Solved

Email Rejections due to Invalid Reverse PTR Record

Posted on 2009-03-31
5
1,659 Views
Last Modified: 2013-11-30
We just purchased a Barracuda SPAM Filter to replace our old eSOFT Spam Filter appliance.  The SPAM Filter inspects messages and forwards them to our internal Exchange Server.  The SPAM FIlter sites on our LAN along with our Exchange Server, and both sit behind our Corporate Firewall.

Needless to say, every since I switched to the Barracuda, our email's are getting rejected by some Domains. For example, we can't send to "Comcast.net".  In our SMTP log on our Exchange server, I see an error regarding an invalid Reverse PTR record.   Our ISP hosts our DNS for our mail server, and I had them switch the hostname to resolve to the hostname of our Barracuda SPAM filter.  However, I still can't sent to comcast.  The emails are sitting in our Exchange server queue for up to 24 hours, and eventually we receive an NDR.  

Finally, according to some of the free DNS online tools, my MX record seems to resolve properly.  Any suggestions?
0
Comment
Question by:elecdave
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
5 Comments
 
LVL 12

Accepted Solution

by:
Steve earned 250 total points
ID: 24036247
You need to get your ISP to check the 'in-arpa' addresses for you.. you'll find that even though they've changed your DNS to resolve correctly.. the reverse DNS is still setup to the wrong name.. once they change that and restart their DNS it'll be fine..

0
 

Author Comment

by:elecdave
ID: 24037466
PsychoFelix,

Thanks for your quick response.  Meanwhile, I'll contact our ISP this morning, but their's one other piece to this puzzle.  When I implemented the Barracuda, our internal Private IP Addressing scheme changes.  We went from a 169.254.92.0 to a 192.168.1.0  for our LAN.   Our internal DNS servers are are only servicing our AD domain, and they are acting as DNS forwarders for all external resolution.  You don't think that our internal DNS servers have anything to do with this issue, do you?  
0
 
LVL 65

Assisted Solution

by:Mestha
Mestha earned 250 total points
ID: 24039500
Internal DNS would have nothing to do with this. It is purely down to how your server is seen by the internet. PTR records and preferably how the appliance announces itself, the SMTP banner or EHLO/HELO banner.

Simon.
0
 

Author Comment

by:elecdave
ID: 24060999
I found my solution.  The issue was related to our Cisco ASA.  For some reason, the ASA NAT policies were not functional any longer.  We had seperate NAT policies for SMTP, POP and HTTS. For some reason STMP was redirecting out of hte default interface for packets that weren't specific to the NAT policies. Needless to say, we resolved the issue on our ASA and all is well.  Thanks again for your help.
0
 

Author Closing Comment

by:elecdave
ID: 31565173
Thanks again for all your help.  Since neither issue was correct, I split the points between the two experts who replied.  If I could, I'd give you both a million points just for your quick responses!!!
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hello Friends, My friends and relatives always ask me how to delete all the various types of emails at once in our g-mail  or windows live account.  So I researched this topic to find a unique solution to this query.  Here it is for those who do …
Pop culture is prime bait for hackers seeking to infect user’s computers and mobile devices with malicious malware. Hackers know exactly what the latest trends are online and know how to use them to their advantage.
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

628 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question