Re: Two domains names under the same IP: how to handle this issue ?

[Germain]

Many thanks for your answer !

In fact I've already in the BIND configuration of zone-one.com:

zone-one.com. A xx.xxx.xxx.xxx
mx1.zone-one.com. A xx.xxx.xxx.xxx
zone-one.com. MX 10 mx1.zone-one.com.
xx.xxx.xxx.xxx.zone-one.com. PTR zone-one.com.

Same is true for zone-two.com with exactly the same related parameters !

Maybe it is wrong to have both of them ?



--
View this message in context: 
http://postfix.1071664.n5.nabble.com/Two-domains-names-under-the-same-IP-how-to-handle-this-issue-tp66655p4.html
Sent from the Postfix Users mailing list archive at Nabble.com.

Re: Two domains names under the same IP: how to handle this issue ?

[Robert Sander]

On 05.04.2014 08:33, Germain wrote:

 xx.xxx.xxx.xxx.zone-one.com. PTR zone-one.com.

PTR records live in the in-addr.arpa zone.
With a high probability this zone is hosted at your provider.
Please ask them to setup the PTR records.

Regards
-- 
Robert Sander
Heinlein Support GmbH
Linux: Akademie - Support - Hosting
http://www.heinlein-support.de

Tel: 030-405051-43
Fax: 030-405051-19

Zwangsangaben lt. §35a GmbHG:
HRB 93818 B / Amtsgericht Berlin-Charlottenburg,
Geschäftsführer: Peer Heinlein  -- Sitz: Berlin



signature.asc
Description: OpenPGP digital signature

Re: Two domains names under the same IP: how to handle this issue ?

[li...@rhsoft.net]

Am 05.04.2014 08:33, schrieb Germain:
 In fact I've already in the BIND configuration of zone-one.com:
 
 zone-one.com. A xx.xxx.xxx.xxx
 mx1.zone-one.com. A xx.xxx.xxx.xxx
 zone-one.com. MX 10 mx1.zone-one.com.

 xx.xxx.xxx.xxx.zone-one.com. PTR zone-one.com.

what is that above?
just read this!
http://en.wikipedia.org/wiki/Reverse_DNS_lookup

sorry, but you don't have a clue how DNS works and before you starr
to implement that read below beause you are not in the position to
control your PTR - are you aware that basic understanding of DNS
and networking is a prerequisite do maintaina public mailserver?
__

zone 196.168.192.in-addr.arpa. IN {
 type master;
 file zones/196.168.192.in-addr.arpa.dns;
};
__

[root@srv-rhsoft:~]$ more zones/196.168.192.in-addr.arpa.dns
$TTL 3600

@ IN SOA srv-rhsoft.rhsoft.net. admin.rhsoft.net. (
1316784994 ; Serial
1800 ; Refresh
600 ; Retry
1814400 ; Expire
900 ; Negative-TTL
);

NS  srv-rhsoft.rhsoft.net.

16  PTR arrakisvm.vmware.local.
255 PTR broadcast.vmware.local
__

 Same is true for zone-two.com with exactly the same related parameters!
 Maybe it is wrong to have both of them?

why don't you ask a nameserver others also asking?
nslookup xx.xxx.xxx.xxx 8.8.8.8

why don't you just open the link below?
http://www.emailtalk.org/ptr.aspx

frankly, it makes me angry if people
* don't quote what they are replying to
* don't read informations someone provides them


if you would not strip your IP for no good reason i could even
tell you what nameservers are responsible for your PTR

what you create on your BIND don't matter until you have at least
a /24 network and a agreement with your ISP that he makes your
nameservers responsible for in-addr-arpa of that subnet and that
is not easy to achieve - been there done that, took years of asking

Re: Two domains names under the same IP: how to handle this issue ?

[Germain]

Many thanks for your answer, but now I'l lost...

I rent one dedicated server at Online.net with two domains (vehicall.com
and adtlas.com at Namebay) and my provider's console allows me to manage
the reverse DNS. 
 
Actually I've since a while adtlas.com. defined for 88.191.117.125 as
reverse.

