I recently updated my MIAB, in the process I changed the IP.
Prior to updating I checked that the new IP wasn’t blacklisted. Unfortunately after updating email sent from MIAB are blocked (550 5.7.0) by Proofpoint (used by Apple for iCloud).
I thought that the IP was probably blocked because of some previous owner misuse. But here is the response from Proofpoint support:
The listing is due to invalid or generic PTR (reverse DNS) Record for the IP. The PTR record designates ownership and authorized use of the IP. The IP needs to be given a fully qualified domain name which resolved back to that IP.
For Example: mail.domain.com
Also, if the PTR starts with either: mail, mts, mx, out, smtp, that will help resolve the issue.
Please feel free respond to this message once the PTR record has been fixed, and the IP will be re-evaluated by the Threat Operations Team.
My glue records are set correctly, and everything is green in MIAB. They don’t wan’t to remove the block. Are they suggesting that the issue is the actual domain name of MIAB box.xxxxx.xxxx? Should I just try to change the primary domain.
What do you guys suggest?
PTR Record (Reverse DNS) is something different
It’s set by the owner/provider of your IP address …so your VPS provider or ISP if hosting at home …
My favorite ISP has a great article about it and will happily set one for you if you join
@Box Thank you for the response.
Indeed, my bad for the write up of the issue. Nevertheless the reverse DNS is set properly from digital ocean, and shows as green in MIAB.
Do you have IPv6 as well?
I would double check your PTR Record is correct for both IPv4/6 and e-mail them back the details (perhaps including links to the online tools below) with request to unblock.
Or request more information on what it should be …
Or even better compare against the old IP address (if it has still set the PTR record) with the following commands:
dig -x 22.214.171.124 @126.96.36.199
dig PTR 188.8.131.52.in-addr.arpa
host 184.108.40.206 220.127.116.11
nslookup 18.104.22.168 22.214.171.124
nslookup -debug 126.96.36.199 188.8.131.52
nslookup -type=PTR 184.108.40.206 220.127.116.11
nslookup -debug -d2 -type=PTR 18.104.22.168 22.214.171.124
and see if you can spot something different.
No, IPv6 is disabled completely.
The reverse lookup form MXtoolbox and the DNS report from the domain are bringing up the correct information. I will resubmit to Proofpoint with the details.
Keep in mind that rDNS also takes time to propagate. It could quite well be that it wasn’t fully propagated yet when you made your inquiry. But yes, check with them again.
If they deny you again, send them a link to the MiaB doc’s recommending that ‘box’ be used as the hostname … or simply change your MiaB hostname to ‘mail’ to comply with their requirements. Rather silly methinks … but …
You could also point out that there are over 20k installations of MiaB … https://www.shodan.io/search?query=mail-in-a-box
@alento, thanks for the feedback.
I has been over two weeks, so I don’t think the propagation is an issue. Could it be that the PTR record on the old IP is still active? Proofpoint mentioned “Generic PTR” what would it mean?
I submitted a new ticket but they still replied the same automated response. I’m just left with the option to change the main domain of my MIAB?
For anyone facing the same issue.
Changing the primary domain from box.domain.com to mail.domain.com did solve the issue. I still suspect that it’s because of an IP change on box.domain.com rather than Proofpoint not liking the box. sub domain.