Two domains names under the same IP: how to handle this issue ?

classic Classic list List threaded Threaded
22 messages Options
12
Reply | Threaded
Open this post in threaded view
|

Two domains names under the same IP: how to handle this issue ?

Germain
Hello,

Please let me expose my problem to your sagacity :-)

Under Ubuntu 10.04, I'm running one dedicated server with Postix 2.7.0 and Bind 9.7.0 to host two Web sites: site-one.com and site-two.com.

Accordingly, I've defined one email account for each one: webcontact@site-one.com and webcontact@site-two.com.
 
Unfortunately when I'm doing the tests with MultiRBL.valli.org, my IP is ONLY blacklisted on V4BL.org with the following sentence:

Your email is from domain "site-one.com", this IP is from domain "site-two.com".
IP "xx.xxx.xxx.xxx" remain listed because:
 - The underlying domain ("site-two.com") lacks credibility.
 - The FQDN is not seen in proper SMTP FQDN format: It lacks the <hostname> part.

What do you suggest me to resolve this issue ? I can provide my main.conf file for examination !
 
Thanks in advance for your appreciated help,
Germain

PS: as you imagine, I can't afford two dedicated servers right now...

 
Reply | Threaded
Open this post in threaded view
|

Re: Two domains names under the same IP: how to handle this issue ?

lists@rhsoft.net


Am 04.04.2014 15:48, schrieb Germain:

> Accordingly, I've defined one email account for each one:
> [hidden email] and [hidden email].
>  
> Unfortunately when I'm doing the tests with MultiRBL.valli.org, my IP is
> ONLY blacklisted on V4BL.org with the following sentence:
>
> Your email is from domain "site-one.com", this IP is from domain
> "site-two.com".
> IP "xx.xxx.xxx.xxx" remain listed because:
>  - The underlying domain ("site-two.com") lacks credibility.
>  - The FQDN is not seen in proper SMTP FQDN format: It lacks the <hostname>
> part.

you need a PTR record which needs to match the A-record of your IP and for
the sake of a clean setup "myhostname" in main.cf or at least "smtp_helo_name"
should match that too

http://www.emailtalk.org/ptr.aspx

this is one of the *basic* setups before install a mailserver

> What do you suggest me to resolve this issue ? I can provide my main.conf
> file for examination!
>  
> Thanks in advance for your appreciated help,
> Germain
>
> PS: as you imagine, I can't afford two dedicated servers right now...

you can host 100, 200, 1000 domains on one server and IP and so the
subject has nothing to do with your problem above
Reply | Threaded
Open this post in threaded view
|

Re: Two domains names under the same IP: how to handle this issue ?

Germain
Many thanks for your answer !

In fact I've already in the BIND configuration of zone-one.com:

"zone-one.com. A xx.xxx.xxx.xxx"
"mx1.zone-one.com. A xx.xxx.xxx.xxx"
"zone-one.com. MX 10 mx1.zone-one.com."
"xx.xxx.xxx.xxx.zone-one.com. PTR zone-one.com."

Same is true for zone-two.com with exactly the same related parameters !

Maybe it is wrong to have both of them ?
Reply | Threaded
Open this post in threaded view
|

Re: Two domains names under the same IP: how to handle this issue ?

Robert Sander
On 05.04.2014 08:33, Germain wrote:

> "xx.xxx.xxx.xxx.zone-one.com. PTR zone-one.com."

PTR records live in the in-addr.arpa zone.
With a high probability this zone is hosted at your provider.
Please ask them to setup the PTR records.

Regards
--
Robert Sander
Heinlein Support GmbH
Linux: Akademie - Support - Hosting
http://www.heinlein-support.de

Tel: 030-405051-43
Fax: 030-405051-19

Zwangsangaben lt. §35a GmbHG:
HRB 93818 B / Amtsgericht Berlin-Charlottenburg,
Geschäftsführer: Peer Heinlein  -- Sitz: Berlin


signature.asc (919 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Two domains names under the same IP: how to handle this issue ?

lists@rhsoft.net
In reply to this post by Germain

Am 05.04.2014 08:33, schrieb Germain:
> In fact I've already in the BIND configuration of zone-one.com:
>
> "zone-one.com. A xx.xxx.xxx.xxx"
> "mx1.zone-one.com. A xx.xxx.xxx.xxx"
> "zone-one.com. MX 10 mx1.zone-one.com."

