Solved

SMTP 554 Could not find matching PTR and A records for your mail host

Posted on 2008-10-17
8
2,035 Views
Last Modified: 2013-11-30
Employee trying to send e-mail to a receipient at one particular address, gets Undeliverable message:

We have exchange 2003 server

You do not have permission to send to this recipient.  For assistance, contact your system administrator.
            <mailserver.company.net #5.7.1 smtp;554 5.7.1 Sender: Please tell postmaster at your system: Could not find matching PTR and A records for your mail host 64.113.248.58>

Just started happening a few days ago, no changes were made to e-mail server or DNS server at all during this time.  We host our own e-mail server, our domain is registered is going through dyndns.org, we have our own dns server.
0
Comment
Question by:fireguy1125
  • 4
  • 3
8 Comments
 
LVL 4

Accepted Solution

by:
Interserv earned 400 total points
ID: 22740662
It sounds like your IP address changed and the recipient is looking for a PTR record that points to the host you are sending emails from.  Some mail servers block all emails that are sent from a host that doesn't have a PTR record.  You would have to call your service provider to have them add the PTR record.

You can send an email to check-auth@verifier.port25.com from a mailbox on your exchange server and it will send you a report back of information that could help your debug the issue more.
0
 
LVL 15

Expert Comment

by:GreatVargas
ID: 22740675
You get that message only for one destiny or for all? and for all users also?
0
 
LVL 1

Author Comment

by:fireguy1125
ID: 22740802
which service provider? our isp, or is this a setting i make on dyndns.org where our domain name and dns is?

only one user within our agency is sending to this person, and they are getting the reply back.  i was able to send test e-mail yesterday and it went through which is very weird, i though it was a glitch.  she tried again yesterday evening and the same message came back for her.  sounds like it's somehow related to her e-mail? don't understand why that would be the case?
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 15

Expert Comment

by:GreatVargas
ID: 22740861
nop.. ti related to the destination mail system. notice that dynamic ip mail servers like your are very suitable to end up in RBL's. The destination server is somehow rejecting the mail.
0
 
LVL 1

Author Comment

by:fireguy1125
ID: 22740942
weird how it lets e-mails from me go through but not from her, it's same domain e-mail account, same e-mail server?  here is the reply from that e-mail:

==========================================================
Summary of Results
==========================================================
SPF check:          neutral
DomainKeys check:   neutral
DKIM check:         neutral
Sender-ID check:    neutral
SpamAssassin check: ham

==========================================================
Details:
==========================================================

HELO hostname:  NTFSROOTB.mercyfirst.net
Source IP:      64.113.248.58
mail-from:      gkurnicki@mercyfirst.org

----------------------------------------------------------
SPF check details:
----------------------------------------------------------
Result:         neutral (SPF-Result: None)
ID(s) verified: smtp.mail=gkurnicki@mercyfirst.org
DNS record(s):
    mercyfirst.org. TXT (no records)

----------------------------------------------------------
DomainKeys check details:
----------------------------------------------------------
Result:         neutral (message not signed)
ID(s) verified: header.From=gkurnicki@mercyfirst.org
DNS record(s):

----------------------------------------------------------
DKIM check details:
----------------------------------------------------------
Result:         neutral (message not signed)
ID(s) verified:

NOTE: DKIM checking has been performed based on the latest DKIM specs (RFC 4871 or draft-ietf-dkim-base-10) and verification may fail for older versions.  If you are using Port25's PowerMTA, you need to use version 3.2r11 or later to get a compatible version of DKIM.

----------------------------------------------------------
Sender-ID check details:
----------------------------------------------------------
Result:         neutral (SPF-Result: None)
ID(s) verified: header.From=gkurnicki@mercyfirst.org
DNS record(s):
    mercyfirst.org. TXT (no records)

----------------------------------------------------------
SpamAssassin check details:
----------------------------------------------------------
SpamAssassin v3.2.3 (2007-08-08)

Result:         ham  (1.0 points, 5.0 required)

 pts rule name              description
---- ---------------------- --------------------------------------------------
 0.0 DNS_FROM_SECURITYSAGE  RBL: Envelope sender in
                            blackholes.securitysage.com
 0.0 HTML_MESSAGE           BODY: HTML included in message
-0.7 BAYES_20               BODY: Bayesian spam probability is 5 to 20%
                            [score: 0.0676]
 1.8 MISSING_SUBJECT        Missing Subject: header

==========================================================
Explanation of the possible results (adapted from
draft-kucherawy-sender-auth-header-04.txt):
==========================================================

"pass"
        the message passed the authentication test.

"fail"
        the message failed the authentication test.

"softfail"
        the message failed the authentication test, and the authentication
        method has either an explicit or implicit policy which doesn't require
        successful authentication of all messages from that domain.

"neutral"
        the authentication method completed without errors, but was unable
        to reach either a positive or a negative result about the message.

"temperror"
        a temporary (recoverable) error occurred attempting to authenticate
        the sender; either the process couldn't be completed locally, or
        there was a temporary failure retrieving data required for the
        authentication.  A later retry may produce a more final result.

"permerror"
        a permanent (unrecoverable) error occurred attempting to
        authenticate the sender; either the process couldn't be completed
        locally, or there was a permanent failure retrieving data required
        for the authentication.
0
 
LVL 1

Author Comment

by:fireguy1125
ID: 22743030
I got a reply from the post master at the e-mail address i am sending to he writes:

It says right there what the problem is.  "Sender: Please tell postmaster at your system: Could not find matching PTR and A records for your mail host 64.113.248.58"

The PTR record for 64.113.248.58 says its name is 248.58.newbridgehosting.com, but there is no A record for any host by that name.  So it looks bogus.

Ah!  The A record for mercyfirst.org says it is 64.113.248.58.  How about changing the PTR on 64.113.248.58 to point to mercyfirst.org?
That will do it.  Then we know what that server is.


HOW DO I CHANGE THE PTR?   Is that on my Exchange Server, dyndns, or is that my ISP?
0
 
LVL 15

Assisted Solution

by:GreatVargas
GreatVargas earned 100 total points
ID: 22743146
The PTR is on the dns server. It's a pointer record of dns. you can change it i guess in dyndns. dyndns are the ones that broadcast you dns names over the Internet.
0
 
LVL 1

Author Closing Comment

by:fireguy1125
ID: 31507119
Interserv was right on the money, i contacted ISP who is making change to PTR record.  GreatVargas made great attempt so assigning some points, b/c he lead me to get more information on dyndns, which confirmed what Interserv said originally.  Thank you both!
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
MS Outlook is a world-class email client application that is mainly used for e-communication globally.  In this article, we will discuss the basic idea about MS Outlook, its advanced features, and types of MS Outlook File formats.
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question