Solved

SMTP 554 Could not find matching PTR and A records for your mail host

Posted on 2008-10-17
8
2,066 Views
Last Modified: 2013-11-30
Employee trying to send e-mail to a receipient at one particular address, gets Undeliverable message:

We have exchange 2003 server

You do not have permission to send to this recipient.  For assistance, contact your system administrator.
            <mailserver.company.net #5.7.1 smtp;554 5.7.1 Sender: Please tell postmaster at your system: Could not find matching PTR and A records for your mail host 64.113.248.58>

Just started happening a few days ago, no changes were made to e-mail server or DNS server at all during this time.  We host our own e-mail server, our domain is registered is going through dyndns.org, we have our own dns server.
0
Comment
Question by:fireguy1125
  • 4
  • 3
8 Comments
 
LVL 4

Accepted Solution

by:
Interserv earned 400 total points
ID: 22740662
It sounds like your IP address changed and the recipient is looking for a PTR record that points to the host you are sending emails from.  Some mail servers block all emails that are sent from a host that doesn't have a PTR record.  You would have to call your service provider to have them add the PTR record.

You can send an email to check-auth@verifier.port25.com from a mailbox on your exchange server and it will send you a report back of information that could help your debug the issue more.
0
 
LVL 15

Expert Comment

by:GreatVargas
ID: 22740675
You get that message only for one destiny or for all? and for all users also?
0
 
LVL 1

Author Comment

by:fireguy1125
ID: 22740802
which service provider? our isp, or is this a setting i make on dyndns.org where our domain name and dns is?

only one user within our agency is sending to this person, and they are getting the reply back.  i was able to send test e-mail yesterday and it went through which is very weird, i though it was a glitch.  she tried again yesterday evening and the same message came back for her.  sounds like it's somehow related to her e-mail? don't understand why that would be the case?
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 15

Expert Comment

by:GreatVargas
ID: 22740861
nop.. ti related to the destination mail system. notice that dynamic ip mail servers like your are very suitable to end up in RBL's. The destination server is somehow rejecting the mail.
0
 
LVL 1

Author Comment

by:fireguy1125
ID: 22740942
weird how it lets e-mails from me go through but not from her, it's same domain e-mail account, same e-mail server?  here is the reply from that e-mail:

==========================================================
Summary of Results
==========================================================
SPF check:          neutral
DomainKeys check:   neutral
DKIM check:         neutral
Sender-ID check:    neutral
SpamAssassin check: ham

==========================================================
Details:
==========================================================

HELO hostname:  NTFSROOTB.mercyfirst.net
Source IP:      64.113.248.58
mail-from:      gkurnicki@mercyfirst.org

----------------------------------------------------------
SPF check details:
----------------------------------------------------------
Result:         neutral (SPF-Result: None)
ID(s) verified: smtp.mail=gkurnicki@mercyfirst.org
DNS record(s):
    mercyfirst.org. TXT (no records)

----------------------------------------------------------
DomainKeys check details:
----------------------------------------------------------
Result:         neutral (message not signed)
ID(s) verified: header.From=gkurnicki@mercyfirst.org
DNS record(s):

----------------------------------------------------------
DKIM check details:
----------------------------------------------------------
Result:         neutral (message not signed)
ID(s) verified:

NOTE: DKIM checking has been performed based on the latest DKIM specs (RFC 4871 or draft-ietf-dkim-base-10) and verification may fail for older versions.  If you are using Port25's PowerMTA, you need to use version 3.2r11 or later to get a compatible version of DKIM.

----------------------------------------------------------
Sender-ID check details:
----------------------------------------------------------
Result:         neutral (SPF-Result: None)
ID(s) verified: header.From=gkurnicki@mercyfirst.org
DNS record(s):
    mercyfirst.org. TXT (no records)

----------------------------------------------------------
SpamAssassin check details:
----------------------------------------------------------
SpamAssassin v3.2.3 (2007-08-08)

Result:         ham  (1.0 points, 5.0 required)

 pts rule name              description
---- ---------------------- --------------------------------------------------
 0.0 DNS_FROM_SECURITYSAGE  RBL: Envelope sender in
                            blackholes.securitysage.com
 0.0 HTML_MESSAGE           BODY: HTML included in message
-0.7 BAYES_20               BODY: Bayesian spam probability is 5 to 20%
                            [score: 0.0676]
 1.8 MISSING_SUBJECT        Missing Subject: header

==========================================================
Explanation of the possible results (adapted from
draft-kucherawy-sender-auth-header-04.txt):
==========================================================

"pass"
        the message passed the authentication test.

"fail"
        the message failed the authentication test.

"softfail"
        the message failed the authentication test, and the authentication
        method has either an explicit or implicit policy which doesn't require
        successful authentication of all messages from that domain.

"neutral"
        the authentication method completed without errors, but was unable
        to reach either a positive or a negative result about the message.

"temperror"
        a temporary (recoverable) error occurred attempting to authenticate
        the sender; either the process couldn't be completed locally, or
        there was a temporary failure retrieving data required for the
        authentication.  A later retry may produce a more final result.

"permerror"
        a permanent (unrecoverable) error occurred attempting to
        authenticate the sender; either the process couldn't be completed
        locally, or there was a permanent failure retrieving data required
        for the authentication.
0
 
LVL 1

Author Comment

by:fireguy1125
ID: 22743030
I got a reply from the post master at the e-mail address i am sending to he writes:

It says right there what the problem is.  "Sender: Please tell postmaster at your system: Could not find matching PTR and A records for your mail host 64.113.248.58"

The PTR record for 64.113.248.58 says its name is 248.58.newbridgehosting.com, but there is no A record for any host by that name.  So it looks bogus.

Ah!  The A record for mercyfirst.org says it is 64.113.248.58.  How about changing the PTR on 64.113.248.58 to point to mercyfirst.org?
That will do it.  Then we know what that server is.


HOW DO I CHANGE THE PTR?   Is that on my Exchange Server, dyndns, or is that my ISP?
0
 
LVL 15

Assisted Solution

by:GreatVargas
GreatVargas earned 100 total points
ID: 22743146
The PTR is on the dns server. It's a pointer record of dns. you can change it i guess in dyndns. dyndns are the ones that broadcast you dns names over the Internet.
0
 
LVL 1

Author Closing Comment

by:fireguy1125
ID: 31507119
Interserv was right on the money, i contacted ISP who is making change to PTR record.  GreatVargas made great attempt so assigning some points, b/c he lead me to get more information on dyndns, which confirmed what Interserv said originally.  Thank you both!
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

679 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question