> "xx.xxx.xxx.xxx.zone-one.com. PTR zone-one.com."

what is that above?
just read this!
http://en.wikipedia.org/wiki/Reverse_DNS_lookup

sorry, but you don't have a clue how DNS works and before you starr
to implement that read below beause you are not in the position to
control your PTR - are you aware that basic understanding of DNS
and networking is a prerequisite do maintaina public mailserver?
______________________________________________________________________

zone "196.168.192.in-addr.arpa." IN {
 type                 master;
 file                 "zones/196.168.192.in-addr.arpa.dns";
};
______________________________________________________________________

[root@srv-rhsoft:~]$ more zones/196.168.192.in-addr.arpa.dns
$TTL 3600

@ IN SOA srv-rhsoft.rhsoft.net. admin.rhsoft.net. (
        1316784994 ; Serial
        1800 ; Refresh
        600 ; Retry
        1814400 ; Expire
        900 ; Negative-TTL
);

        NS      srv-rhsoft.rhsoft.net.

16      PTR     arrakisvm.vmware.local.
255     PTR     broadcast.vmware.local
______________________________________________________________________

> Same is true for zone-two.com with exactly the same related parameters!
> Maybe it is wrong to have both of them?

why don't you ask a nameserver others also asking?
nslookup xx.xxx.xxx.xxx 8.8.8.8

why don't you just open the link below?
http://www.emailtalk.org/ptr.aspx

frankly, it makes me angry if people
* don't quote what they are replying to
* don't read informations someone provides them
____________________________________________________

if you would not strip your IP for no good reason i could even
tell you what nameservers are responsible for your PTR

what you create on your BIND don't matter until you have at least
a /24 network and a agreement with your ISP that he makes your
nameservers responsible for in-addr-arpa of that subnet and that
is not easy to achieve - been there done that, took years of asking
Reply | Threaded
Open this post in threaded view
|

Re: Two domains names under the same IP: how to handle this issue ?

Germain
In reply to this post by Robert Sander
Many thanks for your answer, but now I'l lost...

I rent one dedicated server at Online.net with two domains ("vehicall.com" and "adtlas.com" at Namebay) and my provider's console allows me to manage the reverse DNS.
 
Actually I've since a while "adtlas.com." defined for "88.191.117.125" as reverse.

How may I define two reverse, one for each domain, pointing to my single IP ? Is it legal ? Is it possible ?  
 
Maybe I'm totally wrong...
Reply | Threaded
Open this post in threaded view
|

Re: Two domains names under the same IP: how to handle this issue ?

lists@rhsoft.net

Am 05.04.2014 12:32, schrieb Germain:
> Many thanks for your answer, but now I'l lost...
> I rent one dedicated server at Online.net with two domains ("vehicall.com"
> and "adtlas.com" at Namebay) and my provider's console allows me to manage
> the reverse DNS.

why don't you just say that from the very begin?

> Actually I've since a while "adtlas.com." defined for "88.191.117.125" as
> reverse.

and that is why you should not mask infos if you seek for help
with the info above all would have been clear while honestly
you should understand the error message and what a FQDN is

your original post contained: "The FQDN is not seen in proper SMTP FQDN format:
It lacks the <hostname>part" and "adtlas.com." is not a FQDN - so if you even
have a admin-backend ofr that why don#t you just enter "mail.adtlas.com." and
the same for the A-record and "smtp_helo_name"

[harry@srv-rhsoft:~]$ nslookup 88.191.117.125
Server:         127.0.0.1
Address:        127.0.0.1#53

Non-authoritative answer:
125.117.191.88.in-addr.arpa     name = adtlas.com.