How may I define two reverse, one for each domain, pointing to my single IP
? Is it legal ? Is it possible ?  
 
Maybe I'm totally wrong...



--
View this message in context: 
http://postfix.1071664.n5.nabble.com/Two-domains-names-under-the-same-IP-how-to-handle-this-issue-tp66655p66671.html
Sent from the Postfix Users mailing list archive at Nabble.com.

Re: Two domains names under the same IP: how to handle this issue ?

[li...@rhsoft.net]

Am 05.04.2014 12:32, schrieb Germain:
 Many thanks for your answer, but now I'l lost...
 I rent one dedicated server at Online.net with two domains (vehicall.com
 and adtlas.com at Namebay) and my provider's console allows me to manage
 the reverse DNS. 

why don't you just say that from the very begin?

 Actually I've since a while adtlas.com. defined for 88.191.117.125 as
 reverse.

and that is why you should not mask infos if you seek for help
with the info above all would have been clear while honestly
you should understand the error message and what a FQDN is

your original post contained: The FQDN is not seen in proper SMTP FQDN format:
It lacks the hostnamepart and adtlas.com. is not a FQDN - so if you even
have a admin-backend ofr that why don#t you just enter mail.adtlas.com. and
the same for the A-record and smtp_helo_name

[harry@srv-rhsoft:~]$ nslookup 88.191.117.125
Server: 127.0.0.1
Address:127.0.0.1#53

Non-authoritative answer:
125.117.191.88.in-addr.arpa name = adtlas.com.

Authoritative answers can be found from:
117.191.88.in-addr.arpa nameserver = nsa.online.net.
117.191.88.in-addr.arpa nameserver = nsb.online.net.
nsb.online.net  internet address = 195.154.228.250
nsa.online.net  internet address = 88.191.253.53

 How may I define two reverse, one for each domain, pointing 
 to my single IP ? Is it legal ? Is it possible ?  
  
 Maybe I'm totally wrong...

don't do that, you machine needs on A-record and one maching
PTR with a matching HELO-hostname which both does not depend
on any domain it is hosting for email

if you have more than one records it's up to the client
which one he is using and that may lead to problems

Re: Two domains names under the same IP: how to handle this issue ?

[Jason Woods]

Hello!

 On 5 Apr 2014, at 11:32, Germain germain.leutwy...@vehicall.com wrote:
 
 How may I define two reverse, one for each domain, pointing to my single IP
 ? Is it legal ? Is it possible ?  
 
 Maybe I'm totally wrong...


We just set one record, or none. You just get problems with more than one as I 
think most of time only one is assumed, or an arbitrary limit is placed. So 
stuff gets rejected randomly :/

So yeh don't do it.

 On 5 Apr 2014, at 11:26, li...@rhsoft.net li...@rhsoft.net wrote:
 
 frankly, it makes me angry if people
 * don't quote what they are replying to
 * don't read informations someone provides them

I agree and please don't take this the wrong way. I'm not trying to hit back or 
anything and I feel it can be constructive for all. It would be nice if you 
could:
* when quoting, include name/address/date of *who* is quoted to help quickly 
find original message and also know who is quoted
* sign off a name or set a from name
It might just be me and I apologise if it is but for me at least it makes the 
mailing list experience a whole lot better.

Regards,

Jason

Re: Two domains names under the same IP: how to handle this issue ?

[Germain]

Thank you for your appreciated remarks !

I apologize for masking at first my data, but a lot of people are doing the
same at first with a generic question.

As you have seen, I've then provided on my own my full parameters when it
was necessary...

Please don't hurt too much dumb people asking for help: I'm for sure NOT a
POSTFIX or BIND guru and on Internet you will find many times confusing, if
not conflicting, informations about parameters for those servers...

For me, and again excuse me, the terms hostname, domain and machine
can be sometimes confusing when they relate to parametersi to be used in
configuration files for POSTFIX and BIND.

Confusion occurs too with the mx1.adtlas.com and mail.adtlas.com
parameters...

Last but notleast, my machine name is sd-20384.

