NAT Entries for Mail Server Question - rDNS



  • Good Morning:

    I have a few questions I was hoping someone could help me with.  I have PFSense in production and it is running great, love it.  I recently put an exchange server in from another location and created all the firewall rules and NAT entries and everything was working fine mail was flowing with ease.  Then in the exchange que I noticed some errors a day or two later.

    450 Service Permits 2 unverifyable sending IPs - server.domain.com is not 70.113.25.105

    This is only happening on a handful of domains, aol.com, att.net, etc

    The mock IP above is actually the IP of my firewall not the exchange server, this leads me to believe I have an outgoing NAT issue.  I created the reverse DNS entry for the mail.domain.com to resolve to the IP address of the exchange server.  I have an outgoing nat rule in which allows all LAN traffic any destination.

    Can anyone give me some insight on anything I may be missing?


  • Banned

    70.113.25.105 is cpe-70-113-25-105.austin.res.rr.com. So, unless your MX record points to cpe-70-113-25-105.austin.res.rr.com (which I'm pretty damn sure it does not), dunno what's the question here.



  • That was not the correct IP, sorry I cannot/display use my static IP (it was for display purposes, I explain it is a mock ip).

    When I run the reverse lookup of the IP i get a valid result of mail.domain.com


  • Banned

    Well, if you cannot display your static IP and other DNS records, then noone can verify the DNS setup and there's no point to this thread. Simply, if mail.domain.com resolves to 1.2.3.4, then PTR for 1.2.3.4 must resolve back to mail.domain.com.



  • It was not a setting in PFSense, I found that I did not match my rDNS to the HELO address, rather to a requested hostname.  Sorry quys, thanks for the help.

    "I could not figure out how to delete thread."