Authoritative answers can be found from:
117.191.88.in-addr.arpa nameserver = nsa.online.net.
117.191.88.in-addr.arpa nameserver = nsb.online.net.
nsb.online.net  internet address = 195.154.228.250
nsa.online.net  internet address = 88.191.253.53

> How may I define two reverse, one for each domain, pointing
> to my single IP ? Is it legal ? Is it possible ?  
>  
> Maybe I'm totally wrong...

don't do that, you machine needs on A-record and one maching
PTR with a matching HELO-hostname which both does not depend
on any domain it is hosting for email

if you have more than one records it's up to the client
which one he is using and that may lead to problems
Reply | Threaded
Open this post in threaded view
|

Re: Two domains names under the same IP: how to handle this issue ?

Jason Woods
In reply to this post by lists@rhsoft.net
Hello!

> On 5 Apr 2014, at 11:32, Germain <[hidden email]> wrote:
>
> How may I define two reverse, one for each domain, pointing to my single IP
> ? Is it legal ? Is it possible ?  
>
> Maybe I'm totally wrong...


We just set one record, or none. You just get problems with more than one as I think most of time only one is assumed, or an arbitrary limit is placed. So stuff gets rejected randomly :/

So yeh don't do it.

> On 5 Apr 2014, at 11:26, "[hidden email]" <[hidden email]> wrote:
>
> frankly, it makes me angry if people
> * don't quote what they are replying to
> * don't read informations someone provides them

I agree and please don't take this the wrong way. I'm not trying to hit back or anything and I feel it can be constructive for all. It would be nice if you could:
* when quoting, include name/address/date of *who* is quoted to help quickly find original message and also know who is quoted
* sign off a name or set a from name
It might just be me and I apologise if it is but for me at least it makes the mailing list experience a whole lot better.

Regards,

Jason
Reply | Threaded
Open this post in threaded view
|

Re: Two domains names under the same IP: how to handle this issue ?

Germain
In reply to this post by lists@rhsoft.net
Thank you for your appreciated remarks !

I apologize for masking at first my data, but a lot of people are doing the same at first with a generic question.

As you have seen, I've then provided on my own my full parameters when it was necessary...

Please don't hurt too much dumb people asking for help: I'm for sure NOT a POSTFIX or BIND guru and on Internet you will find many times confusing, if not conflicting, informations about parameters for those servers...

For me, and again excuse me, the terms "hostname", "domain" and "machine" can be sometimes confusing when they relate to parametersi to be used in configuration files for POSTFIX and BIND.

Confusion occurs too with the "mx1.adtlas.com" and "mail.adtlas.com" parameters...

Last but notleast, my machine name is "sd-20384".

I've the same "ethical problem" as this one: https://forum.linode.com/viewtopic.php?t=7888

And I would like simply to be able to send mail with my PERL programs, using the MIME::Lite CPAN module, with "webcontact@vehicall.com" or "webcontact@adtlas.com" or "mickey@mouse.com" as sender without being flagged as spam...

If you are patient like me :-) I can provide my configuration files too !
Reply | Threaded
Open this post in threaded view
|

Re: Two domains names under the same IP: how to handle this issue ?

lists@rhsoft.net


Am 05.04.2014 14:15, schrieb Germain:
> Thank you for your appreciated remarks !
>
> I apologize for masking at first my data, but a lot of people are doing the
> same at first with a generic question.

yes, and if you each time trying to help somebody need to
go trough several mails for get the real pocture.....

> As you have seen, I've then provided on my own my full parameters when it
> was necessary...
>
> Please don't hurt too much dumb people asking for help: I'm for sure NOT a
> POSTFIX or BIND guru and on Internet you will find many times confusing, if
> not conflicting, informations about parameters for those servers...
>
> For me, and again excuse me, the terms "hostname", "domain" and "machine"
> can be sometimes confusing when they relate to parametersi to be used in
> configuration files for POSTFIX and BIND.

no, they are really clear and to be honest if you have a problem to understand
that terms you should hire somebody who does because that is a prerequisite
for maintain a network facing machine

* domain: example.com
* FQDN: mail.example.com
* hostname: mail (in that case)

> Confusion occurs too with the "mx1.adtlas.com" and "mail.adtlas.com"
> parameters...
>
> Last but notleast, my machine name is "sd-20384".

what machine name is "sd-20384" and how does it matter?