I've the same ethical problem as this one:
https://forum.linode.com/viewtopic.php?t=7888

And I would like simply to be able to send mail with my PERL programs, using
the MIME::Lite CPAN module, with webcont...@vehicall.com or
webcont...@adtlas.com or mic...@mouse.com as sender without being
flagged as spam...

If you are patient like me :-) I can provide my configuration files too !




--
View this message in context: 
http://postfix.1071664.n5.nabble.com/Two-domains-names-under-the-same-IP-how-to-handle-this-issue-tp66655p66679.html
Sent from the Postfix Users mailing list archive at Nabble.com.

Re: Two domains names under the same IP: how to handle this issue ?

[li...@rhsoft.net]

Am 05.04.2014 14:15, schrieb Germain:
 Thank you for your appreciated remarks !
 
 I apologize for masking at first my data, but a lot of people are doing the
 same at first with a generic question.

yes, and if you each time trying to help somebody need to
go trough several mails for get the real pocture.

 As you have seen, I've then provided on my own my full parameters when it
 was necessary...
 
 Please don't hurt too much dumb people asking for help: I'm for sure NOT a
 POSTFIX or BIND guru and on Internet you will find many times confusing, if
 not conflicting, informations about parameters for those servers...
 
 For me, and again excuse me, the terms hostname, domain and machine
 can be sometimes confusing when they relate to parametersi to be used in
 configuration files for POSTFIX and BIND.

no, they are really clear and to be honest if you have a problem to understand
that terms you should hire somebody who does because that is a prerequisite
for maintain a network facing machine

* domain: example.com
* FQDN: mail.example.com
* hostname: mail (in that case)

 Confusion occurs too with the mx1.adtlas.com and mail.adtlas.com
 parameters...
 
 Last but notleast, my machine name is sd-20384.

what machine name is sd-20384 and how does it matter?

you may fight corrently with DNS-TTL, means even if you changed the
PTR it may take up to 24 or 48 hours to get changed in dns caches
all over the world, on the other hand there is still no A record for
mail.adtlas.com asking your primary nameserver - so change that!

final goal you should achieve:

125.117.191.88.in-addr.arpa name = mail.adtlas.com
mail.adtlas.com  = 88.191.117.125
main.cf - smtp_helo_name - mail.adtlas.com

that is what the world is interested in because these are the
public records and smtp_helo_name is the greeting your server
makes to the destination which should be

a) FQDN
b) a exsting hostname
c) relsove to a IP which should resolve back
__

currently:

[harry@srv-rhsoft:~]$ nslookup 88.191.117.125 8.8.8.8
Server: 8.8.8.8
Address:8.8.8.8#53
Non-authoritative answer:
125.117.191.88.in-addr.arpa name = adtlas.com.

Name Server : NSPRI.ADTLAS.COM
Name Server : NSSEC.ONLINE.NET
Registrar Name : Namebay
[harry@srv-rhsoft:~]$ nslookup mail.adtlas.com NSPRI.ADTLAS.COM
Server: NSPRI.ADTLAS.COM
Address:88.191.117.125#53
** server can't find mail.adtlas.com.test.rh: REFUSED

 I've the same ethical problem as this one:
 https://forum.linode.com/viewtopic.php?t=7888
 
 And I would like simply to be able to send mail with my PERL programs, using
 the MIME::Lite CPAN module, with webcont...@vehicall.com or
 webcont...@adtlas.com or mic...@mouse.com as sender without being
 flagged as spam...

that is independent from what is producing the messages, if you struggle with
a wrong basic setup with your DNS records and hostname configurations you
should not setup a MTA

Re: Two domains names under the same IP: how to handle this issue ?

[Germain]

Thank you for the accurate details !

When I issue the command:

nslookup mx1.adtlas.com NSPRI.ADTLAS.COM

I receive that, and it seems to me correct:

Server: NSPRI.ADTLAS.COM
Address:88.191.117.125#53

Name:   mx1.adtlas.com
Address: 88.191.117.125

As I wrote in my previous reply, my FQDN is mx1.adtlas.com and I think the
mail prefix is not mandatory ! 
I may use what I want, right ?

