6

I'm setting up an email server for my business and personal use. I have a public static ip address from Cincinnati Bell (now altafiber). I tried getting them to setup/delegate reverse dns lookup via ns record so I could host all my email domains, business & personal. However every time I contact them about reverse dns entry's they tell me they don't support it.

So I'm trying to find a solution to this problem. Most of my research suggests that it has to be my internet provider that handles this.

Here are my questions: Is there any way to have the reverse lookup directed to my dns server? Or somehow resolve to at-least 1 ptr record for my business email?

If not then, what are some other alternatives?

Would like to host the server myself and not use another paid service such as https://www.rapidseedbox.com/

Will using a smtp relay solve this appropriately. Are there any secure (SSL) smtp relays that are free?

b.sullender
  • 183

3 Answers3

13

There is no way to set up a redirection for PTR. The IP space is owned by your ISP, and the PTR records are delegated to their nameservers. There is no way around that without their help, and if they're unwilling to do it, you're stuck.

The biggest problem here would be mail submission, as PTR is often checked as anti-spam measure (exactly for this reason, so the owner of the IP subnet knows there's a mail server and approves of it). You could get a public relayhost for a couple of euro/dollar a month, and route all mail through them. As long as this relay host doesn't check, you're good.

Another solution is to set the name of your mailserver and the MX records to whatever PTR record is assigned to your IP. It's not pretty, but as long as the forward and reverse is the same, functionally it should be fine.

mtak
  • 17,262
9

It is indeed the IP owner (and only the IP owner) that can set up reverse DNS entries. Much like forward DNS, where a whole domain is delegated to you (or rather the registrar), the reverse zone is delegated to the IP owner only. You cannot interfere with other domains’ forward DNS, you cannot interfere with others’ IPs’ reverse DNS.

It is relatively unlikely a business plan with an ISP would not include such a feature. If you do not have a business plan, you need one.

If you cannot make this work with your ISP, you are out of luck as far as sending directly from home is concerned. You can still receive just fine.

A so-called smart host can help with this problem, yes. It can also help with IP reputation problems you may get. It will not be free if you want good reputation.

user219095
  • 65,551
3

What you are looking to do is completely, and easily doable...

I have roughly the same setup myself. I have a DHCP address issued by my ISP that I do not have any control over. I don't own any of the DNS records associated with the IP address, nor can I control if or when the address changes. I also host my own mail server internally at my home, not using any 3rd party resources. I have a residential internet connection, not a business one.

You'll need to register a domain name and subscribe to a DDNS service. I use Google Domains because for $12/year I get both.

As for the email flow specifics...

Inbound mail will simply find your domain via DNS and the mail will be directed to the IP address associated to your domain via the DDNS service. Inbound mail is the easy part.

Outbound mail is where things get a little tricky, but not really. The problem you eluded to is introduced by the receiving email server trying to verify that it's not getting a bunch of spam. One way it does this is to verify the sender's domain name and IP address. The way to tackle this is to bounce your outbound emails through your ISP's SMTP relay. When you do this, the receiving system sees the ISP's IP address and it's fully reversible address. This passes the first test.

The next most common anti-spam mechanism is the verification that the sending domain is allowed to come from the IP address the connection is made from. This can be tackled in a couple of ways... SPF and/or DKIM DNS records that define "who" is allowed to send mail as your domain.

For example, I use an SPF record that says mydomain.com is allowed to come from the subnet range of the ISP SMTP relay that I use, as well as the domain names of my ISP (ie. myisp.com, smtp.myisp.com). This means that when the receiving server gets an email from me@mydomain.com that comes from smtp.myisp.com with a reverse IP lookup within the subnet I specified (ie. 1.2.3.0/24) it will accept it because I told it to in the SPF record in DNS (at Google).

I have a script that monitors my external (public) IP address. If the address changes, it automatically updates my Google DDNS record with the new address so inbound mail is not interrupted by a DHCP change. Since you have a static IP address, you wouldn't need to worry about this part, but if your ISP ever forces you to use a non-static address, at least you'll have an idea how to handle it.

If you don't know what your ISP's SMTP relay is, check their documentation on how to configure email clients like Thunderbird, or the email on your iPhone or Android phone. In nearly every case, the instructions will give you the name of their relay(s).

Note that this solution results in ZERO rejected emails from destination servers because the address they see the email comes from is forward and reverse resolvable (since it's the ISP's public addresses and names) and the SPF record allows email from my domain to come from my ISP's relay.

This is all very, very basic SMTP stuff and you can find gobs of information on the exact details on how to do each of these steps with some Google searches.

mikem
  • 526