you may fight corrently with DNS-TTL, means even if you changed the
PTR it may take up to 24 or 48 hours to get changed in dns caches
all over the world, on the other hand there is still no A record for
"mail.adtlas.com" asking your primary nameserver - so change that!

final goal you should achieve:

125.117.191.88.in-addr.arpa name = mail.adtlas.com
mail.adtlas.com  = 88.191.117.125
main.cf -> smtp_helo_name -> mail.adtlas.com

that is what the world is interested in because these are the
public records and "smtp_helo_name" is the greeting your server
makes to the destination which should be

a) FQDN
b) a exsting hostname
c) relsove to a IP which should resolve back
__________________________

currently:

[harry@srv-rhsoft:~]$ nslookup 88.191.117.125 8.8.8.8
Server:         8.8.8.8
Address:        8.8.8.8#53
Non-authoritative answer:
125.117.191.88.in-addr.arpa     name = adtlas.com.

Name Server : NSPRI.ADTLAS.COM
Name Server : NSSEC.ONLINE.NET
Registrar Name : Namebay
[harry@srv-rhsoft:~]$ nslookup mail.adtlas.com NSPRI.ADTLAS.COM
Server:         NSPRI.ADTLAS.COM
Address:        88.191.117.125#53
** server can't find mail.adtlas.com.test.rh: REFUSED

> I've the same "ethical problem" as this one:
> https://forum.linode.com/viewtopic.php?t=7888
>
> And I would like simply to be able to send mail with my PERL programs, using
> the MIME::Lite CPAN module, with "[hidden email]" or
> "[hidden email]" or "[hidden email]" as sender without being
> flagged as spam...

that is independent from what is producing the messages, if you struggle with
a wrong basic setup with your DNS records and hostname configurations you
should not setup a MTA
Reply | Threaded
Open this post in threaded view
|

Re: Two domains names under the same IP: how to handle this issue ?

Germain
Thank you for the accurate details !

When I issue the command:

nslookup mx1.adtlas.com NSPRI.ADTLAS.COM

I receive that, and it seems to me correct:

Server:         NSPRI.ADTLAS.COM
Address:        88.191.117.125#53

Name:   mx1.adtlas.com
Address: 88.191.117.125

As I wrote in my previous reply, my FQDN is mx1.adtlas.com and I think the "mail" prefix is not mandatory !
I may use what I want, right ?

But my problem was due the missing "smtp_helo_name = mx1.adtlas.com", so I've added it in the main.cf file before to restart POSTFIX :-)

Unfortunately I will hire nobody right now: I'm a 62-year old Swiss retiree which has done painfully its two innovative Web sites by learning alone by himself all pieces of the puzzle to set them up and to keep them running: PERL, JavaScript, HTML, etc.
 
But sometimes I've to go on forums like this one to discuss with experts as you, which I thank a lot for their appreciated help... and their patience too :-)
Reply | Threaded
Open this post in threaded view
|

Re: Two domains names under the same IP: how to handle this issue ?

Miles Fidelman
In reply to this post by Germain
It strikes me that I haven't seen a general answer to the original
question - how to set up PTR records when one is serving more than one
domain under the same IP address.

This is of particular interest to me in that I currently do this as
well.  What I'm doing now, seems to be working, but it's a matter of
accident, not design (small cluster, originally set up to support
company email and web servers for a few consulting clients, now also
hosting a variety of email lists -- the web servers all have their own
IP addresses, but the email domains share a common postfix installation
-- the postfix configuration and dns records have just been adjusted
over time).  It's all working, nothing is getting blocked, but I'm not
sure why.

The original poster's question caught my attention - the RFCs suggest
that there should be only one PTR record per IP address -- which begs
the question of what do when one is serving multiple domains behind that
IP (be they virtual web servers or mail servers).  And I can't seem to
find any established best practices (in RFC form or less formally) -
just a lot of anecdotal stories.

One thing that I've gathered is that how various programs - notably SMTP
servers and anti-spam packages - make use of PTR records, and how they
behave in the their absence, or in the case of mismatches, is idiosyncratic.

Which leads to several obvious questions:
- how does postfix use PTR records (e.g., which header lines are
matched, at what points in the processing chain, ...)?
- how does it react to the absence of a PTR record?
- how does it react to mismatches (and in which headers)?
- how much of this is configurable?

