Hey!
I'm currently rethinking my current email setup, because some "intelligent" cloud SPAM services tend to qualify my source IPs as SPAM senders (because I'm using a dyndns hostname).
The setup is as follows:
- I have two Sophos nodes in active/passive configuration
- They both have one active interface in IP subnet 1 and one passive standby interface in IP subnet 2 (one provider has no volume limit, that's why we don't use active/active-interfaces)
- Hostname is somehost.dyndns.org (because if the firewall fails over to the second interface, this host name is changed to the new IP)
- SMTP Hostname is somehost.dyndns.org
- PTR records for both IPs point back to somehost.dyndns.org
This mail setup works quite flawlessly - but unfortunately more and more of those security gateways don't like mail hosts, that use a dyndns.org address.
My question is now: What is the most reliable outbound mail setup for my configuration.
I'm currently thinking about the following setup:
- Create two A record mail.mydomain.com that have IP1 and IP2
- Point both PTRs to mail.mydomain.com
- Set mail.mydomain.com as SMTP hostname
The only problem that I can see with this setup, is that a reverse DNS check on my IP could fail when the PTR mail.mydomain.com is checked and only one IP address is expected as a result. E.g. if the firewall sends mail with active interface IP1, the receiving host resolves the IP to mail.mydomain.com and IP2 is returned or the host evaluates IP2 only...
Wouldn't it be optimal if I could chose two different mail hostnames for each ISP. Say mail1.mydomain.com if using the IP1 and mail2.mydomain.com if using IP2.
May be there's someone out there who has an interesting idea to solving this in a better way...
Regards
Alex
This thread was automatically locked due to age.
