反向解析RDNS

之前公司的服务器经常上黑名单导致外发不了邮件,尤其是用户发往国外,香港的邮件很容易被拒,申请做了个反向解析(RDNS),还没有做完,还差最后一步,等做完了来补充.下面是完整的RDNS的概念,怎样做RDNS,以及做完了如何查询是否生效的办法---都是网上摘来的,加以综合.

一,反向解析的概念:

RDNS(Reverse DNS)就是反向解析,就是把IP解析成域名。DNS是正向解析,把域名解析成IP。

为什么需要做RDNS?
    因为有些应用程序需要反向来认证对方,如SMTP,也就是为什么国外很多SMTP发往国外的邮件被退信的主要原因。做了RDNS会好很多。DNS服务器里有两个区域,即“正向查找区域”和“反向查找区域”,反向查找区域即是这里所说的IP反向解析,它的作用就是通过查询IP地址的PTR记录来得到该IP地址指向的域名,当然,要成功得到域名就必需要有该IP地址的PTR记录.

    那么IP反向解析是怎么被应用到邮件服务器中来阻拦垃圾邮件的呢?我们来看看下面一个例子:某天,阿Q到A公司拜访,他递上一张名片,名片上写着他来自“黑道杀人俱乐部”以及电话号码等信息,A公司觉得应该对阿Q的来历做个简单调查,于是打电话到阿Q名片上的电话号码所属电信局进行查实,如果电信局告诉A公司其电话号码不属于“黑道杀人俱乐部”,则A公司将拒绝阿Q的拜访,如果其电话号码的确属于“黑道杀人俱乐部”,A公司可能接受阿Q的拜访也可能进一步查实,于是就打电话到“黑道杀人俱乐部”所属注册机构查询,如果得到的答复确认该俱乐部确有此电话号码,则A公司将接受阿Q的拜访,否则仍将拒绝阿Q的拜访。  

    例子中,阿Q好比是我们的邮件服务器,A公司是对方邮件服务器,“黑道杀人俱乐部”就是我们邮件服务器与对方邮件服务器通信时所使用的HELO域名(不是邮件地址@后的域名),名片上的电话号码就是我们邮件服务器出口的公网IP地址。A公司对阿Q进行调查的过程就相当于一个反向解析验证过程。由此看出,反向解析验证其实是对方服务器在进行的,如果我们没有做反向解析,那么对方服务器的反向解析验证就会失败,这样对方服务器就会以我们是不明发送方而拒收我们发往的邮件,这也就是我们排除其它原因后(如被对方列入黑名单、没有MX记录、使用的是动态IP地址等等)在没做反向解析时无法向sina.com、homail.com发信的原因。

二,怎样做RDNS

首先要有固定公网IP地址、可用域名(最好不要被其它服务所用),例如您有lunch-time.com的域名,您可以要求您的域名注册商为您添加一个okmail.lunch-time.com的域名  并将其A记录指向您的SMTP服务器出口公网IP地址,如:220.112.20.18,接着请与您的固定IP所属ISP联系要求为您的IP反向解析至okmail.lunch-time.com。完成后别忘了将您的SMTP服务器的HELO域名改为okmail.lunch-time.com,这样才可以达到目的。

请翻译:202.192.1.5 is making SMTP connections which indicate that it is misconfigured. Some elements of your existing configuration create message characteristics identical to previously identified spam messages. Please align the mail erver's HELO/EHLO 'icoremail.net' with proper DNS (forward and reverse) values for a mail server. Here is an example: Correct HELO/DNS/rDNS alignment for domain example.com: - Mail server HELO: mail.example.com - Mail server IP: 192.0.2.12 - Forward DNS: mail.example.com -> 192.0.2.12 - Reverse DNS: 192.0.2.12 -> mail.example.com Correcting an invalid HELO or a HELO/forward DNS lookup mismatch will stop the IP from being listed again. Points to consider: * Alignment: it is strongly recommended that the forward DNS lookup (domain name to IP address) and rDNS (IP to domain) of your IP should match the HELO value set in your server, if possible * The IP and the HELO value should both have forward and rDNS, and should resolve in public DNS * Ensure that the domain used in HELO actually exists! Additional points: * According to RFC, the HELO must be a fully qualified domain name (FQDN): "hostname.example.com" is an FQDN and "example.com" is not an FQDN. * The domain used should belong to your organisation. * HELO is commonly a server setting, not DNS. Contact your hosting provider for assistance if needed. You can test a server's HELO configuration by sending an email from it to helocheck@abuseat.org. A bounce that contains the required information will be returned immediately. It will look like an error, it is not. Please examine the contents of this email. If all settings are correct, you have a different problem, probably malware/spambot. Again, the HELO we are seeing is 'icoremail.net'. The last detection was at 2023-05-27 13:35:00 (UTC). For information on misconfigured or hacked SMTP servers and networks, please see this FAQ: https://www.spamhaus.org/faq/section/Hacked...%20Here's%20help#539 CSS listings expire a few days after last detection. You can always open a ticket (or update an existing one) to inform us when and how the situation was been secured.
05-31
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值