Yes, a lot of this is buried in the documentation - and I'm going off to
look - but the real question is:  are there any lessons learned and/or
best practices to be applied to the general case of serving multiple
domains from the same IP address?

Inquiring minds want to know!

Miles Fidelman

--
In theory, there is no difference between theory and practice.
In practice, there is.   .... Yogi Berra

Reply | Threaded
Open this post in threaded view
|

Re: Two domains names under the same IP: how to handle this issue ?

lists@rhsoft.net
In reply to this post by Germain


Am 05.04.2014 15:38, schrieb Germain:

> Thank you for the accurate details !
>
> When I issue the command:
>
> nslookup mx1.adtlas.com NSPRI.ADTLAS.COM
>
> I receive that, and it seems to me correct:
>
> Server:         NSPRI.ADTLAS.COM
> Address:        88.191.117.125#53
>
> Name:   mx1.adtlas.com
> Address: 88.191.117.125
>
> As I wrote in my previous reply, my FQDN is mx1.adtlas.com and I think the
> "mail" prefix is not mandatory !
> I may use what I want, right ?

yes, doing so consistent everywhere

> But my problem was due the missing "smtp_helo_name = mx1.adtlas.com", so
> I've added it in the main.cf file before to restart POSTFIX :-)

no, you did not get that far because your PTR needs to be "mx1.adtlas.com" too

[harry@srv-rhsoft:~]$ nslookup 88.191.117.125
Server:         127.0.0.1
Address:        127.0.0.1#53

Non-authoritative answer:
125.117.191.88.in-addr.arpa     name = adtlas.com

> Unfortunately I will hire nobody right now: I'm a 62-year old Swiss retiree
> which has done painfully its two innovative Web sites by learning alone by
> himself all pieces of the puzzle to set them up and to keep them running:
> PERL, JavaScript, HTML, etc.
>  
> But sometimes I've to go on forums like this one to discuss with experts as
> you, which I thank a lot for their appreciated help... and their patience
> too :-)

no problem - only please be very careful in case of a mailserver, that
brings great responsiblity and in case of misconfigurations playing
open relay and spread spam or malware it affects anybody out there!
Reply | Threaded
Open this post in threaded view
|

Re: Two domains names under the same IP: how to handle this issue ?

lists@rhsoft.net
In reply to this post by Miles Fidelman


Am 05.04.2014 17:01, schrieb Miles Fidelman:
> It strikes me that I haven't seen a general answer to the original question
> how to set up PTR records when one is serving more than one domain under
> the same IP address.

don't setup PTR records and A records for a mailsever
setup *one* PTR record, *one* A record and *one* HELO-name

just use a generic hostname like "mail.yourcompany.tld" and
use that as MX records for as many domains you are hosting
on that mailserver

that:

a) works
b) is consistent
c) don't bring you in trouble if it comes to TLS
d) keeps things simple

proven by hosting some hundret domains for a decade on one hostname

Reply | Threaded
Open this post in threaded view
|

Re: Two domains names under the same IP: how to handle this issue ?

Reko Turja
In reply to this post by Miles Fidelman
-----Original Message-----
From: Miles Fidelman

> The original poster's question caught my attention - the RFCs suggest that
> there should be only one PTR record per IP address -- which begs the
> question of what do when one is serving multiple domains behind that

You set up the other domains so that the DNS has the "main" name as MX and
the server sends mail even for the other domains using the server real name.
In addition, setting up things like SPF and DKIM records for all the domains
and making the "main" MX the authorised sender for them helps with
validation.

-Reko

Reply | Threaded
Open this post in threaded view
|

Re: Two domains names under the same IP: how to handle this issue ?

/dev/rob0
In reply to this post by Miles Fidelman
On Sat, Apr 05, 2014 at 11:01:54AM -0400, Miles Fidelman wrote:
> Which leads to several obvious questions:
> - how does postfix use PTR records (e.g., which header lines
> are matched, at what points in the processing chain, ...)?

