We help IT Professionals succeed at work.

Reverse lookup on SBS 2003 r2 not set up correctly for MS Exchange email sending

Medium Priority
368 Views
Last Modified: 2012-05-06
I have users who are experiencing delays or failures when sending to valid email addresses.

A technician on the mail recipent's end tells me:
I have got word that the issue is on your end (somewhat) there is this thing called reverse look-up that is not setup right on your mail server (this is according to our mail service).

He said he has setup an exception to the rule for now but would like you to look into the issue with your mail server.

He said to mention the reverse lookup and they should know what you are talking about. Something to do with the ability to track SPAM as most spammers shut down this service in order to block the ability to track them.

Can someone assist me or direct me to documentation on how to correctly configure this?

Thanks so much for any assistance that you can provide

Comment
Watch Question

Toni UranjekConsultant/Trainer

Commented:
Hi BarbV-oahs,

Contact whoever is responsible for your public DNS records (ISP, registrar) and ask them to add PTR record for your mail server. This should be done on your external, not internal DNS server.
If I may add, it always amuses me, when people actualy believe that checking for PTR records will reduce spam. This is diagnostic and not anti-spam feature. spammers usualy take care of their PTR records.

HTH

Toni
Expert of the Quarter 2009
Expert of the Year 2009

Commented:
Not quite correct above.
Reverse DNS records are set by the company that provides your internet connection, which may or may not be the same company that is providing your DNS records.

I also have to disagree on reverse lookup being set by spammers. As most spam is now sent from compromised home user machines, revere DNS lookup can be an extremely effective way of blocking a lot of spam. If it wasn't then the major ISPs such as AOL wouldn't use it.

-M
If you do not know who handles your DNS records I may be able to help if you could provide your domain name (the part of the email address after the  @ sign).

Author

Commented:
Thanks everyone - I have asked my ISP/DNS handler to make the adjustment recommended by Toniur and Mestha.   This change should be done today.

I'll post back tomorrow to close up the question if it takes care of my problem

This is my first question to EE - I appreciate the fast, friendly and knowledgeable responses from all of you.  How refreshing, in the complicated world we all live in.

Thanks a lot!
Toni UranjekConsultant/Trainer

Commented:
After this change you will be able to deliver you messages to customers with reverse lookup enabled.

And I'm not trying to start fight with Mestha, but from recipent point of view, you can not force all senders to create PTR recordsin this might lead to false positives and lost mail.

I've seen a couple of anti-spam products which would drop connections, if PTR is not found. This behaviuor is against RFC: You can't drop connection, you can only tag message as spam and deliver it to recipient.

Of course it's absolutely true that most spam is now sent from compromised home user machines, but usually broandband connections also have PTR records created by ISPs. Does your recipent's anti-spam solution check only if PTR records exist or if PTR record match mail server name? You don't know? Now, that IS a problem, ;) Either way, you will be dropping legitimate mail if your are not able to define absolute white list.


Expert of the Quarter 2009
Expert of the Year 2009

Commented:
Most of the sites that are using reverse DNS lookups will be using them in combination with something else - using DULs - Dial Up Lists, or lists of Dynamic IP addresses.
No reverse DNS at all is also commonly used as a reason to drop the messages. AT&T do, so does Hotmail and AOL. Yahoo use it as a flag. They are sent back with an NDR.

I have been working with Exchange and SMTP email systems for close to ten years, and the lack of reverse DNS is the most common reason why messages are dropped. That is why you will find most email experts will go after that as the first thing to check.

Whether it is the right thing to do or not, doesn't really matter. To get email delivered directly (ie not via your ISPs SMTP server) to most of the big six email providers you need a reverse DNS entry, which needs to be accurate.

-M
Note that there is really no such thing as reverse DNS, but rather there are PTR records used to resolve IP addresses to hostnames. Please read this blog article for more information on how they affect e-mail and how to configure them:

http://www.spamstopshere.com/blog/2008/05/13/dns-problems-affecting-e-mail-delivery-ptr-records/
Press2EscSystems Integrator

Commented:
Mestha, you are in fact correct.  Without a correct rDNS/PTR record to recognize (non-isp/domain) emails would not get delivered via exchange server to many (most?) of the major US ISPs now....  

Although, not a expert on exchange mail, I have likely dealt with an estimated 30+ calls where the getting the PTR record corrected magically resolved the deliver/NDR issues with SMTP mail.  RFC or no RFC, call it what you will - you may likely will spend hours (days?) on the phone until you heed the suggestion & have your ISP setup a correct PTR record..

Author

Commented:
Hello:

I'm still having a problem with my Exchange server - I have one domain that my mail server will not deliver mail to.   Mail gets stuck in the mail queue with an error of "The remote server did not respond to a connection attempt."
All other mail is coming and going just like it always has.  The admin at this site tells me they are sending and receiving mail from other parties just fine - just not us.
Help!

Where do I look to find out why this one is getting stuck?
Expert of the Quarter 2009
Expert of the Year 2009

Commented:
Can you telnet to their MX record host?

telnet host.example.com 25

-M

Commented:
yes I can
Expert of the Quarter 2009
Expert of the Year 2009

Commented:
If you can telnet to them on port 25 then you should be able to send email via Exchange. It is almost the same thing. You did the test from the Exchange server?

If everything else works correctly then create an SMTP connector for that domain and send email for them via your ISP.

-M

Author

Commented:
Can you tell me how to set up an SMTP connector?
Expert of the Quarter 2009
Expert of the Year 2009
Commented:
You will be adding an additional SMTP connector:
http://www.amset.info/exchange/smtp-connector.asp

-M

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts

Author

Commented:
The solution did correct the problem - I'm still not clear as to why this started happening after at least 6 months of using our own exchange server.   I am also uncertain as to the impact of going through "the side door" as it will to get this to work - It leaves me with the question - what other implications does this change have for me?   I realize that this is "the nature of the beast" we deal with every day with technology and telecommunications - but it does get old after a while.
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.