I'm having a slight problem with this. If any one can give me some guidance. I would appreciate it. I'm more of a coder and dns configuration is a bit outside my expertise.

MY SETUP
I have nodebalancing setup
I have rdns setup to mail.merilcapital.com
my outgoing mailserver is mail.merilcapital.com

MY PROBLEM
when i send an email to a a craigslist poster via the craigslist relay, i get the following error

Aug 2 07:32:04 blaze postfix/smtp[29191]: 146E426940: host mxi4p.craigslist.org[208.82.236.83] refused to talk to me: 554 [4C11863F-4BCA-46D8-951D-8B4B2CB92354] merilcapital.com [96.126.118.47] Please setup matching DNS and rDNS records: http://www.craigslist.org/about/help/rdns_failure

craiglist posted the following notes about the error
http://www.craigslist.org/about/help/rdns_failure

MY SETUP DETAILS
My dns maanager looks as follows:
MX Records
Mail Server Preference Subdomain TTL Options
mail.merilcapital.com 10 Default Edit | Remove
Add a new MX record

A/AAAA Records
Hostname IP Address TTL Options
173.255.197.138 Default Edit | Remove
96.126.118.47 Default Edit | Remove
blaze 96.126.118.47 Default Edit | Remove
mail 96.126.118.47 Default Edit | Remove
miley 173.255.197.138 Default Edit | Remove
2600:3c00:1::607e:774c Default Edit | Remove

My Reverse Dns looks as follows:
Linodes » blaze » Remote Access » Reverse DNS
Reverse DNS
Current Reverse DNS
96.126.118.47 mail.merilcapital.com. //(i just changed it to mail.merilcapital.com from merilcapital.com. i noticed it won't allow me to change it back.

thanks for any input you can offer.

The craigslist MTA requires that a reverse lookup match a subsequent forward lookup. Are you still having problems? Right at the moment your DNS setup seems fine, after your reverse configuration change (which may have taken a little time to propagate):

> host 96.126.118.47
47.118.126.96.in-addr.arpa domain name pointer mail.merilcapital.com.
> host mail.merilcapital.com
mail.merilcapital.com has address 96.126.118.47

so I would think that it would work now. If your prior configuration was symmetric but just using "merilcapital.com" I'd have thought it would work as well, but I do note that you currently have two A records for that name:

> host merilcapital.com
merilcapital.com has address 173.255.197.138
merilcapital.com has address 96.126.118.47

so if that was the case previously too, it's possible that the MTA didn't like or expect that and requires a strictly one to one mapping.


When configuring a reverse lookup, Linode does a forward lookup on the name you enter to ensure that it maps to your Linode's IP address, so again there could be an issue with the fact that merilcapital.com maps to two A records. I don't actually think there's a technical limitation outside of the Linode Manager against such a record, though having some sort of canonical name for a host (with a single A/PTR combination) is a good policy. You can always have additional service names for pooling multiple hosts through A or CNAME records.

-- David

Also note that, once the DNS is configured properly, it'll probably take upwards of 24 hours for the problem to resolve itself.

The recipient should really be using a 4xx (temporary) error instead of a 5xx (permanent) error, but they may have their reasons (time-sensitivity?).

_________________

/* TODO: need to add signature to posts */

I think the 5xx error seems more correct. 4xx represents transient failures - that is, a 4xx error implies that retrying the same delivery at a future date (with no other changes by the sender or receiver) may be anticipated to work. So things like a temporary processing error on the receiving server, or issues with the target mailbox (like being full).

In this case, any repeat attempt is going to fail exactly the same way until the sender makes changes, albeit in this case to DNS for the transmitting host rather than to the message body or envelope, though one can consider the IP validation part of the logical sender envelope.

I suppose an argument could be made that if DNS was already changed and is propagating that the issue will be transient, but there's no way for the receiving MTA to know this, so from its perspective this is a hard failure given the current system state. Returning a 5xx error ensures that the source MTA won't keep retrying.

-- David