A client connects to smtpd. The PTR for the client IP address is
looked up. The PTR value (that is, a hostname, such as
"x.example.com.") is also looked up. If an A record matching the
client IP address is returned, smtpd logs the connection as coming
from "x.example.com[client.ip.add.ress]". Then if mail is eventually
accepted, the Received header is constructed similarly:

Received: from <helo_name_given> (x.example.com[client.ip.add.ress])

If this verification process fails, such as when no PTR exists for
the address (see reject_unknown_reverse_client_hostname) or when the
PTR value lookup fails (nxdomain, servfail, timeout) or returns a
different IP address (see reject_unknown_client_hostname), smtpd logs
the connection as coming from "unknown[client.ip.add.ress]".

"Which header lines are matched"? I have no idea what you mean.

"At what points in the processing chain"? This is all done by smtpd
for any new client connection.

> - how does it react to the absence of a PTR record?

By default, only by logging as per above. Otherwise, according to
whatever restrictions you have chosen to enforce.

> - how does it react to mismatches (and in which headers)?

A PTR/A mismatch is "unknown". Again, no idea what you are asking
about headers.

> - how much of this is configurable?

Restrictions are configurable. See the ones listed under
postconf.5.html#smtpd_client_restrictions . Logging is not
configurable.

> Yes, a lot of this is buried in the documentation - and I'm going
> off to look - but the real question is: are there any lessons
> learned and/or best practices to be applied to the general case
> of serving multiple domains from the same IP address?

Pick ONE name to be the canonical name of the machine. Set that as
your PTR value for the IP address, and make sure that the name
resolves to that address. Set that name as $myhostname. Forget the
quest for the "perfect headers": it's not worth the trouble, and
nobody cares anyway.


Addendum:

One other comment to this thread: please, PLEASE, get rid of
nslookup. It is broken, bug-ridden garbage that will not be fixed.
Nobody in A.D. 2014 should be recommending it. The proper tool for
DNS troubleshooting is dig(1).
--
  http://rob0.nodns4.us/
  Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
Reply | Threaded
Open this post in threaded view
|

Re: Two domains names under the same IP: how to handle this issue ?

lists@rhsoft.net

Am 05.04.2014 18:06, schrieb /dev/rob0:
> One other comment to this thread: please, PLEASE, get rid of
> nslookup. It is broken, bug-ridden garbage that will not be fixed.
> Nobody in A.D. 2014 should be recommending it. The proper tool for
> DNS troubleshooting is dig(1)

agreed, but until now i found no way to do the PTR request
with dig or was not interested that much to dig docs instead
just type or find it absurd that "dig PTR 8.8.8.8" don't work

[harry@srv-rhsoft:~]$ nslookup 8.8.8.8
Server:         127.0.0.1
Address:        127.0.0.1#53

Non-authoritative answer:

8.8.8.8.in-addr.arpa    name = google-public-dns-a.google.com.

Authoritative answers can be found from:
8.8.8.in-addr.arpa      nameserver = ns3.google.com.
8.8.8.in-addr.arpa      nameserver = ns4.google.com.
8.8.8.in-addr.arpa      nameserver = ns2.google.com.
8.8.8.in-addr.arpa      nameserver = ns1.google.com.
ns1.google.com  internet address = 216.239.32.10
ns4.google.com  internet address = 216.239.38.10
ns3.google.com  internet address = 216.239.36.10
ns2.google.com  internet address = 216.239.34.10

Reply | Threaded
Open this post in threaded view
|

Re: Two domains names under the same IP: how to handle this issue ?

/dev/rob0
On Sat, Apr 05, 2014 at 06:23:05PM +0200, [hidden email] wrote:
> Am 05.04.2014 18:06, schrieb /dev/rob0:
> > One other comment to this thread: please, PLEASE, get rid of
> > nslookup. It is broken, bug-ridden garbage that will not be
> > fixed. Nobody in A.D. 2014 should be recommending it. The
> > proper tool for DNS troubleshooting is dig(1)
>
> agreed, but until now i found no way to do the PTR request
> with dig or was not interested that much to dig docs instead
> just type or find it absurd that "dig PTR 8.8.8.8" don't work

"dig -x 8.8.8.8" is what you're after. :) The -x says "reverse the
dotted elements, append '.in-addr.arpa.' and set QTYPE to PTR."
Unlike most dig command line elements, order matters: the "-x" must
come immediately before the IP address being queried.

