Solved

SMTP 554 Could not find matching PTR and A records for your mail host

Posted on 2008-10-17
8
2,098 Views
Last Modified: 2013-11-30
Employee trying to send e-mail to a receipient at one particular address, gets Undeliverable message:

We have exchange 2003 server

You do not have permission to send to this recipient.  For assistance, contact your system administrator.
            <mailserver.company.net #5.7.1 smtp;554 5.7.1 Sender: Please tell postmaster at your system: Could not find matching PTR and A records for your mail host 64.113.248.58>

Just started happening a few days ago, no changes were made to e-mail server or DNS server at all during this time.  We host our own e-mail server, our domain is registered is going through dyndns.org, we have our own dns server.
0
Comment
Question by:fireguy1125
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
8 Comments
 
LVL 4

Accepted Solution

by:
Interserv earned 400 total points
ID: 22740662
It sounds like your IP address changed and the recipient is looking for a PTR record that points to the host you are sending emails from.  Some mail servers block all emails that are sent from a host that doesn't have a PTR record.  You would have to call your service provider to have them add the PTR record.

You can send an email to check-auth@verifier.port25.com from a mailbox on your exchange server and it will send you a report back of information that could help your debug the issue more.
0
 
LVL 15

Expert Comment

by:GreatVargas
ID: 22740675
You get that message only for one destiny or for all? and for all users also?
0
 
LVL 1

Author Comment

by:fireguy1125
ID: 22740802
which service provider? our isp, or is this a setting i make on dyndns.org where our domain name and dns is?

only one user within our agency is sending to this person, and they are getting the reply back.  i was able to send test e-mail yesterday and it went through which is very weird, i though it was a glitch.  she tried again yesterday evening and the same message came back for her.  sounds like it's somehow related to her e-mail? don't understand why that would be the case?
0
Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 
LVL 15

Expert Comment

by:GreatVargas
ID: 22740861
nop.. ti related to the destination mail system. notice that dynamic ip mail servers like your are very suitable to end up in RBL's. The destination server is somehow rejecting the mail.
0
 
LVL 1

Author Comment

by:fireguy1125
ID: 22740942
weird how it lets e-mails from me go through but not from her, it's same domain e-mail account, same e-mail server?  here is the reply from that e-mail:

==========================================================
Summary of Results
==========================================================
SPF check:          neutral
DomainKeys check:   neutral
DKIM check:         neutral
Sender-ID check:    neutral
SpamAssassin check: ham

==========================================================
Details:
==========================================================

HELO hostname:  NTFSROOTB.mercyfirst.net
Source IP:      64.113.248.58
mail-from:      gkurnicki@mercyfirst.org

----------------------------------------------------------
SPF check details:
----------------------------------------------------------
Result:         neutral (SPF-Result: None)
ID(s) verified: smtp.mail=gkurnicki@mercyfirst.org
DNS record(s):
    mercyfirst.org. TXT (no records)

----------------------------------------------------------
DomainKeys check details:
----------------------------------------------------------
Result:         neutral (message not signed)
ID(s) verified: header.From=gkurnicki@mercyfirst.org
DNS record(s):

----------------------------------------------------------
DKIM check details:
----------------------------------------------------------
Result:         neutral (message not signed)
ID(s) verified:

NOTE: DKIM checking has been performed based on the latest DKIM specs (RFC 4871 or draft-ietf-dkim-base-10) and verification may fail for older versions.  If you are using Port25's PowerMTA, you need to use version 3.2r11 or later to get a compatible version of DKIM.

----------------------------------------------------------
Sender-ID check details:
----------------------------------------------------------
Result:         neutral (SPF-Result: None)
ID(s) verified: header.From=gkurnicki@mercyfirst.org
DNS record(s):
    mercyfirst.org. TXT (no records)

----------------------------------------------------------
SpamAssassin check details:
----------------------------------------------------------
SpamAssassin v3.2.3 (2007-08-08)

Result:         ham  (1.0 points, 5.0 required)

 pts rule name              description
---- ---------------------- --------------------------------------------------
 0.0 DNS_FROM_SECURITYSAGE  RBL: Envelope sender in
                            blackholes.securitysage.com
 0.0 HTML_MESSAGE           BODY: HTML included in message
-0.7 BAYES_20               BODY: Bayesian spam probability is 5 to 20%
                            [score: 0.0676]
 1.8 MISSING_SUBJECT        Missing Subject: header

==========================================================
Explanation of the possible results (adapted from
draft-kucherawy-sender-auth-header-04.txt):
==========================================================

"pass"
        the message passed the authentication test.

"fail"
        the message failed the authentication test.

"softfail"
        the message failed the authentication test, and the authentication
        method has either an explicit or implicit policy which doesn't require
        successful authentication of all messages from that domain.

"neutral"
        the authentication method completed without errors, but was unable
        to reach either a positive or a negative result about the message.

"temperror"
        a temporary (recoverable) error occurred attempting to authenticate
        the sender; either the process couldn't be completed locally, or
        there was a temporary failure retrieving data required for the
        authentication.  A later retry may produce a more final result.

"permerror"
        a permanent (unrecoverable) error occurred attempting to
        authenticate the sender; either the process couldn't be completed
        locally, or there was a permanent failure retrieving data required
        for the authentication.
0
 
LVL 1

Author Comment

by:fireguy1125
ID: 22743030
I got a reply from the post master at the e-mail address i am sending to he writes:

It says right there what the problem is.  "Sender: Please tell postmaster at your system: Could not find matching PTR and A records for your mail host 64.113.248.58"

The PTR record for 64.113.248.58 says its name is 248.58.newbridgehosting.com, but there is no A record for any host by that name.  So it looks bogus.

Ah!  The A record for mercyfirst.org says it is 64.113.248.58.  How about changing the PTR on 64.113.248.58 to point to mercyfirst.org?
That will do it.  Then we know what that server is.


HOW DO I CHANGE THE PTR?   Is that on my Exchange Server, dyndns, or is that my ISP?
0
 
LVL 15

Assisted Solution

by:GreatVargas
GreatVargas earned 100 total points
ID: 22743146
The PTR is on the dns server. It's a pointer record of dns. you can change it i guess in dyndns. dyndns are the ones that broadcast you dns names over the Internet.
0
 
LVL 1

Author Closing Comment

by:fireguy1125
ID: 31507119
Interserv was right on the money, i contacted ISP who is making change to PTR record.  GreatVargas made great attempt so assigning some points, b/c he lead me to get more information on dyndns, which confirmed what Interserv said originally.  Thank you both!
0

Featured Post

Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lotus Notes – formerly IBM Notes – is an email client application, while IBM Domino (earlier Lotus Domino) is an email server. The client possesses a set of features that are even more advanced as compared to that of Outlook. Likewise, IBM Domino is…
Phishing attempts can come in all forms, shapes and sizes. No matter how familiar you think you are with them, always remember to take extra precaution when opening an email with attachments or links.
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question