DNS proxying after setting an rDNS

I have set up an A record for a subdomain for an app served via NGINX. Through that app, I need to be able to send emails. So, for that purpose, I had my hosting service to set me up an rDNS.

What happens now is that if I try to activate the DNS proxying in that subdomain A record, SpamAssassin throws me a RDNS_NONE error. Which is fair enough.

My question is how I could possibly have DNS proxying on that subdomain (I don’t think i can, for instance, have the Authenticated Origin Pulls working without it) but keeing the rDNS working alright?

rDNS is something the owner of the IP address has to configure. Cloudflare doesnt handle email and doesnt control that address either, so in that case you will need to contact your host or whomever is responsible for that address.

Yes, those steps are done already.

My question is about the possibility (if any) of having the DNS proxying back without breaking the current configuration.

I am not sure what you mean by “DNS proxying back”. Can you elaborate what you exactly want to achieve, with a concrete example?

Yes, of course.

Basically, the option in your DNS tab where you can choose the proxy status of a DNS record. Whether to have DNS only (grey cloud) or proxying (golden cloud)
image

You generally cant have mail related records proxied. However in this case the proxy status wont apply, as you send the email from an IP address which is not related to Cloudflare in the first place.

I’d expect so as well, but truth is SpamAssassin threw an RDNS_NONE error when I tried proxying this DNS record for the subdomain from which the emails are sent.

Can you post a screenshot of the error?

I am not familiar with that precise error, but the name sounds like as if your sending server does not have a reverse entry and that is something which needs to be fixed by your mail host.

Sure. I have used mail-tester.com to test the deliverability of an email sent from my subdomain (the one that’s got the rDNS config). As I’ve stated, this error only comes up if I the email is sent from that subdomain with the proxying enabled.

That message is quite clear. Simply check if there is a reverse entry for that IP address. Overall Cloudflare wont be involved here.

Sorry to follow up on myself, but just to complete… The rDNS is set up, I’ve verified it with mxtoolbox

Can you post the IP address in question?

Alright, the PTR record does seem to be in place. From that perspective the error message wouldnt be accurate. Maybe you should make sure you really send via that address, but I am afraid that would be now beyond the scope of the forum :slight_smile:

1 Like

According to that tool I’ve told you about (mail-tester.com), everything looks alright, even recognises the rDNS as properly set and successfully associated with the sending domain. It’s just that SpamAssassin score that seems to assume otherwise thus creating the confusion and only depending on the DNS proxying being enabled or not.

Anyway, @sandro, thank you very much for your help.

I would recommend to check the mail headers where exactly the mail is sent from and if the right servers are involved.

Additionally I’d check out the SpamAssassin log as to why it believes it cannot find that entry. Should they have made any additional configuration that checks more than just the mail flow - e.g. website addresses - that would be outside of the standard and there wouldnt be much you can do.

There have been cases why mails were rejected, simply because they contained links to Cloudflare sites which were hosted on addresses which they shared with spammy sites. I am not saying this is the case here, but if it is there is not much you can do.

For starters, you should really check why it scores the emails the way it does.

1 Like