But my problem was due the missing smtp_helo_name = mx1.adtlas.com, so
I've added it in the main.cf file before to restart POSTFIX :-)

Unfortunately I will hire nobody right now: I'm a 62-year old Swiss retiree
which has done painfully its two innovative Web sites by learning alone by
himself all pieces of the puzzle to set them up and to keep them running:
PERL, JavaScript, HTML, etc.
 
But sometimes I've to go on forums like this one to discuss with experts as
you, which I thank a lot for their appreciated help... and their patience
too :-)




--
View this message in context: 
http://postfix.1071664.n5.nabble.com/Two-domains-names-under-the-same-IP-how-to-handle-this-issue-tp66655p66681.html
Sent from the Postfix Users mailing list archive at Nabble.com.

Re: Two domains names under the same IP: how to handle this issue ?

[Miles Fidelman]

It strikes me that I haven't seen a general answer to the original 
question - how to set up PTR records when one is serving more than one 
domain under the same IP address.


This is of particular interest to me in that I currently do this as 
well.  What I'm doing now, seems to be working, but it's a matter of 
accident, not design (small cluster, originally set up to support 
company email and web servers for a few consulting clients, now also 
hosting a variety of email lists -- the web servers all have their own 
IP addresses, but the email domains share a common postfix installation 
-- the postfix configuration and dns records have just been adjusted 
over time).  It's all working, nothing is getting blocked, but I'm not 
sure why.


The original poster's question caught my attention - the RFCs suggest 
that there should be only one PTR record per IP address -- which begs 
the question of what do when one is serving multiple domains behind that 
IP (be they virtual web servers or mail servers).  And I can't seem to 
find any established best practices (in RFC form or less formally) - 
just a lot of anecdotal stories.


One thing that I've gathered is that how various programs - notably SMTP 
servers and anti-spam packages - make use of PTR records, and how they 
behave in the their absence, or in the case of mismatches, is idiosyncratic.


Which leads to several obvious questions:
- how does postfix use PTR records (e.g., which header lines are 
matched, at what points in the processing chain, ...)?

- how does it react to the absence of a PTR record?
- how does it react to mismatches (and in which headers)?
- how much of this is configurable?

Yes, a lot of this is buried in the documentation - and I'm going off to 
look - but the real question is:  are there any lessons learned and/or 
best practices to be applied to the general case of serving multiple 
domains from the same IP address?


Inquiring minds want to know!

Miles Fidelman

--
In theory, there is no difference between theory and practice.
In practice, there is.    Yogi Berra

Re: Two domains names under the same IP: how to handle this issue ?

[li...@rhsoft.net]

Am 05.04.2014 15:38, schrieb Germain:
 Thank you for the accurate details !
 
 When I issue the command:
 
 nslookup mx1.adtlas.com NSPRI.ADTLAS.COM
 
 I receive that, and it seems to me correct:
 
 Server: NSPRI.ADTLAS.COM
 Address:88.191.117.125#53
 
 Name:   mx1.adtlas.com
 Address: 88.191.117.125
 
 As I wrote in my previous reply, my FQDN is mx1.adtlas.com and I think the
 mail prefix is not mandatory ! 
 I may use what I want, right ?

yes, doing so consistent everywhere

 But my problem was due the missing smtp_helo_name = mx1.adtlas.com, so
 I've added it in the main.cf file before to restart POSTFIX :-)

no, you did not get that far because your PTR needs to be mx1.adtlas.com too

[harry@srv-rhsoft:~]$ nslookup 88.191.117.125
Server: 127.0.0.1
Address:127.0.0.1#53

Non-authoritative answer:
125.117.191.88.in-addr.arpa name = adtlas.com

 Unfortunately I will hire nobody right now: I'm a 62-year old Swiss retiree
 which has done painfully its two innovative Web sites by learning alone by
 himself all pieces of the puzzle to set them up and to keep them running:
 PERL, JavaScript, HTML, etc.
  
 But sometimes I've to go on forums like this one to discuss with experts as
 you, which I thank a lot for their appreciated help... and their patience
 too :-)

no problem - only please be very careful in case of a mailserver, that
brings great responsiblity and in case of misconfigurations playing
open relay and spread spam or malware it affects anybody out there!

