Deliverability issue with Proofpoint

viablub · September 16, 2020, 10:35pm

Hello,

I recently updated my MIAB, in the process I changed the IP.
Prior to updating I checked that the new IP wasn’t blacklisted. Unfortunately after updating email sent from MIAB are blocked (550 5.7.0) by Proofpoint (used by Apple for iCloud).

I thought that the IP was probably blocked because of some previous owner misuse. But here is the response from Proofpoint support:

Hello,

The listing is due to invalid or generic PTR (reverse DNS) Record for the IP. The PTR record designates ownership and authorized use of the IP. The IP needs to be given a fully qualified domain name which resolved back to that IP.

For Example: mail.domain.com

Also, if the PTR starts with either: mail, mts, mx, out, smtp, that will help resolve the issue.

Please feel free respond to this message once the PTR record has been fixed, and the IP will be re-evaluated by the Threat Operations Team.

Regards,

Proofpoint Support

My glue records are set correctly, and everything is green in MIAB. They don’t wan’t to remove the block. Are they suggesting that the issue is the actual domain name of MIAB box.xxxxx.xxxx? Should I just try to change the primary domain.

What do you guys suggest?

Thanks

box · September 17, 2020, 6:02am

PTR Record (Reverse DNS) is something different

It’s set by the owner/provider of your IP address …so your VPS provider or ISP if hosting at home …

My favorite ISP has a great article about it and will happily set one for you if you join
https://support.aa.net.uk/Reverse_DNS
https://www.aa.net.uk/etc/domains/reverse-dns/

viablub · September 17, 2020, 6:29am

@Box Thank you for the response.

Indeed, my bad for the write up of the issue. Nevertheless the reverse DNS is set properly from digital ocean, and shows as green in MIAB.

box · September 17, 2020, 8:58am

Do you have IPv6 as well?

I would double check your PTR Record is correct for both IPv4/6 and e-mail them back the details (perhaps including links to the online tools below) with request to unblock.

Or request more information on what it should be …

http://www.intodns.com/
or
https://mxtoolbox.com/ReverseLookup.aspx

Or even better compare against the old IP address (if it has still set the PTR record) with the following commands:
dig -x 94.76.202.152 @8.8.8.8

dig PTR 152.202.76.94.in-addr.arpa

host 94.76.202.152 8.8.8.8

nslookup 94.76.202.152 8.8.8.8

nslookup -debug 94.76.202.152 8.8.8.8

nslookup -type=PTR 94.76.202.152 8.8.8.8

nslookup -debug -d2 -type=PTR 94.76.202.152 8.8.8.8

and see if you can spot something different.

Ref:

viablub · September 17, 2020, 12:45pm

No, IPv6 is disabled completely.

The reverse lookup form MXtoolbox and the DNS report from the domain are bringing up the correct information. I will resubmit to Proofpoint with the details.

alento · September 17, 2020, 2:59pm

Keep in mind that rDNS also takes time to propagate. It could quite well be that it wasn’t fully propagated yet when you made your inquiry. But yes, check with them again.

If they deny you again, send them a link to the MiaB doc’s recommending that ‘box’ be used as the hostname … or simply change your MiaB hostname to ‘mail’ to comply with their requirements. Rather silly methinks … but …

You could also point out that there are over 20k installations of MiaB … https://www.shodan.io/search?query=mail-in-a-box

viablub · September 17, 2020, 11:22pm

@alento, thanks for the feedback.

I has been over two weeks, so I don’t think the propagation is an issue. Could it be that the PTR record on the old IP is still active? Proofpoint mentioned “Generic PTR” what would it mean?

I submitted a new ticket but they still replied the same automated response. I’m just left with the option to change the main domain of my MIAB?

viablub · September 24, 2020, 12:05am

For anyone facing the same issue.

Changing the primary domain from box.domain.com to mail.domain.com did solve the issue. I still suspect that it’s because of an IP change on box.domain.com rather than Proofpoint not liking the box. sub domain.