Re: [mailop] Gmail blocking due to "missing" PTR record

2016-08-15 Thread Benoit Panizzon 
Hi Seth

> Terminal: (host 167.89.88.20
> 20.88.89.167.in-addr.arpa domain name pointer
> o1.webmaillist.flowerdeliveryexpress.com.)

20.88.89.167.in-addr.arpa domain name pointer
o1.webmaillist.flowerdeliveryexpress.com.

$ dig -t any o1.webmaillist.flowerdeliveryexpress.com.

;; ANSWER SECTION:
o1.webmaillist.flowerdeliveryexpress.com. 3789 IN HINFO "Please stop
asking for ANY" "See draft-ietf-dnsop-refuse-any"

OK, that is a statement, but a bit strange...

;; QUESTION SECTION:
;o1.webmaillist.flowerdeliveryexpress.com. IN A

;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

=> 0 Answer, so no IPv4 Address.

;o1.webmaillist.flowerdeliveryexpress.com. IN 

;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

=> 0 Answer, not IPv6 Address.

;o1.webmaillist.flowerdeliveryexpress.com. IN CNAME

;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

No CNAME

;o1.webmaillist.flowerdeliveryexpress.com. IN MX

;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

No MX

I think every sensible MTA will query for 'any' or a least A  and
MX to check if the name resolves to the same IP. Else everyone could
just fake PTR to Name records.

Please add a RR pointing to an address or MX and I'm quite sure Google
will accept those Emails.

-Benoît Panizzon-
-- 
I m p r o W a r e   A G-Leiter Commerce Kunden
__

Zurlindenstrasse 29 Tel  +41 61 826 93 00
CH-4133 PrattelnFax  +41 61 826 93 01
Schweiz Web  http://www.imp.ch
__

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Gmail blocking due to "missing" PTR record

2016-08-12 Thread Michelle Sullivan 

Seth Charles via mailop wrote:

Hello,
We're running into a strange issue I'm wondering if anyone on this 
list has seen before.


We have a client that is running into blocks at Gmail, and the reason 
given is, "550 5.7.1 [167.89.88.20] The IP address sending this 
message does not have a PTR record setup. As a policy, Gmail does not 
accept messages from IPs with missing PTR records. Please visit 
https://support.google.com/mail/answer/81126#authentication for more 
information."


That's all fine, but we have verified through terminal digs as well as 
tools like the Reverse Lookup at MXToolbox that there is a PTR record 
in place and does point back to the proper value.


Terminal: (host 167.89.88.20
20.88.89.167.in-addr.arpa domain name pointer 
o1.webmaillist.flowerdeliveryexpress.com 
.)


MXToolbox:
TypeIP Address  Domain Name TTL
PTR 	167.89.88.20 
 
	o1.webmaillist.flowerdeliveryexpress.com 
 
	15 min



The two affected IPs are:

167.89.88.20

167.89.89.136

Anyone running into similar issues or have any insights?

I believe (see below) that a PTR is only considered valid if there is a 
matching A record... and on a personal note, I wouldn't be trusting a 
PTR with a 15minute TTL, that just reeks of "I'm going to change it at 
the first sign of trouble"


From RFC1912 Sec 2.1:

 Also,
   PTR records must point back to a valid A record, not a alias defined
   by a CNAME.

Also note the wording "must" unlike the following text preceding that 
above that just says, "should":


Make sure your PTR and A records match.  For every IP address, there
   should be a matching PTR record in the in-addr.arpa domain.

This to me reads:

You should have a PTR record for every A record though it is not required.

If you have a PTR record there has to be a matching A record, it is 
required.