Re: Two domains names under the same IP: how to handle this issue ?

[li...@rhsoft.net]

Am 05.04.2014 17:01, schrieb Miles Fidelman:
 It strikes me that I haven't seen a general answer to the original question 
 how to set up PTR records when one is serving more than one domain under 
 the same IP address.

don't setup PTR records and A records for a mailsever
setup *one* PTR record, *one* A record and *one* HELO-name

just use a generic hostname like mail.yourcompany.tld and
use that as MX records for as many domains you are hosting
on that mailserver

that:

a) works
b) is consistent
c) don't bring you in trouble if it comes to TLS
d) keeps things simple

proven by hosting some hundret domains for a decade on one hostname

Re: Two domains names under the same IP: how to handle this issue ?

[Reko Turja]

-Original Message- 
From: Miles Fidelman


The original poster's question caught my attention - the RFCs suggest that 
there should be only one PTR record per IP address -- which begs the 
question of what do when one is serving multiple domains behind that


You set up the other domains so that the DNS has the main name as MX and 
the server sends mail even for the other domains using the server real name. 
In addition, setting up things like SPF and DKIM records for all the domains 
and making the main MX the authorised sender for them helps with 
validation.


-Reko 

Re: Two domains names under the same IP: how to handle this issue ?

[/dev/rob0]

On Sat, Apr 05, 2014 at 11:01:54AM -0400, Miles Fidelman wrote:
 Which leads to several obvious questions:
 - how does postfix use PTR records (e.g., which header lines
 are matched, at what points in the processing chain, ...)?

A client connects to smtpd. The PTR for the client IP address is 
looked up. The PTR value (that is, a hostname, such as 
x.example.com.) is also looked up. If an A record matching the 
client IP address is returned, smtpd logs the connection as coming 
from x.example.com[client.ip.add.ress]. Then if mail is eventually 
accepted, the Received header is constructed similarly:

Received: from helo_name_given (x.example.com[client.ip.add.ress])

If this verification process fails, such as when no PTR exists for 
the address (see reject_unknown_reverse_client_hostname) or when the 
PTR value lookup fails (nxdomain, servfail, timeout) or returns a 
different IP address (see reject_unknown_client_hostname), smtpd logs 
the connection as coming from unknown[client.ip.add.ress].

Which header lines are matched? I have no idea what you mean.

At what points in the processing chain? This is all done by smtpd 
for any new client connection.

 - how does it react to the absence of a PTR record?

By default, only by logging as per above. Otherwise, according to 
whatever restrictions you have chosen to enforce.

 - how does it react to mismatches (and in which headers)?

A PTR/A mismatch is unknown. Again, no idea what you are asking 
about headers.

 - how much of this is configurable?

Restrictions are configurable. See the ones listed under 
postconf.5.html#smtpd_client_restrictions . Logging is not 
configurable.

 Yes, a lot of this is buried in the documentation - and I'm going 
 off to look - but the real question is: are there any lessons 
 learned and/or best practices to be applied to the general case
 of serving multiple domains from the same IP address?

Pick ONE name to be the canonical name of the machine. Set that as 
your PTR value for the IP address, and make sure that the name 
resolves to that address. Set that name as $myhostname. Forget the 
quest for the perfect headers: it's not worth the trouble, and 
nobody cares anyway.


Addendum:

One other comment to this thread: please, PLEASE, get rid of 
nslookup. It is broken, bug-ridden garbage that will not be fixed. 
Nobody in A.D. 2014 should be recommending it. The proper tool for 
DNS troubleshooting is dig(1).
-- 
  http://rob0.nodns4.us/
  Offlist GMX mail is seen only if /dev/rob0 is in the Subject:

Re: Two domains names under the same IP: how to handle this issue ?

