DevOps/ansible-role-docker-mailserver
1
0
Code Issues 3 Actions Packages Projects Wiki

FCrDNS #3

New Issue
Open
opened 2025-11-02 17:22:19 +00:00 by eric · 4 comments
eric commented 2025-11-02 17:22:19 +00:00
Owner
Copy Link

The following error is occurring when attempting to send to mail.mtkn.jp:

2025-11-02T12:36:05.108026+00:00 mail-74549b9f8d-thrcr postfix/smtp[203437]: 15BBFA51C1: to=<hoge@mtkn.jp>, relay=mail.mtkn.jp[*.*.*.*]:25, delay=1, delays=0.05/0.02/0.96/0, dsn=4.0.0, status=deferred (host mail.mtkn.jp[*.*.*.*] refused to talk to me: 550 no FCrDNS.)

I was under the impression that reverse DNS was configured with my domain provider...

https://en.wikipedia.org/wiki/Forward-confirmed_reverse_DNS

The following error is occurring when attempting to send to *mail.mtkn.jp*: ``` 2025-11-02T12:36:05.108026+00:00 mail-74549b9f8d-thrcr postfix/smtp[203437]: 15BBFA51C1: to=<hoge@mtkn.jp>, relay=mail.mtkn.jp[*.*.*.*]:25, delay=1, delays=0.05/0.02/0.96/0, dsn=4.0.0, status=deferred (host mail.mtkn.jp[*.*.*.*] refused to talk to me: 550 no FCrDNS.) ``` I was under the impression that reverse DNS was configured with my domain provider... https://en.wikipedia.org/wiki/Forward-confirmed_reverse_DNS
eric commented 2025-11-02 23:37:18 +00:00
Author
Owner
Copy Link

From @mtkn-jp on Discourse:

$ dig eom.dev

returns your A record pointing to 136.56.38.209.
but

$ dig -x 136.56.38.209
returns PTR record pointing to 136-56-38-209.googlefiber.net., not eom.dev..
Do you host this site at home?
Then I think you can’t set the reverse DNS because the IP address is owned by the ISP (in this case Google?).
Possibly you can ask google to set the reverse DNS, but google probably don’t set that.

I will also check if I can opt out your domain from the FCrDNS filter.

By the way, can you send and receive emails from different domains like gmail.com?

Yes, this is hosted at home. I did do something to set up my PTR records, though I am forgetting exactly what that was at the moment. I am currently able to send to other domains like Google, though if it isn't coming from a service like Discourse it often gets caught by the spam filters.

From @mtkn-jp on [Discourse](https://discourse.eom.dev/t/discourse/71/9?u=eric): > ```$ dig eom.dev``` > > returns your A record pointing to 136.56.38.209. > but > > ```$ dig -x 136.56.38.209``` > returns PTR record pointing to 136-56-38-209.googlefiber.net., not eom.dev.. > Do you host this site at home? > Then I think you can’t set the reverse DNS because the IP address is owned by the ISP (in this case Google?). > Possibly you can ask google to set the reverse DNS, but google probably don’t set that. > > I will also check if I can opt out your domain from the FCrDNS filter. > > By the way, can you send and receive emails from different domains like gmail.com? Yes, this is hosted at home. I did do something to set up my PTR records, though I am forgetting exactly what that was at the moment. I am currently able to send to other domains like Google, though if it isn't coming from a service like Discourse it often gets caught by the spam filters.
mtkn-jp commented 2025-11-03 00:09:21 +00:00
Copy Link

Hi I'm eev4911.

I checked my gmail INBOX and found that I reveiced from your domain without any issue.
I need to investigate my mail server.
I use OpenSMTPD on OpenBSD.

Hi I'm eev4911. I checked my gmail INBOX and found that I reveiced from your domain without any issue. I need to investigate my mail server. I use OpenSMTPD on OpenBSD.
eric commented 2025-11-03 00:34:38 +00:00
Author
Owner
Copy Link

Thanks for coming over!

Checking my DNS settings on Squarespace, I actually have the PTR record set exactly as you saw: 136-56-38-209.googlefiber.net. Setting it to eom.dev seems like the obvious thing to do, but it seems like the first thing that I would have tried when setting this up so I'm wondering if that didn't work for some reason. The issue was DevOps/software-infrastructure#21. I'd like to think this over before changing the value - it might also be helpful to coordinate a way to test.

Thanks for coming over! Checking my DNS settings on Squarespace, I actually have the PTR record set exactly as you saw: `136-56-38-209.googlefiber.net`. Setting it to `eom.dev` seems like the obvious thing to do, but it seems like the first thing that I would have tried when setting this up so I'm wondering if that didn't work for some reason. The issue was DevOps/software-infrastructure#21. I'd like to think this over before changing the value - it might also be helpful to coordinate a way to test.
mtkn-jp commented 2025-11-03 01:36:10 +00:00
Copy Link

I managed to bypass FCrDNS filter from your IP address by changing the smtpd config file.
But for now, I removed this bypass setting for debugging.

If you set the PTR record, please feel free to send me test mails,
and I can check the log file.

I managed to bypass FCrDNS filter from your IP address by changing the smtpd config file. But for now, I removed this bypass setting for debugging. If you set the PTR record, please feel free to send me test mails, and I can check the log file.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
No items
No Label
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
2 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: DevOps/ansible-role-docker-mailserver#3
No description provided.
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?