Forum Discussion
NimbostratusRegarding PTR records for mail gateways and ZoneRunner...
I have a question regarding reverse lookups (and by extension SPF records) for mail gateways in an F5 GTM\LTM deployment scenario.
We have decided to implement 2 F5 load balancers in a pool in order to load balance 2 ISP links for our organization. These load balancers will be sitting outside our Firewall and basically be load balancing traffic passed through the firewall out our 2 ISP links in a round-robin configuration. In conjunction, we have decided to move our external dns from being hosted on Godaddy to the F5 devices using Zonerunner. We have all our records configured and have tested everything, but we have some concerns regarding reverse lookups for our mail gateways that we would like to get some assistance on before we go through with our full implementation. We are concerned specifically about these lookups as we do not want outgoing mail to be rejected by other domains.
Performing an mxlookup of our current records tells us that our PTR records for our mail gateways are correctly pointing to our mail gateways on ISP link 1, and we assume that we simply have to have the ISP update the records for the secondary link to point to the same gateways. However, we are unsure if this the only change we have to make or if we are required to add the PTR records for the gateways into Zonerunner. Our research hasn't yielded a concrete answer to this question, and we would like to avoid spending our implementation window scrambling to resolve an outage related to this. Is there anyone who can provide some insight on this issue?
7 Replies
boricuaking55_1Please feel free to ask me for more information if my question seems unclear
Cory_50405Noctilucent
Your SPF record should include all email relay hostnames that will relay mail for your domain. As long as you ensure there's a PTR in place for each sending mail server IP address, and that PTR specifies the hostname of the email relay, then you should be good.
If you can provide more details on your current SPF record and how many email relays you have, I can help ensure you are all setup properly.
- boricuaking55_1Thank you for your answer Cory. We actually do not have an SPF record set that contains the mail gateway host-names (2 nodes, each with an IP address on each link). Our current plan is to update the PTR record for the secondary link IPs with the two host-names (they are using temporary filler names as of this moment)
- Cory_50405Just for clarity, reverse lookups (PTR) and SPF (TXT) records are two separate things, both of which receiving mail servers usually check. Some mail servers will not accept mail from your domain unless it finds an SPF record. I've encountered some that will always mark messages as spam unless there's an SPF record in place. It's definitely a good idea to create PTR records for your secondary IP addresses, but you really should create an SPF record as well.
Vitaliy_SavransNacreous
Useful link for checking DNS configuration for mailgateways http://mxtoolbox.com (maybe this simple test will answer to your question). For avoiding be in spam lists don't forget about SMTP Reverse Banner Check.
- boricuaking55_1Thank you sir - that's actually been one of the tools I've been using while working on this and I highly recommend it.
- Vitaliy_Savransanother useful link to sheck your smtp servers reputation senderbase.org. Do you need any help?
