walub
asked on
Intermittent outbound email. What is the meaning of the following NDR
Our DNS records got moved to a new dns server and the person running the old dns deleted all our old records. A whois shows the correct info but outbound email does not seem to be working properly it is intermittent. We get the following NDR when we try to send to most domains.
the following recipient(s) could not be reached:
on 6/18/2008 4:20 PM
You do not have permission to send to this recipient. For assistance, contact your system administrator.
<caamb8.caamanitoba.com #5.7.1 smtp;554 5.7.1 This message has been blocked because the return email domain is invalid.(failed to obtain DNS record for domain caamanitoba.com)>
I don't see how this can have anything to do with outbound email. I can see how inbound email would not work for a few days but outbound should be fine. Can someone tell me what that NDR really means. THanks in advance
the following recipient(s) could not be reached:
on 6/18/2008 4:20 PM
You do not have permission to send to this recipient. For assistance, contact your system administrator.
<caamb8.caamanitoba.com #5.7.1 smtp;554 5.7.1 This message has been blocked because the return email domain is invalid.(failed to obtain DNS record for domain caamanitoba.com)>
I don't see how this can have anything to do with outbound email. I can see how inbound email would not work for a few days but outbound should be fine. Can someone tell me what that NDR really means. THanks in advance
Andres Perales
this means that the receiving end is blocking your email...from the sounds and looks of it you need to make sure that your MX records match and also that your point records are there and correct, that should fix your problem...
Did you change IPs recently? I notice when doing a DNS check for your domain, the following is returned:
ERROR: None of your mail server(s) seem to have reverse DNS (PTR) entries (I didn't get any responses for them). RFC1912 2.1 says you should have a reverse DNS for all your mail servers. It is strongly urged that you have them, as many mailservers will not accept mail from mailservers with no reverse DNS entry. You can double-check using the 'Reverse DNS Lookup' tool at the DNSstuff site (it contacts your servers in real time; the reverse DNS lookups in the DNS report use our local caching DNS server).
When mail comes in from IP (guessing: 64.4.69.110) and says it is from mail.caamanitoba.com, the incomming email server will do a reverse lookup on the IP to see if it comes back with a PTR record that corresponds to that domain. If your mail is indeed coming out of 64.4.69.110, you need to create a PTR record for that IP with your ISP to show mail.caamanitoba.com. My mail server would bounce your email with that same error if it received something from an IP with no corresponding DNS PTR record.
ERROR: None of your mail server(s) seem to have reverse DNS (PTR) entries (I didn't get any responses for them). RFC1912 2.1 says you should have a reverse DNS for all your mail servers. It is strongly urged that you have them, as many mailservers will not accept mail from mailservers with no reverse DNS entry. You can double-check using the 'Reverse DNS Lookup' tool at the DNSstuff site (it contacts your servers in real time; the reverse DNS lookups in the DNS report use our local caching DNS server).
When mail comes in from IP (guessing: 64.4.69.110) and says it is from mail.caamanitoba.com, the incomming email server will do a reverse lookup on the IP to see if it comes back with a PTR record that corresponds to that domain. If your mail is indeed coming out of 64.4.69.110, you need to create a PTR record for that IP with your ISP to show mail.caamanitoba.com. My mail server would bounce your email with that same error if it received something from an IP with no corresponding DNS PTR record.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
and also try doing a nslookup internally. I'm not sure if you are hosting your own DNS, but it sounds like you are not. You should get SOA and NS records for the new DNS server (the one where someone didn't delete your record). If you are still pointing to the old one, your servers may not be able to resolve correctly. Usually right-clicking your DNS server and selecting clear cache will help in this situation. You just need to verify your records internally as well as externally, and make sure other servers on the outside can resolve your NS, MX, PTR, and server A records correctly.
ASKER
I just got this from running a dns report. Does anyone know where in exchange to change it so that it would be sending outbound as mail.caamanitoba.com and not the internal server name?
WARNING: One or more of your mailservers is claiming to be a host other than what it really is (the SMTP greeting should be a 3-digit code, followed by a space or a dash, then the host name). If your mailserver sends out E-mail using this domain in its EHLO or HELO, your E-mail might get blocked by anti-spam software. This is also a technical violation of RFC821 4.3 (and RFC2821 4.3.1). Note that the hostname given in the SMTP greeting should have an A record pointing back to the same server. Note that this one test may use a cached DNS record.
mail.caamanitoba.com claims to be non-existent host caamb8.caamanitoba.com: <br /> 220 caamb8.caamanitoba.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.1830 ready at Wed, 18 Jun 2008 17:30:00 -0500 <br />
WARNING: One or more of your mailservers is claiming to be a host other than what it really is (the SMTP greeting should be a 3-digit code, followed by a space or a dash, then the host name). If your mailserver sends out E-mail using this domain in its EHLO or HELO, your E-mail might get blocked by anti-spam software. This is also a technical violation of RFC821 4.3 (and RFC2821 4.3.1). Note that the hostname given in the SMTP greeting should have an A record pointing back to the same server. Note that this one test may use a cached DNS record.
mail.caamanitoba.com claims to be non-existent host caamb8.caamanitoba.com: <br /> 220 caamb8.caamanitoba.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.1830 ready at Wed, 18 Jun 2008 17:30:00 -0500 <br />
ASKER
The NDR's are comeing from postmaster@caamanitoba.com
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
same problem here with a fortinet firewall what was the actuall solution?? i have put my internal dns into the settings. But it would still block the emails i had to de activate the spam filter aswell...