Hello, from the libravatar server some emails are not being delivered with:
NOQUEUE: reject: RCPT from ec2-3-237-94-246.compute-1.amazonaws.com[3.237.94.246]: 450 4.7.1 <ip-172-30-5-38.ec2.internal>: Helo command rejected: Host not found; from=<accounts@libravatar.org> to=<XXXX> proto=ESMTP helo=<ip-172-30-5-38.ec2.internal>
I think it might be due to missing PTR record:
clime@clime.cz ~ $ dig -x 3.237.94.246 ;; ANSWER SECTION: 246.94.237.3.in-addr.arpa. 300 IN PTR ec2-3-237-94-246.compute-1.amazonaws.com.
Would it be possible to setup a PTR record for 3.237.94.246 pointing to libravatar.org?
Thank you clime
I'm not sure if it is possible to set reverse dns in AWS.
Perhaps @mobrien knows?
It is possible but only with an service request on AWS
This was very likely a misconfiguration on our side in postfix (I didn't realize we don't have set correct hostname).
I am not sure if there won't be a further problem with the missing PTR record. You didn't have this problem with some instances on AWS so far?
Thanks
I think we will have this problem. From our logs:
status=deferred (host mx-ha03.web.de[212.227.15.17] refused to talk to me: 554-web.de (mxweb012) Nemesis ESMTP Service not available 554-No SMTP service 554-Bad DNS PTR resource record. 554 For explanation visit https://web.de/email/senderguidelines?ip=3.237.94.246&c=rdns)
Would it be possible to open the service request on AWS?
Metadata Update from @dkirwan: - Issue tagged with: aws, low-gain, medium-trouble
For this to work the IP address would need to be an Elastic IP as they are the only one AWS will accept for reverse dns entries.
I can add an Elastic IP for you if you like but that will mean the IP will change from the one you currently use.
Hello Mark,
I wonder, how does the change work? Is it possible to first add new elastic IP and then remove old?
Or is it an instant change of IP type? If it is an instant change, is IP randomly generated or do we know it in advance?
(I would like to prevent downtimes of the service if possible)
Thank you
Hello,
The current IP will be replaced by the eleastic ip. Yes you can first create an elastic ip (then you know the ip) and later you can associate it to the VM.
But you pay for the elastic ip so long the ip isnt associated.
Best regards Damian
Metadata Update from @mohanboddu: - Issue priority set to: Waiting on Assignee (was: Needs Review)
Hello, The current IP will be replaced by the eleastic ip. Yes you can first create an elastic ip (then you know the ip) and later you can associate it to the VM. But you pay for the elastic ip so long the ip isnt associated. Best regards Damian
We could sync by on certain time and IRC and do this in like 10 mins e.g tomorrow on #fedora-apps. I don't know how much trouble it is for you guys.
I think it would be possible to actually present the server as ec2-3-237-94-246.compute-1.amazonaws.com and therefore use the existing PTR record but I am not completely certain of all the implications of having the service running at libravatar.org but sending emails as a different identity. Probably it would work. Also, is the name ec2-3-237-94-246.compute-1.amazonaws.com sticky?
ec2-3-237-94-246.compute-1.amazonaws.com
We have TLS cert for libravatar.org although the server is not currently acting as MX.
If we can sync on IRC in a certain time, I would like to do the switch. If it is too much management, then I will just try to reconfigure.
I would like to help you but I have no rights here for :-(
VG Damian
Thanks. I sorted it out by using the amazon hostname.
Metadata Update from @clime: - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
Hello, we have problems with the generic ec2-3-237-94-246.compute-1.amazonaws.com PTR record. Would it be possible to switch to libravatar.org then?
Metadata Update from @clime: - Issue status updated to: Open (was: Closed)
To be more precise, if the PTR record name contains IP address as a substring, some mail providers just reject the emails.
Thank you for any help.
ok, so we need to schedule a time to switch it to a elastic ip then. When would you be available? @mobrien likely is better if you are in EU...
hello,
after switch to elastic IP, i think you need fill this form for the reverse entry. https://console.aws.amazon.com/support/contacts?#/rdns-limits
I will be available any time in the following days.
@clime is there a time today or tomorrow that would suit you to do this? I can try make myself available.
Once the elastic IP is updated I will fill out the form as mentioned by dtometzki and we can go from there
@clime is there a time today or tomorrow that would suit you to do this? I can try make myself available. Once the elastic IP is updated I will fill out the form as mentioned by dtometzki and we can go from there
Thanks, I'll be online today since now till at least 3pm. Then tomorrow between 11am to the evening. Even outside of these times, feel free to just ping me on IRC :), I will likely be online.
Working with clime on irc the elastic IP was updated to 54.83.245.205 and a request was raised with AWS to create a PTR record 54.83.245.205 -> libravatar.org
@clime AWS have responded looking for the following
We will require the following before this request can be processed. * A clear/detailed use-case for sending mail from EC2 * A statement indicating how you intend to ensure this account is not implicated in sending unwanted mail
Would you be able to give an answer for that please.
A clear/detailed use-case for sending mail from EC2 Sending libravatar.org service-related emails like "Password Reset", "Registration confirmation link", etc.
A statement indicating how you intend to ensure this account is not implicated in sending unwanted mail Only people working on the service have access. Not anyone else.
I hope, this is sufficient...
Looks like it was :) AWS responded with the below message. I think we can close this out now. Feel free to reopen if necessary
Hello, We have configured the reverse DNS record(s) you requested! Your request was mapped for the following: - Successfully setup libravatar.org as rDNS for 54.83.245.205 Please note that propagation of this update to DNSBL services that Amazon works with may take up to a week. Email sending limitations have also been removed for any resources for the region your EIP is located in. Please let us know if you have any questions. Regards, Amazon Web Services
Metadata Update from @mobrien: - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
Thank you very much!
Log in to comment on this ticket.