On Wed, 2019-02-20 at 13:09 -0800, Mike Wright wrote:
[snip]
You didn't have a dns delegation-of-authority which allows you to
claim
control or the mail server's reverse dns address and showing you're
not
some fly-by-night spammer or some such.
If your were to dig for the PTR record for the mailserver's IP you
would
get back something like
75-25-207-10.lightspeed.sjcpca.sbcglobal.net
that indicates who is currently in charge of that IP. If you had
the
delegation-of-authority it would return YOUR mailserver's name.
e.g.
1st record shows name of mailserver for your domain
2nd record shows address of mailserver
3rd record ties the mailserver's address to it's IP
forward dns:
yourchurch.org IN MX
mx.yourchurch.org
forward dns:
mx.yourchurch.org IN A 192.168.10.20
reverse dns: 20.10.168.192.in-addr.arpa IN PTR
mx.yourchurch.org
The delegations are usually available from your ISP if you're
persistent
and may come with a monthly fee. AT&T used to charge me $5 US but
raised it to $15 because they could. Good bye AT&T, hello Digital
Ocean: $5 for a basic server includes a delegated authority record.
Yes! Now that you mention it, that's the buzzword I was blanking on.
My mistake was that I thought that the delegation of authority was a
configuration issue and I kept trying different ways of assigning it to
myself in the bind configuration files and nothing worked. I got to
that horrible point of just making random changes in random
configuration files just to see if anything would change, and then gave
up. I completely missed that I had to go to the ISP to get it.
Sigh. That's part of my life I'll never get back.
billo