In this article, we will discuss one of the main e-mail protection strategies: rDNS, and show you how to implement it on your Carbonio CE servers properly. We will be following this with more articles talking about other common e-mail protection strategies.
What Is rDNS?
RDNS (Reverse Domain Name System) is the lookup of a domain name from an IP address. The term “reverse” refers to a DNS request that resolves an IP address given a domain name.
Reverse DNS entries are stored in a unique PTR record type. The IP address with the segments inverted plus “.in-addr.arpa” is the name of the PTR record.
For instance, a PTR record for “4.3.2.1.in-addr.arpa” might be used to hold the reverse DNS entry for IP address 1.2.3.4.
Why Is rDNS Important?
Queries for rDNS are frequently used to filter spamming attempts. Spammers may simply set the sending e-mail address to whatever domain name they like, even a respectable one like a bank or other reliable institution. By using a Reverse DNS request to verify the transmitting IP address, receiving e-mail servers may verify incoming messages. The rDNS resolver should match the e-mail address’ domain if the e-mail is authentic.
The drawback of this method is that some reliable mail servers may not have the necessary rDNS records configured on their end to respond appropriately as frequently their ISP must accomplish this. As a result, their outgoing e-mails might be wrongly flagged as spam. Therefore it is important to configure rDNS record on your end as well as check for rDNS records for incoming e-mails on the sender’s end.
How to Configure rDNS on Your End
If you are the owner of IP addresses and can register a reverse DNS zone, you must first construct the reverse zone and then add a PTR record to it in order to configure rDNS.
- First, start with creating your PTR record
- Start by removing the last segment of your IP address; for instance, 192.168.0.100 becomes 192.168.0,
- Reverse the result of the previous step, for instance, it becomes
0.168.192, - Append
.in-addr.arpato the end to get your inverse address, for instance, it becomes0.168.192.in-addr.arpa.
- Then continue with creating a reverse zone
- Access your DNS provider, GoDaddy, Network Solutions, etc are some examples of DNS providers you may use,
- Access your DNS Management or something like name server management.
- Add a new DNS zone,
- Insert your IP in the IP address field,
- Insert created PTR record in the previous part,
- Save the zone.
- Add your PTR record to the DNS
- Access your DNS provider,
- Access your name server management or DNS management page,
- Access the created reverse zone.
- Add a new PTR entry.
- Set the Record Type to PTR.
- Insert your domain and IP in the Hostname field in this format
yourIP.yourDomain. - Insert your IP in reverse in the Value field, for example,
100.0.168.192is the reverse of192.168.0.100. - Assign the Time to Live (TTL), for example, let’s use 3600s.
- Save the entry.
How to Configure rDNS Checking for Incoming E-mails
By enabling rDNS checking on your Carbonio server, you will end up rejecting incoming messages that don’t pass rDNS lookup test. This will result in rejecting many spamming attempts on your server.
To do so you can simply run
sudo su - zextras
carbonio prov mcf +zimbraMtaRestriction "reject_unknown_client_hostname"
postfix reloadTesting it All Out
Assuming you previously generated your rDNS record, adding it to your DNS, and wish to examine your rDNS setup. The rDNS record is kept in DNS as PTR. You may manually verify the rDNS record for an IP address using nslookup or dig as follows by replacing yourIP with your IP address
nslookup -type=PTR yourIPor
dig -x yourIPYour domain name would appear in the result if an rDNS record is present.
Additionally, there are internet resources available for checking your rDNS records, such as https://mxtoolbox.com/ReverseLook up.aspx. To test your rDNS, you may also input your IP address to see if the DNS entry is valid. If it is, your domain will be shown, indicating that your rDNS passed the test.