This is especially true these days when ISP DHCP leases are almost permanent (I've had the same DHCP address for over 3 years), plus, in the off-chance there is a change and a slight delay in DDNS propigation, email default retry intervals maintain mail flow with virtually no interruption. Maybe not as perfect as a static IP, but that isn't available to everyone. For a home user or small business, DDNS is a fine solution. – mikem Sep 07 '22 at 22:23