Regards,

Michelle

--
Michelle Sullivan
http://www.mhix.org/


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Gmail blocking due to "missing" PTR record

2016-08-12 Thread Steve Atkins 

> On Aug 12, 2016, at 1:53 PM, Seth Charles via mailop  
> wrote:
> 
> Hello,
> We're running into a strange issue I'm wondering if anyone on this list has 
> seen before. 
> 
> We have a client that is running into blocks at Gmail, and the reason given 
> is, "550 5.7.1 [167.89.88.20] The IP address sending this message does not 
> have a PTR record setup. As a policy, Gmail does not accept messages from IPs 
> with missing PTR records. Please visit 
> https://support.google.com/mail/answer/81126#authentication for more 
> information."
> 
> That's all fine, but we have verified through terminal digs as well as tools 
> like the Reverse Lookup at MXToolbox that there is a PTR record in place and 
> does point back to the proper value. 
> 
> Terminal: (host 167.89.88.20
> 20.88.89.167.in-addr.arpa domain name pointer 
> o1.webmaillist.flowerdeliveryexpress.com.)
> 
> MXToolbox:
> Type  IP Address  Domain Name TTL
> PTR   167.89.88.20o1.webmaillist.flowerdeliveryexpress.com15 min
> 
> The two affected IPs are:
> 167.89.88.20
> 
> 167.89.89.136
> 
> Anyone running into similar issues or have any insights? 

Neither o1.webmaillist.flowerdeliveryexpress.com nor 
o2.webmaillist.flowerdeliveryexpress.com. exist, in an A or  sense.

They also have DNS wildcard hosted by cloudflare, which has all sorts of weird 
(protocol violating?) behaviour, so there could be other problems.

Cheers,
  Steve



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Gmail blocking due to "missing" PTR record

2016-08-12 Thread Vladimir Dubrovin via mailop 

This PTR record fails the reverse check:

>host 167.89.88.20
20.88.89.167.in-addr.arpa domain name pointer
o1.webmaillist.flowerdeliveryexpress.com.

>host  o1.webmaillist.flowerdeliveryexpress.com




Seth Charles via mailop пишет:
> Hello,
> We're running into a strange issue I'm wondering if anyone on this
> list has seen before. 
>
> We have a client that is running into blocks at Gmail, and the reason
> given is, "550 5.7.1 [167.89.88.20] The IP address sending this
> message does not have a PTR record setup. As a policy, Gmail does not
> accept messages from IPs with missing PTR records. Please visit
> https://support.google.com/mail/answer/81126#authentication for more
> information."
>
> That's all fine, but we have verified through terminal digs as well as
> tools like the Reverse Lookup at MXToolbox that there is a PTR record
> in place and does point back to the proper value. 
>
> Terminal: (host 167.89.88.20
> 20.88.89.167.in-addr.arpa domain name pointer
> o1.webmaillist.flowerdeliveryexpress.com
> .)
>
> MXToolbox:
> Type  IP Address  Domain Name TTL
> PTR   167.89.88.20
> 
>   o1.webmaillist.flowerdeliveryexpress.com
> 
>   15 min
>
>
> The two affected IPs are:
>
> 167.89.88.20
>
> 167.89.89.136
>
> Anyone running into similar issues or have any insights? 
>
>
> Seth Charles
>
>
> -- 
> **
> *
> *
> *Seth Charles*
> Delivery Consultant | Email Delivery
>
> Interested in learning the latest email best practices or improving
> your email program's delivery? Start *HERE
> *
>
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop


-- 
Vladimir Dubrovin
@Mail.Ru
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Gmail blocking due to "missing" PTR record

2016-08-12 Thread Seth Charles via mailop 
Hello,
We're running into a strange issue I'm wondering if anyone on this list has
seen before.

We have a client that is running into blocks at Gmail, and the reason given
is, "550 5.7.1 [167.89.88.20] The IP address sending this message does not
have a PTR record setup. As a policy, Gmail does not accept messages from
IPs with missing PTR records. Please visit
https://support.google.com/mail/answer/81126#authentication for more
information."

That's all fine, but we have verified through terminal digs as well as
tools like the Reverse Lookup at MXToolbox that there is a PTR record in
place and does point back to the proper value.

Terminal: (host 167.89.88.20
20.88.89.167.in-addr.arpa domain name pointer
o1.webmaillist.flowerdeliveryexpress.com.)

MXToolbox:
TypeIP AddressDomain NameTTL
PTR 167.89.88.20

o1.webmaillist.flowerdeliveryexpress.com

15
min

The two affected IPs are:

167.89.88.20

167.89.89.136
Anyone running into similar issues or have any insights?


Seth Charles


-- 

*Seth Charles*
Delivery Consultant | Email Delivery

Interested in learning the latest email best practices or improving your
email program's delivery? Start *HERE
*
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop