no reverse DNS entry; some mail servers may not accept your mail

  • Thread starter Thread starter Leon
  • Start date Start date
L

Leon

Couple of users have experienced NDR (non-delivery reports) to a couple of
domains.
I suspected it was down to us been listed in a spam blocklist, after doing a
spam database lookup at http://www.dnsstuff.com i found the very first
record shows the public IP address of our exchange server - "PTR -
MISSING -- abc.xxx.yyy.zzz has no reverse DNS entry; some mail servers may
not accept your mail"

Here's a snip of a NDR to one of the addresses:

The following recipient(s) could not be reached:

(e-mail address removed) on 29/10/2004 14:00
The destination system is currently not accepting any messages.
Please retry at a later time. If that fails, contact your system
administrator.
< mailsweeper.LOCAL #5.3.0>

What cause of action should I take to fix the delivery failures, what
options do I have, thx.
 
Leon said:
Couple of users have experienced NDR (non-delivery reports) to a
couple of domains.
I suspected it was down to us been listed in a spam blocklist, after
doing a spam database lookup at http://www.dnsstuff.com i found the
very first record shows the public IP address of our exchange server
- "PTR -
MISSING -- abc.xxx.yyy.zzz has no reverse DNS entry; some mail
servers may not accept your mail"

Here's a snip of a NDR to one of the addresses:

The following recipient(s) could not be reached:

(e-mail address removed) on 29/10/2004 14:00
The destination system is currently not accepting any
messages. Please retry at a later time. If that fails, contact your
system administrator.
< mailsweeper.LOCAL #5.3.0>

What cause of action should I take to fix the delivery failures, what
options do I have, thx.
Click to expand...

Contact your ISP (whomever owns your public IP block) and ask them to create
the reverse-lookup record.
If they won't, can't, or that doesn't resolve your problem, you could set up
an SMTP connector that forwards Internet mail to your ISP's SMTP server for
delivery, rather than sending out directly from exchange.
 
What cause of action should I take to fix the
delivery failures, what options do I have, thx.
Click to expand...

To explain it in "clear"; let's assume you own
the domain "foobar.com" and you have a mail
server "mail.foobar.com" which is the primary
MX for the domain; this server has an address
of 1.2.3.4; now

some mail servers perform a reverse lookup
on the incoming connections and check if the
"helo" string matches the reverse DNS name
this means that if your server connects to the
SMTP server ad 5.6.7.8 and starts an SMTP
session it will send out something like

HELO mail.foobar.com

now, the server at 5.6.7.8 has the "reverse DNS
lookup" enabled, so it will issue a reverse lookup
for 4.3.2.1.in-addr.arpa; at this point, if the DNS for
foobar.com is correctly configured the answer to
such a query should be

mail.foobar.com

it that's not true, the mailserver at 5.6.7.8 will just
refuse any mail from your server at 1.2.3.4 since
the HELO id-string doesn't match the reverse DNS
lookup result

to solve this issue; given you don't own the IP block
1.2.3.x you should talk to your ISP or carrier and ask
them to create an entry in their DNS for your mailserver
so that 4.3.2.1.in-addr.arpa will resolve to mail.foobar.com
on the other side, if you own the IP block it will be just a
matter of creating the correct entry into the reverse zone

hope it's clear; if not, feel free to ask

Regards


--

* ObiWan

Microsoft MVP: Windows Server - Networking
http://mvp.support.microsoft.com
http://italy.mvps.org
 
Thx for your input guys much apprecitaed.
I will get in contact with my isp to see whteher reverse loookup is
something we can have on the IP address.
thx again.
 
Contact your ISP (whomever owns your public IP block) and ask them to
create the reverse-lookup record.
If they won't, can't, or that doesn't resolve your problem, you could set
up an SMTP connector that forwards Internet mail to your ISP's SMTP server
for delivery, rather than sending out directly from exchange.
Click to expand...

Another solution (although I can't say I really like it) would be
setting up the mailserver so that it will announce itself as.......
"4.3.2.1.in-addr.arpa" this way the reverse lookup should work
as well ... although as I wrote above this isn't exactly the best
solution around ... but just a quick & temporary "hack" :-)

Regards

--

* ObiWan

Microsoft MVP: Windows Server - Networking

http://mvp.support.microsoft.com
http://italy.mvps.org
 
Back
Top