Solved

Intermittent outbound email.  What is the meaning of the following NDR

Posted on 2008-06-18
10
1,456 Views
Last Modified: 2012-02-21
Our DNS records got moved to a new dns server and the person running the old dns deleted all our old records.  A whois shows the correct info but outbound email does not seem to be working properly it is intermittent.  We get the following NDR when we try to send to most domains.

the following recipient(s) could not be reached:

       on 6/18/2008 4:20 PM
            You do not have permission to send to this recipient.  For assistance, contact your system administrator.
            <caamb8.caamanitoba.com #5.7.1 smtp;554 5.7.1 This message has been blocked because the return email domain is invalid.(failed to obtain DNS record for domain caamanitoba.com)>

I don't see how this can have anything to do with outbound email.  I can see how inbound email would not work for a few days but outbound should be fine.  Can someone tell me what that NDR really means.  THanks in advance
0
Comment
Question by:walub
  • 3
  • 3
  • 2
  • +2
10 Comments
 
LVL 17

Expert Comment

by:Andres Perales
ID: 21817686
this means that the receiving end is blocking your email...from the sounds and looks of it you need to make sure that your MX records match and also that your point records are there and correct, that should fix your problem...
0
 
LVL 1

Expert Comment

by:flyingjoe5
ID: 21817725
Did you change IPs recently?  I notice when doing a DNS check for your domain, the following is returned:  

ERROR: None of your mail server(s) seem to have reverse DNS (PTR) entries (I didn't get any responses for them). RFC1912 2.1 says you should have a reverse DNS for all your mail servers. It is strongly urged that you have them, as many mailservers will not accept mail from mailservers with no reverse DNS entry. You can double-check using the 'Reverse DNS Lookup' tool at the DNSstuff site (it contacts your servers in real time; the reverse DNS lookups in the DNS report use our local caching DNS server).

When mail comes in from IP (guessing: 64.4.69.110) and says it is from  mail.caamanitoba.com, the incomming email server will do a reverse lookup on the IP to see if it comes back with a PTR record that corresponds to that domain.  If your mail is indeed coming out of 64.4.69.110, you need to create a PTR record for that IP with your ISP to show mail.caamanitoba.com.  My mail server would bounce your email with that same error if it received something from an IP with no corresponding DNS PTR record.
0
 
LVL 17

Assisted Solution

by:Andres Perales
Andres Perales earned 50 total points
ID: 21817744
yup see flying is noticing the no reverse dns error or no pointers...get those setup and you should be good to go...
0
 
LVL 1

Expert Comment

by:flyingjoe5
ID: 21817776
and also try doing a nslookup internally.  I'm not sure if you are hosting your own DNS, but it sounds like you are not.  You should get SOA and NS records for the new DNS server (the one where someone didn't delete your record).  If you are still pointing to the old one, your servers may not be able to resolve correctly.  Usually right-clicking your DNS server and selecting clear cache will help in this situation.  You just need to verify your records internally as well as externally, and make sure other servers on the outside can resolve your NS, MX, PTR, and server A records correctly.
0
 

Author Comment

by:walub
ID: 21817924
I just got this from running a dns report.  Does anyone know where in exchange to change it so that it would be sending outbound as mail.caamanitoba.com and not the internal server name?

WARNING: One or more of your mailservers is claiming to be a host other than what it really is (the SMTP greeting should be a 3-digit code, followed by a space or a dash, then the host name). If your mailserver sends out E-mail using this domain in its EHLO or HELO, your E-mail might get blocked by anti-spam software. This is also a technical violation of RFC821 4.3 (and RFC2821 4.3.1). Note that the hostname given in the SMTP greeting should have an A record pointing back to the same server. Note that this one test may use a cached DNS record.

mail.caamanitoba.com claims to be non-existent host caamb8.caamanitoba.com: <br /> 220 caamb8.caamanitoba.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.1830 ready at Wed, 18 Jun 2008 17:30:00 -0500 <br />
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 

Author Comment

by:walub
ID: 21817933
The NDR's are comeing from postmaster@caamanitoba.com so I don't think I am even hitting external email server.  The weird part is that some have gotten through
0
 
LVL 25

Assisted Solution

by:kieran_b
kieran_b earned 50 total points
ID: 21818266
>>so I don't think I am even hitting external email server.

Well, it depends on the other server's error - sometimes it will come from them, sometimes you.

Change your SMTP greeting to mail.caamanitoba.com -> http://www.block.net.au/help/smtp-greeting
0
 
LVL 1

Assisted Solution

by:flyingjoe5
flyingjoe5 earned 150 total points
ID: 21818777
The NDRs will come from the last server to handle the message.  If your server cannot deliver it to a remote server because the remote server will not accept it due to reverse DNS lookups failing, it makes sense to see the failure from your server.   You can confirm in message tracking to see if there is a started transfer to remoteserver.somedomain.com before the NDR issued line.
0
 

Accepted Solution

by:
walub earned 0 total points
ID: 21823177
OK I figured out why I was getting the NDR's  We have a fortigate gateway appliance  it uses outside DNS servers so as the mail passed through it it did a lookup up on our domain and could not resolve it so it would send it back.  I still don't understand why it was intermittent but when I disabled the outbound RDNS lookup in the spam filter it solved the problem.  I will turn it back on in a couple of days.
0
 

Expert Comment

by:Osram34
ID: 37625545
same problem here with a fortinet firewall what was the actuall solution?? i have put my internal dns into the settings. But it would still block the emails i had to de activate the spam filter aswell...
0

Featured Post

Too many email signature updates to deal with?

Do you feel like you are taking up all of your time constantly visiting users’ desks to make changes to email signatures? Wish you could manage all signatures from one central location, easily design them and deploy them quickly to users? Well, there is an easy way!

Join & Write a Comment

"Migrate" an SMTP relay receive connector to a new server using info from an old server.
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
In this video we show how to create a User Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Mailb…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now