[li...@rhsoft.net]

Am 05.04.2014 18:06, schrieb /dev/rob0:
 One other comment to this thread: please, PLEASE, get rid of 
 nslookup. It is broken, bug-ridden garbage that will not be fixed. 
 Nobody in A.D. 2014 should be recommending it. The proper tool for 
 DNS troubleshooting is dig(1)

agreed, but until now i found no way to do the PTR request
with dig or was not interested that much to dig docs instead
just type or find it absurd that dig PTR 8.8.8.8 don't work

[harry@srv-rhsoft:~]$ nslookup 8.8.8.8
Server: 127.0.0.1
Address:127.0.0.1#53

Non-authoritative answer:

8.8.8.8.in-addr.arpaname = google-public-dns-a.google.com.

Authoritative answers can be found from:
8.8.8.in-addr.arpa  nameserver = ns3.google.com.
8.8.8.in-addr.arpa  nameserver = ns4.google.com.
8.8.8.in-addr.arpa  nameserver = ns2.google.com.
8.8.8.in-addr.arpa  nameserver = ns1.google.com.
ns1.google.com  internet address = 216.239.32.10
ns4.google.com  internet address = 216.239.38.10
ns3.google.com  internet address = 216.239.36.10
ns2.google.com  internet address = 216.239.34.10

Re: Two domains names under the same IP: how to handle this issue ?

[/dev/rob0]

On Sat, Apr 05, 2014 at 06:23:05PM +0200, li...@rhsoft.net wrote:
 Am 05.04.2014 18:06, schrieb /dev/rob0:
  One other comment to this thread: please, PLEASE, get rid of 
  nslookup. It is broken, bug-ridden garbage that will not be 
  fixed. Nobody in A.D. 2014 should be recommending it. The
  proper tool for DNS troubleshooting is dig(1)
 
 agreed, but until now i found no way to do the PTR request
 with dig or was not interested that much to dig docs instead
 just type or find it absurd that dig PTR 8.8.8.8 don't work

dig -x 8.8.8.8 is what you're after. :) The -x says reverse the 
dotted elements, append '.in-addr.arpa.' and set QTYPE to PTR. 
Unlike most dig command line elements, order matters: the -x must 
come immediately before the IP address being queried.

Note that it's not smart. ANY string of dotted elements will be 
handled in this way, not just an IPv4 address.

Agreed that nslookup has a lower learning curve, and some folks 
prefer its interactive mode. To me that's not worth the risk of 
getting wrong/misleading data.

 [harry@srv-rhsoft:~]$ nslookup 8.8.8.8
 Server: 127.0.0.1
 Address:127.0.0.1#53
 
 Non-authoritative answer:
 
 8.8.8.8.in-addr.arpaname = google-public-dns-a.google.com.
-- 
  http://rob0.nodns4.us/
  Offlist GMX mail is seen only if /dev/rob0 is in the Subject:

Re: Two domains names under the same IP: how to handle this issue ?

[Miles Fidelman]

li...@rhsoft.net wrote:


Am 05.04.2014 17:01, schrieb Miles Fidelman:

It strikes me that I haven't seen a general answer to the original question
how to set up PTR records when one is serving more than one domain under
the same IP address.

don't setup PTR records and A records for a mailsever
setup *one* PTR record, *one* A record and *one* HELO-name

just use a generic hostname like mail.yourcompany.tld and
use that as MX records for as many domains you are hosting
on that mailserver

that:

a) works
b) is consistent
c) don't bring you in trouble if it comes to TLS
d) keeps things simple

proven by hosting some hundret domains for a decade on one hostname


True.  And that's pretty much what I've ended up doing.

One minor nit, though: when one is hosting email for clients, the 
generic hostname needs to be something innocuous (for example, when you 
use godaddy's mail services, all the mail goes out from 
.secureserver.net).



--
In theory, there is no difference between theory and practice.
In practice, there is.    Yogi Berra

Re: Two domains names under the same IP: how to handle this issue ?

