On Fri, 27 Jun 2003, Greg A. Woods wrote:
> > 216.168.1.22 is trinity.ranger.supernews.net
> > 216.168.2.22 is trinity.delta.supernews.net
>
> This is all fine and good. However should you choose to do the right
> thing and define a third name that your mailer can use regardless of
> which source address is assigned to its connection then you'll need to
> add two more PTRs, one for each address, each of which point to the new
> third name. Let us say, for example, the new third name you choose is
> "smtpout.supernews.net" then you would add these records to your DNS:
>
> smtpout.supernews.net A 216.168.1.22
> smtpout.supernews.net A 216.168.2.22
>
> 22.1.168.216.in-addr.arpa PTR smtpout.supernews.net
> 22.2.168.216.in-addr.arpa PTR smtpout.supernews.net
>
> You would then configure your mailer to use the principal name
> "smtpout.supernews.net" for all HELO commands.
>
> Then all would be correct and complete, both for Reverse DNS and for SMTP.
Except that you've got this backwards, based on your own arguments about
principal host names. The principal host names in this case would be
trinity.ranger.supernews.net. and trinity.delta.supernews.net. THOSE are
the names which need to exist properly in forward DNS, not a multihomed
service name such as smtpout.supernews.net.
Whether to accept mail where the EHLO/HELO identity does not match the
otherwise properly configured rDNS is a completely separate issue and is
the condition you've apparently put on mail which arrives for your system.
-CA