Thursday, February 5, 2015

To all Mail Administrators: It's 2015 (DNS Ain't That Hard)

Wow... This is just an IT-learnin' day:

Wife comes upstairs to complain that she's not been getting email notifications from the public library, the past few weeks, and it's resulted in missed "due" notices and missed "reserved title is ready" notices. I investigate the problem and find that Postfix is rejecting her library's emails because it can't match the mail server's advertised name to an IP address.

About a month ago, to cut down on SPAM, I'd changed Postfix's config to reject traffic from MTAs that didn't have properly-setup DNS. I figured "it's 2015: mail administrators have been at it a sufficiently long enough time (or have outsourced to services like Gmail) that legit senders should have their DNS sorted". Besides, it's a great way to cut down on SPAM.

Apparently, my wife's library's mail administrators either don't have an A record or the A record they have has a typo in it. Either way, PTR lookups work, but A record lookups fail. So, now I have to be less fascist with my Postfix configuration.

I guess it's a good thing I'm not insisting on TLS for MTA-to-MTA transit or even SPF or DomainKeys records.