7

I can't send email messages from my server. However, I can receive email messages. I set up my server the exact same way I did many times which I've proven it works and it's pretty straightforward and consist of: Create a DigitalOcean Droplet (Debian 7.0) + Set PTR record through renaming Droplet to a FQDN + Create Private NameServers in my Domain Registrar and point my domain(s) to my NameServers + Installing VestaCP (child-ns). From here, I simply add a web through VestaCP and the DNS records are added automatically.

I am not sure where I have gone wrong in my configuration but I am getting the error "Reverse DNS is not a valid Hostname" for my domain izanami.co. I set my DigitalOcean Droplet PTR record to izanami.co and all of the tests I have conducted using dig and host seem to return the correct information.

dig -x 188.166.32.113

; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> -x 188.166.32.113
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47119
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;113.32.166.188.in-addr.arpa.   IN  PTR

;; ANSWER SECTION:
113.32.166.188.in-addr.arpa. 1283 IN    PTR izanami.co.

;; Query time: 9 msec
;; SERVER: 8.8.4.4#53(8.8.4.4)
;; WHEN: Fri Aug  7 15:06:39 2015
;; MSG SIZE  rcvd: 69

hostname -f

izanami.co

host izanami.co

izanami.co has address 188.166.32.113
izanami.co mail is handled by 10 mail.izanami.co.

host 188.166.32.113

root@izanami:~# host 188.166.32.113
113.32.166.188.in-addr.arpa domain name pointer izanami.co.

dig +short ptr 188.166.32.113.in-addr.arpa

113x32x166x188.ap113.ftth.ucom.ne.jp.

MXToolBox Transcript

Connecting to 188.166.32.113

220 izanami.co ESMTP Exim 4.80 Fri, 07 Aug 2015 14:20:52 +0200 [5750 ms]
EHLO PWS3.mxtoolbox.com
250-izanami.co Hello pws3.mxtoolbox.com [64.20.227.134]
250-SIZE 52428800
250-8BITMIME
250-PIPELINING
250-AUTH PLAIN LOGIN
250-STARTTLS
250 HELP [719 ms]
MAIL FROM:<supertool@mxtoolbox.com>
250 OK [750 ms]
RCPT TO:<test@example.com>
550 relay not permitted [1141 ms]

PWS3v2 9719ms

I tried to send an email message and this is the log output in /var/log/exim4/mainlog

2015-08-07 14:58:07 1ZNh1m-00025M-ON == web-3ebnda@mail-tester.com <web-3EbnDa@mail-tester.com> R=dnslookup T=remote_smtp defer (-53): retry time not reached for any host

Update:

A few more lines from my /var/log/exim4/mainlog. As you can see, an email message which is supposed to be (auto)forwarded to my Gmail account doesn't succeed.

2015-08-07 17:36:12 H=pws3.mxtoolbox.com [64.20.227.134] F=<supertool@mxtoolbox.com> rejected RCPT <test@example.com>: relay not permitted
2015-08-07 17:49:24 SMTP protocol synchronization error (input sent without waiting for greeting): rejected connection from H=128.red-79-157-253.dynamicip.rima-tde.net [79.157.253.128] input="^\r\n"
2015-08-07 17:51:47 1ZNjvu-0002TQ-Vb DKIM: d=google.com s=20120113 c=relaxed/relaxed a=rsa-sha256 [verification succeeded]
2015-08-07 17:51:47 1ZNjvu-0002TQ-Vb <= send-as-noreply@google.com H=mail-la0-f52.google.com [209.85.215.52] P=esmtps X=TLS1.2:RSA_ARCFOUR_SHA1:128 S=3356 id=CANY4h_3COHYMBQt1RA0QVgEc-LRv6ErtQPh68njd=dqPp_G=VA@mail.gmail.com
2015-08-07 17:51:47 1ZNjvu-0002TQ-Vb => example <example@izanami.co> R=localuser T=local_delivery
2015-08-07 17:51:47 1ZNjvu-0002TQ-Vb alt2.gmail-smtp-in.l.google.com [2607:f8b0:400c:c06::1a] Network is unreachable
Jason Lint
  • 171
  • 1
  • 1
  • 3
  • Your setup seems fine. Where exactly do you see that error ""Reverse DNS is not a valid Hostname""? – Dusan Bajic Aug 07 '15 at 14:38
  • The error message comes from MXToolBox, an online tool for network diagnostics. You can check the output for my domain here: http://mxtoolbox.com/SuperTool.aspx?action=smtp%3aizanami.co&run=toolpage# – Jason Lint Aug 07 '15 at 15:38
  • More info: compared to (several) other mail-server successful setups I do the differences are: 1) the domain izanami.co is managed in Domain.com and I had some issues adding the glue records. I always register my domain and create Private NameServers in Hover and never had any issue. 2) it's a .CO domain (does it matter?). In addition, I also checked if the domain/IP is blacklisted and it's not. – Jason Lint Aug 07 '15 at 15:44
  • I used MXToolBox to check my other server which I setup the exact same way but do work as expected. The result is the same error as for izanami.co: "Reverse DNS is not a valid Hostname". However, I can send email messages through them. – Jason Lint Aug 07 '15 at 16:27
  • Related: [Definition of Fully qualified domain name](http://serverfault.com/q/609188/217116) – sebix Aug 19 '15 at 19:04

1 Answers1

8

I'm not sure about outright invalid but it's at least highly unconventional to have a bare domain name as the (fqdn) hostname for a host.

Normally one has a hostname, eg zeus and a domain name eg example.com forming a fqdn hostname zeus.example.com.


Other than strange choice of name, it looks like the reverse DNS is set up properly (properly forward-confirmed).

$ dig -x 188.166.32.113 +short                                                                                     
izanami.co.
$ dig izanami.co +short                                                                                            
188.166.32.113
$ 


As a sidenote, your dig +short ptr 188.166.32.113.in-addr.arpa looks up the reverse DNS PTR entry for the IP 113.32.166.188 (hence the wildly different result compared to looking up your IP).

Håkan Lindqvist
  • 33,741
  • 5
  • 65
  • 90
  • 1
    It's a bad idea to use the naked domain name as a hostname for a [variety of reasons](http://serverfault.com/a/599725/126632), not least of which is that it causes mail delivery to go haywire. – Michael Hampton Aug 07 '15 at 16:25
  • Should I form a FQDN as Håkan suggests? I'll try that! However, I've never run into problems. Despite the unconventional thing and the many troubles as Michael noted, I've been done that (exactly) many times and this is the first time I run into this. – Jason Lint Aug 07 '15 at 16:37
  • 1
    @JasonLint I certainly think that would be a good idea. It also seems like a plausible reason for the validation error. – Håkan Lindqvist Aug 08 '15 at 07:52