Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 582
  • Last Modified:

Cannot Send email to overseas customers?

Cannot Send email to overseas customers we get this NDR:

Diagnostic-Code: smtp;450 <xxxx.xxxxx@xxxxxxx.com>: Sender address rejected: Domain not found

I can send email all over the USA, but cannot send to anyone in UK, Belgium, Germany, etc... (I'm in USA)
when I nslookup the name server that is authoritative to the recipients domain name (overseas) I cannot resolve my domain with their name server same is true with other domains on my name server. Dnsstuff show our name servers and smtp servers as being completely RFC compliant. This is happening with serveral overseas companies in different countries.
0
masheen
Asked:
masheen
  • 8
  • 6
  • 2
  • +3
1 Solution
 
Joseph HornseyPresident and JanitorCommented:

I'm not sure, but here's what I'd check:

1. Make sure that you've got PTR records (reverse lookup) for your mail server.
2. Make sure that your mail server's DNS configuration is pointing to a DNS server that can resolve the destination domain.
3. Make sure your DNS servers are registered correctly with the top-level domains (i.e., that the NS records that Network Solutions, or whoever you use, are correct).

Post back with results.

<-=+=->
0
 
masheenAuthor Commented:
Thanks for the quick reply,
We use our own name servers, and when i go to http://www.dnsstuff.com and test the domain in question everything checks out. DNS server, PTR records, MX records. Our name servers resolve their domain without a problem.


 
0
 
alpinebizCommented:
Got to this web site and run both of these tests.  Pay close attention to any errors.  http://dnsreport.com
0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 
alpinebizCommented:
Also on dnsstuff.com make sure that your mail server is not on any Black lists.
0
 
masheenAuthor Commented:
Thank you, dnsreport is part of the dnsstuff website or vice versa and like i said before everything checks out rfc compliant execept a warning that my SOA serial number is: 1026. That is OK, but the recommended format (per RFC1912 2.2) is YYYYMMDDnn, and dns servers on same subnet

it is not listed in any spam database and that would not have anything to do with dns
0
 
Joseph HornseyPresident and JanitorCommented:

Very true.

Have you tested to make sure they can (or can't) resolve your domain?

Go to a command prompt and type NSLOOKUP {ENTER}
In the NSLOOKUP prompt, set the query type to NS by typing "set type=ns" and then hit {ENTER}.  Then, type in the destination domain name and hit {ENTER}.  This will give you their DNS servers.  Now, reset the query type by typing "set type=any" and hit {ENTER}.  Then, set your NSLOOKUP to use their servers by typing "server [NAME OR IP OF THEIR SERVER]" and hit {ENTER}.  Now, you're using their server.  To check if they can resolve your MX records, type "set type=mx", hit {ENTER} and then type in your domain name and hit {ENTER}.  See if it resolves your MX record and the associated A record (and IP).

<-=+=->
0
 
masheenAuthor Commented:
I did that already and i cannot resolve our domain
0
 
Joseph HornseyPresident and JanitorCommented:

Hmmmmmmm.

To be perfectly honest, I'm not sure WHAT you can do.  What's one of the domains that you're trying to resolve to?

<-=+=->
0
 
Gabriel OrozcoSolution ArchitectCommented:
I think the receiver is using SPF (Sender Plocy Framework) where you need to add a SPF record to your DNS in order for them to receive your emails.

http://en.wikipedia.org/wiki/Sender_Policy_Framework
0
 
masheenAuthor Commented:
They dont have an SPF record I checked

vitax.co.uk is one of the domains
0
 
lrmooreCommented:
Do you have any firewalls/proxy/URL filtering appliances between your servers and the internet?
Does your dns server use root hints only, or does it have forwarders listed? Suggest root hints only.
Do you have a separate DNS server for internal clients and external clients?
What DNS server/service are you using?
Try using nslookup and set the nameserver to 198.6.1.2 and try to resolve a "foreign" domain name
0
 
masheenAuthor Commented:
The exchange server 2003 is onsite at customers remote location
Their internal dns is Windows 2003 AD and root hints only
We provide spam filtering and mail queuing at our location which is where the mx record is pointing to
The filter is maia mailguard which is clam av, spamassasin, and amavisd.
Their external dns is provided by us which is 2 red hat enterprise 9 servers running bind in our dmz
I can resolve the one foreign domain in question on the server 198.6.1.2

I hope I am being clear thanks for your help
0
 
scrathcyboyCommented:
"We use our own name servers"

Right there is the problem.  If you try a web host SMTP server to send to that address, it will go through, right?  So when you determine that (it is important to test it first), then it is in the setup of your own name servers for SMTP.  If using a webhost SMTP it still does not go through, you might suspect your ISP as limiting your mail, but I have never heard of this.
0
 
masheenAuthor Commented:
No we can send mail just fine to every where else, the problem is DNS. If you look at the NDR it says Sender address rejected: Domain not found. The problem could be the specific dns servers which are overseas (I think it is) I wanted to throw this problem out there to if anyone had seen anything similar
0
 
Joseph HornseyPresident and JanitorCommented:

The problem HAS to be somewhere in your recursion chain in DNS.  Do you have forwarders set up, or are you using the root hints?

<-=+=->
0
 
masheenAuthor Commented:
Our external dns servers only use root hints  
0
 
Joseph HornseyPresident and JanitorCommented:
You know, I think we're going down the wrong road.  We keep coming back to your servers.  The problem is THEIR servers.  Has to be.  I was able to resolve their name fine, too.  The fact that they can't resolve YOU is the issue.  That has to be on their end.

What's your domain?

<-=+=->
0
 
masheenAuthor Commented:
Aquatrols.com
0
 
Joseph HornseyPresident and JanitorCommented:
I checked out your domain on several public servers and on their DNS servers.  Their DNS servers are livedns.co.uk servers.  When I tried to use those to resolve to you, they can't find your domain.  When I used other servers, they found you without a problem.

I would recommend two things:

1. Contact your provider (asellus.com is who's hosting your domains) and see if there is anything on their end... are you not registered correctly in the parent domain, or something?
2. Contact livedns.co.uk and see if there's something on their end that they can do.

The problem is that it's THEIR problem... either your registrar or (most likely) the livedns.co.uk servers.

I wish I had a better answer, but I think I'm right.

<-=+=->
0

Featured Post

Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

  • 8
  • 6
  • 2
  • +3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now