On Wed, 2019-02-20 at 13:09 -0800, Mike Wright wrote:
[snip] You didn't have a dns delegation-of-authority which allows you to claim control or the mail server's reverse dns address and showing you're not some fly-by-night spammer or some such.
If your were to dig for the PTR record for the mailserver's IP you would get back something like 75-25-207-10.lightspeed.sjcpca.sbcglobal.net that indicates who is currently in charge of that IP. If you had the delegation-of-authority it would return YOUR mailserver's name.
e.g. 1st record shows name of mailserver for your domain 2nd record shows address of mailserver 3rd record ties the mailserver's address to it's IP
forward dns: yourchurch.org IN MX mx.yourchurch.org forward dns: mx.yourchurch.org IN A 192.168.10.20 reverse dns: 20.10.168.192.in-addr.arpa IN PTR mx.yourchurch.org
The delegations are usually available from your ISP if you're persistent and may come with a monthly fee. AT&T used to charge me $5 US but raised it to $15 because they could. Good bye AT&T, hello Digital Ocean: $5 for a basic server includes a delegated authority record.
Yes! Now that you mention it, that's the buzzword I was blanking on. My mistake was that I thought that the delegation of authority was a configuration issue and I kept trying different ways of assigning it to myself in the bind configuration files and nothing worked. I got to that horrible point of just making random changes in random configuration files just to see if anything would change, and then gave up. I completely missed that I had to go to the ISP to get it.
Sigh. That's part of my life I'll never get back.
billo