• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1521
  • Last Modified:

Intermittent outbound email. What is the meaning of the following NDR

Our DNS records got moved to a new dns server and the person running the old dns deleted all our old records.  A whois shows the correct info but outbound email does not seem to be working properly it is intermittent.  We get the following NDR when we try to send to most domains.

the following recipient(s) could not be reached:

       on 6/18/2008 4:20 PM
            You do not have permission to send to this recipient.  For assistance, contact your system administrator.
            <caamb8.caamanitoba.com #5.7.1 smtp;554 5.7.1 This message has been blocked because the return email domain is invalid.(failed to obtain DNS record for domain caamanitoba.com)>

I don't see how this can have anything to do with outbound email.  I can see how inbound email would not work for a few days but outbound should be fine.  Can someone tell me what that NDR really means.  THanks in advance
0
walub
Asked:
walub
  • 3
  • 3
  • 2
  • +2
4 Solutions
 
Andres PeralesCommented:
this means that the receiving end is blocking your email...from the sounds and looks of it you need to make sure that your MX records match and also that your point records are there and correct, that should fix your problem...
0
 
flyingjoe5Commented:
Did you change IPs recently?  I notice when doing a DNS check for your domain, the following is returned:  

ERROR: None of your mail server(s) seem to have reverse DNS (PTR) entries (I didn't get any responses for them). RFC1912 2.1 says you should have a reverse DNS for all your mail servers. It is strongly urged that you have them, as many mailservers will not accept mail from mailservers with no reverse DNS entry. You can double-check using the 'Reverse DNS Lookup' tool at the DNSstuff site (it contacts your servers in real time; the reverse DNS lookups in the DNS report use our local caching DNS server).

When mail comes in from IP (guessing: 64.4.69.110) and says it is from  mail.caamanitoba.com, the incomming email server will do a reverse lookup on the IP to see if it comes back with a PTR record that corresponds to that domain.  If your mail is indeed coming out of 64.4.69.110, you need to create a PTR record for that IP with your ISP to show mail.caamanitoba.com.  My mail server would bounce your email with that same error if it received something from an IP with no corresponding DNS PTR record.
0
 
Andres PeralesCommented:
yup see flying is noticing the no reverse dns error or no pointers...get those setup and you should be good to go...
0
Easily manage email signatures in Office 365

Managing email signatures in Office 365 can be a challenging task if you don't have the right tool. CodeTwo Email Signatures for Office 365 will help you implement a unified email signature look, no matter what email client is used by users. Test it for free!

 
flyingjoe5Commented:
and also try doing a nslookup internally.  I'm not sure if you are hosting your own DNS, but it sounds like you are not.  You should get SOA and NS records for the new DNS server (the one where someone didn't delete your record).  If you are still pointing to the old one, your servers may not be able to resolve correctly.  Usually right-clicking your DNS server and selecting clear cache will help in this situation.  You just need to verify your records internally as well as externally, and make sure other servers on the outside can resolve your NS, MX, PTR, and server A records correctly.
0
 
walubAuthor Commented:
I just got this from running a dns report.  Does anyone know where in exchange to change it so that it would be sending outbound as mail.caamanitoba.com and not the internal server name?

WARNING: One or more of your mailservers is claiming to be a host other than what it really is (the SMTP greeting should be a 3-digit code, followed by a space or a dash, then the host name). If your mailserver sends out E-mail using this domain in its EHLO or HELO, your E-mail might get blocked by anti-spam software. This is also a technical violation of RFC821 4.3 (and RFC2821 4.3.1). Note that the hostname given in the SMTP greeting should have an A record pointing back to the same server. Note that this one test may use a cached DNS record.

mail.caamanitoba.com claims to be non-existent host caamb8.caamanitoba.com: <br /> 220 caamb8.caamanitoba.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.1830 ready at Wed, 18 Jun 2008 17:30:00 -0500 <br />
0
 
walubAuthor Commented:
The NDR's are comeing from postmaster@caamanitoba.com so I don't think I am even hitting external email server.  The weird part is that some have gotten through
0
 
kieran_bCommented:
>>so I don't think I am even hitting external email server.

Well, it depends on the other server's error - sometimes it will come from them, sometimes you.

Change your SMTP greeting to mail.caamanitoba.com -> http://www.block.net.au/help/smtp-greeting
0
 
flyingjoe5Commented:
The NDRs will come from the last server to handle the message.  If your server cannot deliver it to a remote server because the remote server will not accept it due to reverse DNS lookups failing, it makes sense to see the failure from your server.   You can confirm in message tracking to see if there is a started transfer to remoteserver.somedomain.com before the NDR issued line.
0
 
walubAuthor Commented:
OK I figured out why I was getting the NDR's  We have a fortigate gateway appliance  it uses outside DNS servers so as the mail passed through it it did a lookup up on our domain and could not resolve it so it would send it back.  I still don't understand why it was intermittent but when I disabled the outbound RDNS lookup in the spam filter it solved the problem.  I will turn it back on in a couple of days.
0
 
Osram34Commented:
same problem here with a fortinet firewall what was the actuall solution?? i have put my internal dns into the settings. But it would still block the emails i had to de activate the spam filter aswell...
0

Featured Post

Free tool for managing users' photos in Office 365

Easily upload multiple users’ photos to Office 365. Manage them with an intuitive GUI and use handy built-in cropping and resizing options. Link photos with users based on Azure AD attributes. Free tool!

  • 3
  • 3
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now