RDNS Failed

Posted on 2006-11-14
Last Modified: 2008-01-09

I am running Exchange 2003 on windows 2003 server.  Mails are sent from our server to our spam server (Interscan messaging Trend).  The problem is that some emails are being held in the retry queue because of a message saying RDNS failed.  The exact message is below

from ([]RDNS failed) by

and the log says DNS query or connect server fail. no branch

This only happens on some emails, and I can verify the sender and recipients email address is correct.

any help on this would be great.

thanks very much
Question by:Blackwell_tech
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
  • +1
LVL 31

Expert Comment

ID: 17939734
If your outgoing messages are rejected because the RDNS fails, you should check your DNS entries. (I assume you mean you get a bounce with a comment to that effect)

Can you tell us if the failing messages are all sent to the same domain(s)?

Expert Comment

ID: 17940383
I think we might need a bit more info here - the IP address you listed is a private IP/internal IP address and wouldn't have a reverse DNS entry associated with it directly.

The  entry resolves to

Doing a check for the reverse entry for this doesn't provide a result.

Your next step should be finding out who can set up the reverse dns entries for the - subnet. Looks like it should be somebody at Cognotec from the whois information for that netblock.

You are probably seeing the failures because not all mail servers reject mail that comes from a server without a reverse DNS entry. Try sending to AOL addresses and you will find that every message gets rejected as they do not accept any mail without a reverse DNS entry for its sending server.

Try doing some testing with for the reverse entries to make sure you get them setup correctly.

Author Comment

ID: 17948531
thank you very much for your responce,

It is a variety of domains that emails are failing to for example and , but not all domains, most messages do get out.  

the exchange server is which is an internal ip and server sitting behind FW
the spam filter sits in our dmz and has an ip address of server name

our ISP provider is esat and we have verified that we have a reverse lookup for to

i was able to send a mail no problem to

Thanks again, if there are any other ideas about the problem it would be much appriciated.
Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.


Expert Comment

ID: 17949431
That does make the situation a bit different then.

One thing that I want to make sure on - the is on an internal IP address, but has an external IP as well of Are you certain that it is actually funneling all the emails through the spam server rather than sending a few directly out from the Exchange server?

The Exchange server doesn't have reverse dns setup (and shouldn't need it), so if that happened it might explain why only a few emails fail.

I would also check exactly what the spam gateway is reporting for DNS entries. Specifically what does it say is the name/IP address for the Exchange server, and for some of the bounced entries.


Expert Comment

ID: 17966658
Normally for exchange to send directly to another site would need to have that specified as mail domain in exchange (assume have forward all mail to smart host) set for forwarding to spam server. Only possible exception would be where have existing connection for incoming mail when exchange wanted to send to same site (Not sure on this one just a possible idea) - ?? does exchange server accept incoming mail directly ?? or only via spam server.

May be useful to look at full headers on rejected mail - "options" on Outlook - may give more clues as to what is happening, and route of messages that are failing.

Author Comment

ID: 17979934

Exchange has only an internal IP.  All mail is routed through our spam filter (both inbound and outbound).  the spam gateway has the correct details for the exchange server.



Expert Comment

ID: 17980173
Have checked mail settings for two sites you mentioned. - no mail server defined - set to dev.null - 3 mail servers defined 2 relay servers on priority 5, and one backup server with two different DNS on priority 15, and priority 1000, have seen this sort of setup fail if relay servers are busy, and mail goes to backup.  Would expect if this is problem that mail for standardlife usually goes through, but occasionally fails - may succeed on retry.

Suspect from this, that problem is not at your end at all, but at receiving end.

Author Comment

ID: 17985946
I didnt mention any sites did I? Maybe I'm getting confused here.
But our dns server ip address were and
and we changed our second dns server to, just incase the problem was the dns resolution.  
the server routes traffic through its web facing ip address of

The problem is that the emails are sitting in our retry queue and even if I request items to be resent at a later date the emails dont leave the retry queue.  



Accepted Solution

PeterMac earned 500 total points
ID: 17987548
The two Domains checked were given as examples in one of your earlier posts. you will not be able to deliver mail to at all.
Has an MX record defined but entry is set to dev.null as explained above. There is obviously no DNS entry to match this, so DNS will fail whenever you try to send mail to them. They obviously do not want to receive mail to that domain.

The case is a little different, I have found in the past where people specify relay servers as their main MX entries, and what is probably their main server, as a backup, that they often have main server set so that it will only accept mail from the relay servers. So mail connection will fail (Error reported varies, and is not always helpful) if Relay servers are busy, and you end up trying to connect to the backup server. Can usually be worked around by creating specific entry for that domain, specifying all mail is sent to one of the relay servers exclusively.

As regards getting mail directly in to your exchange system. Even with no MX record left pointing to it this is still a possibility. We have very similar setup to you, using a spam filter, and yet still recieve mail directly from some sources, mostly spam sites, believe reason is that many high volume mailing sites use there own Domain/IP database for mass mailing to cut down on DNS lookups, and these databases are not updated very frequently. We have had no direct MX entry for three months now, but still receive direct mail.

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

CSS is a visual language used to classify objects and define rules about how they should be displayed. CSS skills aren’t restricted to developers anymore, there is a big benefit to having a basic understanding of the language, regardless of your occ…
Digital marketing agencies have encountered both the opportunities and difficulties that emerge from working with a wide-ranging organizations.
Notifications on Experts Exchange help you keep track of your activity and updates in one place. Watch this video to learn how to use them on the site to quickly access the content that matters to you.
Saved searches can save you time by quickly referencing commonly searched terms on any topic. Whether you are looking for questions you can answer or hoping to learn about a specific issue, a saved search can help you get the most out of your time o…

732 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question