[li...@rhsoft.net]

Am 05.04.2014 19:34, schrieb Miles Fidelman:
 li...@rhsoft.net wrote:

 Am 05.04.2014 17:01, schrieb Miles Fidelman:
 It strikes me that I haven't seen a general answer to the original question
 how to set up PTR records when one is serving more than one domain under
 the same IP address.
 don't setup PTR records and A records for a mailsever
 setup *one* PTR record, *one* A record and *one* HELO-name

 just use a generic hostname like mail.yourcompany.tld and
 use that as MX records for as many domains you are hosting
 on that mailserver

 that:

 a) works
 b) is consistent
 c) don't bring you in trouble if it comes to TLS
 d) keeps things simple

 proven by hosting some hundret domains for a decade on one hostname
 
 True.  And that's pretty much what I've ended up doing.
 
 One minor nit, though: when one is hosting email for clients, the generic 
 hostname needs to be something innocuous
 (for example, when you use godaddy's mail services, all the mail goes out 
 from .secureserver.net)

well, mail.yourcompany.tld should be innocuous enough and if someone asks
why you find easily a dozen large mail providers to point here because they
are doing the same and it just works

we had also mail.customer1.tld, mail.customer2.tld... until i stepped
in and stopped that because here and there someone forgot the MX or
the A-record or both and now instead of fighting with that the mailbackend
set's the MX to always he same generic name

at that time TLS was no topic because the old Apple based mail server did
not support it at all - after i built the new mail systems with encryption
i was glad to clean that up long enough before and keep things as simple
as possible
_

general rule for administration:
if you have 5 ways to achieve the same result chose the simplest one until
you find no good reason not to do so - in the best case choose a lot of
simple implementations you understand and can explain if somebody wakes you
in the middle of the night, stick them together to a big picture

if sooner or later one of the pieces will fail you will be thanful if
you can fix that or even replace it with a better implementation not
known at the first start without touching the other pieces at all

that's why postfix has different processes for different tasks and works
for decades while not care about storage, sieve, responders and what not
because they all can be intergated however someone needs

Re: Two domains names under the same IP: how to handle this issue ?

[Miles Fidelman]

/dev/rob0 wrote:

On Sat, Apr 05, 2014 at 11:01:54AM -0400, Miles Fidelman wrote:

Which leads to several obvious questions:
- how does postfix use PTR records (e.g., which header lines
are matched, at what points in the processing chain, ...)?

A client connects to smtpd. The PTR for the client IP address is
looked up. The PTR value (that is, a hostname, such as
x.example.com.) is also looked up. If an A record matching the
client IP address is returned, smtpd logs the connection as coming
from x.example.com[client.ip.add.ress]. Then if mail is eventually
accepted, the Received header is constructed similarly:

Received: from helo_name_given (x.example.com[client.ip.add.ress])


Well... it's a little more complicated than that:
- there's the initial TCP connection - where there are only IP addresses 
and port numbers involved

- there's the HELO command - HELO name is given
- then there's the MAIL command - where you have the sender email 
address (which may be a different domain from the HELO domain)


And a bunch of other things are logged (depending on logging 
configuration), including:

- envelope from: and to:
- from: and to: addresses from the message body
- alias translations (e.g., an originally-to: header)


If this verification process fails, such as when no PTR exists for
the address (see reject_unknown_reverse_client_hostname) or when the
PTR value lookup fails (nxdomain, servfail, timeout) or returns a
different IP address (see reject_unknown_client_hostname), smtpd logs
the connection as coming from unknown[client.ip.add.ress].

Which header lines are matched? I have no idea what you mean.


Well, let's start with:
- HELO name
- MAIL FROM:
- From:

Since this is a postfix list - specifically, does postfix do any 
matching beyond the IP address in the TCP connection, and the PTR from 
the HELO name?


Miles Fidelman

--
In theory, there is no difference between theory and practice.
In practice, there is.    Yogi Berra

Re: Two domains names under the same IP: how to handle this issue ?

[Miles Fidelman]

I should have added (see in-line)

Miles Fidelman wrote:

/dev/rob0 wrote:

On Sat, Apr 05, 2014 at 11:01:54AM -0400, Miles Fidelman wrote:

Which leads to several obvious questions:
- how does postfix use PTR records (e.g., which header lines
are matched, at what points in the processing chain, ...)?

