Solved

SMTP 554 Could not find matching PTR and A records for your mail host

Posted on 2008-10-17
8
2,023 Views
Last Modified: 2013-11-30
Employee trying to send e-mail to a receipient at one particular address, gets Undeliverable message:

We have exchange 2003 server

You do not have permission to send to this recipient.  For assistance, contact your system administrator.
            <mailserver.company.net #5.7.1 smtp;554 5.7.1 Sender: Please tell postmaster at your system: Could not find matching PTR and A records for your mail host 64.113.248.58>

Just started happening a few days ago, no changes were made to e-mail server or DNS server at all during this time.  We host our own e-mail server, our domain is registered is going through dyndns.org, we have our own dns server.
0
Comment
Question by:fireguy1125
  • 4
  • 3
8 Comments
 
LVL 4

Accepted Solution

by:
Interserv earned 400 total points
ID: 22740662
It sounds like your IP address changed and the recipient is looking for a PTR record that points to the host you are sending emails from.  Some mail servers block all emails that are sent from a host that doesn't have a PTR record.  You would have to call your service provider to have them add the PTR record.

You can send an email to check-auth@verifier.port25.com from a mailbox on your exchange server and it will send you a report back of information that could help your debug the issue more.
0
 
LVL 15

Expert Comment

by:GreatVargas
ID: 22740675
You get that message only for one destiny or for all? and for all users also?
0
 
LVL 1

Author Comment

by:fireguy1125
ID: 22740802
which service provider? our isp, or is this a setting i make on dyndns.org where our domain name and dns is?

only one user within our agency is sending to this person, and they are getting the reply back.  i was able to send test e-mail yesterday and it went through which is very weird, i though it was a glitch.  she tried again yesterday evening and the same message came back for her.  sounds like it's somehow related to her e-mail? don't understand why that would be the case?
0
 
LVL 15

Expert Comment

by:GreatVargas
ID: 22740861
nop.. ti related to the destination mail system. notice that dynamic ip mail servers like your are very suitable to end up in RBL's. The destination server is somehow rejecting the mail.
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 1

Author Comment

by:fireguy1125
ID: 22740942
weird how it lets e-mails from me go through but not from her, it's same domain e-mail account, same e-mail server?  here is the reply from that e-mail:

==========================================================
Summary of Results
==========================================================
SPF check:          neutral
DomainKeys check:   neutral
DKIM check:         neutral
Sender-ID check:    neutral
SpamAssassin check: ham

==========================================================
Details:
==========================================================

HELO hostname:  NTFSROOTB.mercyfirst.net
Source IP:      64.113.248.58
mail-from:      gkurnicki@mercyfirst.org

----------------------------------------------------------
SPF check details:
----------------------------------------------------------
Result:         neutral (SPF-Result: None)
ID(s) verified: smtp.mail=gkurnicki@mercyfirst.org
DNS record(s):
    mercyfirst.org. TXT (no records)

----------------------------------------------------------
DomainKeys check details:
----------------------------------------------------------
Result:         neutral (message not signed)
ID(s) verified: header.From=gkurnicki@mercyfirst.org
DNS record(s):

----------------------------------------------------------
DKIM check details:
----------------------------------------------------------
Result:         neutral (message not signed)
ID(s) verified:

NOTE: DKIM checking has been performed based on the latest DKIM specs (RFC 4871 or draft-ietf-dkim-base-10) and verification may fail for older versions.  If you are using Port25's PowerMTA, you need to use version 3.2r11 or later to get a compatible version of DKIM.

----------------------------------------------------------
Sender-ID check details:
----------------------------------------------------------
Result:         neutral (SPF-Result: None)
ID(s) verified: header.From=gkurnicki@mercyfirst.org
DNS record(s):
    mercyfirst.org. TXT (no records)

----------------------------------------------------------
SpamAssassin check details:
----------------------------------------------------------
SpamAssassin v3.2.3 (2007-08-08)

Result:         ham  (1.0 points, 5.0 required)

 pts rule name              description
---- ---------------------- --------------------------------------------------
 0.0 DNS_FROM_SECURITYSAGE  RBL: Envelope sender in
                            blackholes.securitysage.com
 0.0 HTML_MESSAGE           BODY: HTML included in message
-0.7 BAYES_20               BODY: Bayesian spam probability is 5 to 20%
                            [score: 0.0676]
 1.8 MISSING_SUBJECT        Missing Subject: header

==========================================================
Explanation of the possible results (adapted from
draft-kucherawy-sender-auth-header-04.txt):
==========================================================

"pass"
        the message passed the authentication test.

"fail"
        the message failed the authentication test.

"softfail"
        the message failed the authentication test, and the authentication
        method has either an explicit or implicit policy which doesn't require
        successful authentication of all messages from that domain.

"neutral"
        the authentication method completed without errors, but was unable
        to reach either a positive or a negative result about the message.

"temperror"
        a temporary (recoverable) error occurred attempting to authenticate
        the sender; either the process couldn't be completed locally, or
        there was a temporary failure retrieving data required for the
        authentication.  A later retry may produce a more final result.

"permerror"
        a permanent (unrecoverable) error occurred attempting to
        authenticate the sender; either the process couldn't be completed
        locally, or there was a permanent failure retrieving data required
        for the authentication.
0
 
LVL 1

Author Comment

by:fireguy1125
ID: 22743030
I got a reply from the post master at the e-mail address i am sending to he writes:

It says right there what the problem is.  "Sender: Please tell postmaster at your system: Could not find matching PTR and A records for your mail host 64.113.248.58"

The PTR record for 64.113.248.58 says its name is 248.58.newbridgehosting.com, but there is no A record for any host by that name.  So it looks bogus.

Ah!  The A record for mercyfirst.org says it is 64.113.248.58.  How about changing the PTR on 64.113.248.58 to point to mercyfirst.org?
That will do it.  Then we know what that server is.


HOW DO I CHANGE THE PTR?   Is that on my Exchange Server, dyndns, or is that my ISP?
0
 
LVL 15

Assisted Solution

by:GreatVargas
GreatVargas earned 100 total points
ID: 22743146
The PTR is on the dns server. It's a pointer record of dns. you can change it i guess in dyndns. dyndns are the ones that broadcast you dns names over the Internet.
0
 
LVL 1

Author Closing Comment

by:fireguy1125
ID: 31507119
Interserv was right on the money, i contacted ISP who is making change to PTR record.  GreatVargas made great attempt so assigning some points, b/c he lead me to get more information on dyndns, which confirmed what Interserv said originally.  Thank you both!
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Not sure what the best email signature size is? Are you worried about email signature image size? Follow this best practice guide.
This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now