PTR / Email issue

What is the name of the domain?

What is the error number?

Email failure due to missing PTR record

What is the error message?

The IP address sending this message does not have a 550-5.7.25 PTR record setup, or the corresponding forward DNS entry does not 550-5.7.25 match the sending IP.

What is the issue you’re encountering

Email failure

What steps have you taken to resolve the issue?

At present, have moved back to old DNS server and not using cloudflare until I can figure this out.

What feature, service or problem is this related to?

Mail records

What are the steps to reproduce the issue?

OK, So I understand that PTR can not reside with Cloudflare (except if an enterprise account). But I am still confused. My server lies with Aptum and they have a PTR record set up for me and everything has been working fine for years. I wanted to move my DNS from Aptum to Cloudflare and pointed my domain held with the registrar, NameCheap to go to Cloudflare. As a result email failed to multiple domains with the error that PTR was missing. So if my DNS records are with Cloudflare, how does the servers of the world know where to find my PTR record held with Aptum.
Is there something I need to enter in my cloudflare records that says if looking for PTR go to Aptum? Sorry if completely off, PTR is not my area of expertise. Unless I can resolve this will have to cancel out of cloudflare and leave tings as is.

It has nothing to do with having Enterprise or not. The PTR record is created by the owner of the IP address (IP → hostname).
What you create on Cloudflare are records for your domain (hostname → IP). (Very simplified)

The same way as it works now.

This error gives you two possible problems, and your problem is not a missing PTR, but a mismatch in the corresponding forward record (most likely).

Your PTR record needs to point to a DNS-Only record on Cloudflare, it can’t point to a proxied record.

And your email server should use the same name in its HELO setting.

1 Like

“Your PTR record needs to point to a DNS-Only record on Cloudflare, it can’t point to a proxied record. And your email server should use the same name in its HELO setting.”

Sorry, a bit new to PTR set ups. My understanding from Aptum tech (owner of IP on which my dedicated server sits / also is set up by me as a shared server) is the PTR record they have entered in their system is
167.185.34.64.in-addr.arpa do I simply enter a corresponding record on cloudflare dns?

PTR
167.185.34.64.in-addr.arpa
dvol dot com
DNS only
Auto

My server uses WHM/Cpanel and the setting as to HELO is currently - Use the reverse DNS entry for the mail HELO/EHLO if available - ON
Again this server is set up for shared hosting with about 52 domains hosted on it. The server is web23.dvol.com but I also have our own main web site as dvol.com
web23.dvol.com IP is 64.34.190.69 dvol.com has a dedicated IP of 64.34.185.167
Should I be turning the HELO setting to off? and then try setting up custom mail Helo by domains?

At present, I reverted back to Aptum’s outdated DNS server but would very much like to have everything on Cloudflare and then once all is working ok upgrade to paid account for more stringent rules and services.

Thank you in advance for all your help. Very much appreciated.

Steve

One more thing - I just sent email from my dvol account to my gmail account to look at the helo,

  • so email regardless of domain is going out as web23 - 64.34.190.69 with web23 as the designated helo. Is this incorrect? again web23 is a shared server

See here:

dig +short 167.185.34.64.in-addr.arpa ptr
dvol.com.

dig +short dvol.com
64.34.185.167

The reverse records points to dvol.com, and that points back to the same IP - it matches.

If you use Cloudflare for dvol.com, the IP in the forward record will change to a Cloudflare IP - forward and reverse DNS no longer match.

Your reverse record should instead point to a different name, usually mail.dvol.com. You can then leave this record in DNS-Only mode on Cloudflare, while you use the proxy for dvol.com.

1 Like

If the reverse points to say mail.dvol.com vs just dvol dot com won’t that effect the visibility of the website? and SSL for the website? At present the mail dot dvol dot com is a cname to dvol dot com

No, it has nothing to do with the website.

It would need to be changed into an A record with your server IP.

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.