Note that it's not smart. ANY string of dotted elements will be
handled in this way, not just an IPv4 address.

Agreed that nslookup has a lower learning curve, and some folks
prefer its interactive mode. To me that's not worth the risk of
getting wrong/misleading data.

> [harry@srv-rhsoft:~]$ nslookup 8.8.8.8
> Server:         127.0.0.1
> Address:        127.0.0.1#53
>
> Non-authoritative answer:
>
> 8.8.8.8.in-addr.arpa    name = google-public-dns-a.google.com.
--
  http://rob0.nodns4.us/
  Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
Reply | Threaded
Open this post in threaded view
|

Re: Two domains names under the same IP: how to handle this issue ?

Miles Fidelman
In reply to this post by lists@rhsoft.net
[hidden email] wrote:

>
> Am 05.04.2014 17:01, schrieb Miles Fidelman:
>> It strikes me that I haven't seen a general answer to the original question
>> how to set up PTR records when one is serving more than one domain under
>> the same IP address.
> don't setup PTR records and A records for a mailsever
> setup *one* PTR record, *one* A record and *one* HELO-name
>
> just use a generic hostname like "mail.yourcompany.tld" and
> use that as MX records for as many domains you are hosting
> on that mailserver
>
> that:
>
> a) works
> b) is consistent
> c) don't bring you in trouble if it comes to TLS
> d) keeps things simple
>
> proven by hosting some hundret domains for a decade on one hostname

True.  And that's pretty much what I've ended up doing.

One minor nit, though: when one is hosting email for clients, the
generic hostname needs to be something innocuous (for example, when you
use godaddy's mail services, all the mail goes out from
xxxx.secureserver.net).


--
In theory, there is no difference between theory and practice.
In practice, there is.   .... Yogi Berra

Reply | Threaded
Open this post in threaded view
|

Re: Two domains names under the same IP: how to handle this issue ?

lists@rhsoft.net


Am 05.04.2014 19:34, schrieb Miles Fidelman:

> [hidden email] wrote:
>>
>> Am 05.04.2014 17:01, schrieb Miles Fidelman:
>>> It strikes me that I haven't seen a general answer to the original question
>>> how to set up PTR records when one is serving more than one domain under
>>> the same IP address.
>> don't setup PTR records and A records for a mailsever
>> setup *one* PTR record, *one* A record and *one* HELO-name
>>
>> just use a generic hostname like "mail.yourcompany.tld" and
>> use that as MX records for as many domains you are hosting
>> on that mailserver
>>
>> that:
>>
>> a) works
>> b) is consistent
>> c) don't bring you in trouble if it comes to TLS
>> d) keeps things simple
>>
>> proven by hosting some hundret domains for a decade on one hostname
>
> True.  And that's pretty much what I've ended up doing.
>
> One minor nit, though: when one is hosting email for clients, the generic hostname needs to be something innocuous
> (for example, when you use godaddy's mail services, all the mail goes out from xxxx.secureserver.net)

well, "mail.yourcompany.tld" should be innocuous enough and if someone asks
why you find easily a dozen large mail providers to point here "because they
are doing the same and it just works"

we had also "mail.customer1.tld", "mail.customer2.tld"... until i stepped
in and stopped that because here and there someone forgot the MX or
the A-record or both and now instead of fighting with that the mailbackend
set's the MX to always he same generic name

at that time TLS was no topic because the old Apple based mail server did
not support it at all - after i built the new mail systems with encryption
i was glad to clean that up long enough before and keep things as simple
as possible
_________________________________

general rule for administration:
if you have 5 ways to achieve the same result chose the simplest one until
you find no good reason not to do so - in the best case choose a lot of
simple implementations you understand and can explain if somebody wakes you
in the middle of the night, stick them together to a big picture

if sooner or later one of the pieces will fail you will be thanful if
you can fix that or even replace it with a better implementation not
known at the first start without touching the other pieces at all

that's why postfix has different processes for different tasks and works
for decades while not care about storage, sieve, responders and what not
because they all can be intergated however someone needs
12