A client connects to smtpd. The PTR for the client IP address is
looked up. The PTR value (that is, a hostname, such as
x.example.com.) is also looked up. If an A record matching the
client IP address is returned, smtpd logs the connection as coming
from x.example.com[client.ip.add.ress]. Then if mail is eventually
accepted, the Received header is constructed similarly:

Received: from helo_name_given (x.example.com[client.ip.add.ress])


Well... it's a little more complicated than that:
- there's the initial TCP connection - where there are only IP 
addresses and port numbers involved

- there's the HELO command - HELO name is given
- then there's the MAIL command - where you have the sender email 
address (which may be a different domain from the HELO domain)


And a bunch of other things are logged (depending on logging 
configuration), including:

- envelope from: and to:
- from: and to: addresses from the message body
- alias translations (e.g., an originally-to: header)


And that's before looking at cases where mail is dropped into the queue 
via other means than a TCP connection (e.g., by a list manager, UUCP).






If this verification process fails, such as when no PTR exists for
the address (see reject_unknown_reverse_client_hostname) or when the
PTR value lookup fails (nxdomain, servfail, timeout) or returns a
different IP address (see reject_unknown_client_hostname), smtpd logs
the connection as coming from unknown[client.ip.add.ress].

Which header lines are matched? I have no idea what you mean.


Well, let's start with:
- HELO name
- MAIL FROM:
- From:

Since this is a postfix list - specifically, does postfix do any 
matching beyond the IP address in the TCP connection, and the PTR from 
the HELO name?


Miles Fidelman




--
In theory, there is no difference between theory and practice.
In practice, there is.    Yogi Berra

Two domains names under the same IP: how to handle this issue ?

[Germain]

Hello,

Please let me expose my problem to your sagacity :-)

Under Ubuntu 10.04, I'm running one dedicated server with Postix 2.7.0 and
Bind 9.7.0 to host two Web sites: site-one.com and site-two.com. 

Accordingly, I've defined one email account for each one:
webcont...@site-one.com and webcont...@site-two.com.
 
Unfortunately when I'm doing the tests with MultiRBL.valli.org, my IP is
ONLY blacklisted on V4BL.org with the following sentence:

Your email is from domain site-one.com, this IP is from domain
site-two.com.
IP xx.xxx.xxx.xxx remain listed because:
 - The underlying domain (site-two.com) lacks credibility.
 - The FQDN is not seen in proper SMTP FQDN format: It lacks the hostname
part.

What do you suggest me to resolve this issue ? I can provide my main.conf
file for examination !
 
Thanks in advance for your appreciated help,
Germain

PS: as you imagine, I can't afford two dedicated servers right now...

 



--
View this message in context: 
http://postfix.1071664.n5.nabble.com/Two-domains-names-under-the-same-IP-how-to-handle-this-issue-tp66655.html
Sent from the Postfix Users mailing list archive at Nabble.com.

Re: Two domains names under the same IP: how to handle this issue ?

[li...@rhsoft.net]

Am 04.04.2014 15:48, schrieb Germain:
 Accordingly, I've defined one email account for each one:
 webcont...@site-one.com and webcont...@site-two.com.
  
 Unfortunately when I'm doing the tests with MultiRBL.valli.org, my IP is
 ONLY blacklisted on V4BL.org with the following sentence:
 
 Your email is from domain site-one.com, this IP is from domain
 site-two.com.
 IP xx.xxx.xxx.xxx remain listed because:
  - The underlying domain (site-two.com) lacks credibility.
  - The FQDN is not seen in proper SMTP FQDN format: It lacks the hostname
 part.

you need a PTR record which needs to match the A-record of your IP and for
the sake of a clean setup myhostname in main.cf or at least smtp_helo_name
should match that too

http://www.emailtalk.org/ptr.aspx

this is one of the *basic* setups before install a mailserver

 What do you suggest me to resolve this issue ? I can provide my main.conf
 file for examination!
  
 Thanks in advance for your appreciated help,
 Germain
 
 PS: as you imagine, I can't afford two dedicated servers right now...

you can host 100, 200, 1000 domains on one server and IP and so the
subject has nothing to do with your problem above