#5.7.1 smtp;554.5.7.1 Client host rejected: The sender's mail server is blocked
I have a couple of users who get the following error from time to time:
<APOLLO.mvengineering.com #5.7.1 smtp;554 5.7.1 <apollo.mvengineering.com[
Now, we had this error last week, and it turned out that our IP ended up on a couple of blacklists. Our IP has since been removed, and things seemed to be back to normal.
So, I went to MXToolbox and genereted various reports, which all came back OK, except for one that reads as follows:
"Error
mx requires a Fully Qualified Domain Name and 66.17.19.200 is not a valid FQDN.
Invalid Input"
Could this be the reason we are being blocked? And, how do I fix it?
The full MXToolbox details are below:
___________________
blacklist:66.17.19.200 blacklist
Checking 66.17.19.200 against 105 known blacklists...
Listed 0 times with 4 timeouts.
Blacklist Status Reason TTL ResponseTime
AHBL OK 47
ANT OK 172
Backscatter.org OK 47
BARRACUDA OK 47
BURNT-TECH OK 16
CASA-CBL OK 47
CASA-CBL+ OK 62
CASA-CDL OK 62
CBL OK 31
CYBERLOGIC OK 47
CYMRU-BOGONS OK 62
DAN-TOR OK 125
DAN-TOREXIT OK 125
DEADBEEF OK 62
DNSBLINFO OK 109
DUINV OK 312
DULRU OK 203
EMAILBASURA OK 484
FABELSOURCES OK 109
FIVETEN OK 109
GIRL OK 109
GRIP OK 109
HIL OK 109
HIL OK 109
HILLI OK 156
ICMFORBIDDEN OK 172
IMP-SPAM OK 296
IMP-WORM OK 296
INTERSIL OK 156
ivmSIP OK 156
ivmSIP/24 OK 156
KEMPTBL OK 156
KUNDENSERVER OK 156
LASHBACK OK 156
LNSGBLOCK OK 156
LNSGBULK OK 156
LNSGDUL OK 156
LNSGMULTI OK 156
LNSGOR OK 156
LNSGSRC OK 156
MSRBL-Combined OK 156
MSRBL-Images OK 156
MSRBL-Phising OK 156
MSRBL-Spam OK 156
MSRBL-Viruses OK 156
NERD OK 156
NETHERRELAYS OK 156
NETHERUNSURE OK 156
NIXSPAM OK 172
NJABL OK 172
NJABLDUL OK 172
NJABLFORMMAIL OK 172
NJABLMULTI OK 172
NJABLPROXIES OK 172
NJABLSOURCES OK 172
NLKUNBLACKLIST OK 187
NLKUNWHITELIST OK 187
NOFALSEPOSITIVE OK 172
NOMOREFUNN OK 218
ORID OK 437
ORVEDB OK 203
OSPAM OK 187
PDL OK 187
PSBL OK 187
RATS-Dyna OK 203
RATS-NoPtr OK 203
RATS-Spam OK 203
RBL-JP OK 203
REDHAWK OK 203
RSBL OK 359
SCHULTE OK 218
SDERB OK 218
SENDERBASE OK 218
SERVICESNET OK 218
SOLID OK 218
SORBS-BLOCK OK 218
SORBS-DUHL OK 218
SORBS-HTTP OK 218
SORBS-MISC OK 218
SORBS-SMTP OK 218
SORBS-SOCKS OK 218
SORBS-SPAM OK 218
SORBS-WEB OK 218
SORBS-ZOMBIE OK 218
SPAMCANNIBAL OK 218
SPAMCOP OK 218
Spamhaus-ZEN OK 218
SPAMSOURCES OK 218
SPEWS1 OK 218
SPEWS2 OK 218
SWINOG OK 359
TECHNOVISION OK 312
Tiopan OK 312
TRIUMF OK 312
UCEPROTECTL1 OK 312
UCEPROTECTL2 OK 312
UCEPROTECTL3 OK 312
VIRBL OK 312
WPBL OK 312
WSFF OK 312
ZONEEDIT OK 312
CSMA TIMEOUT 0
RANGERSBL TIMEOUT 0
RRBL TIMEOUT 0
SPAMRBL TIMEOUT 0
reverse lookup smtp diag port scan blacklist
Reported by mxtoolbox.com on Friday, March 19, 2010 at 12:01:32 PM (History)
scan:66.17.19.200 scan
6 open ports:
21 ftp Success 62 ms
25 smtp Success 62 ms
80 http Success 62 ms
110 pop3 Success 62 ms
143 imap Success 62 ms
443 https Success 62 ms
These ports were closed:
22 ssh Timeout 0 ms
23 telnet Timeout 0 ms
53 dns Timeout 0 ms
139 netbios Timeout 0 ms
389 ldap Timeout 0 ms
587 msa-outlook Timeout 0 ms
1433 sql server Timeout 0 ms
3306 my sql Timeout 0 ms
3389 remote desktop Timeout 0 ms
8080 webcache Timeout 0 ms
reverse lookup smtp diag port scan blacklist
Reported by mxtoolbox.com on Friday, March 19, 2010 at 12:01:11 PM
smtp:66.17.19.200 smtp
220 APOLLO.mvengineering.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.3959 ready at Fri, 19 Mar 2010 10:00:29 -0700
Not an open relay.
0 seconds - Good on Connection time
0.296 seconds - Good on Transaction time
OK - 66.17.19.200 resolves to apollo.mvengineering.com
OK - Reverse DNS matches SMTP Banner
Session Transcript:
HELO please-read-policy.mxtoolb
250 APOLLO.mvengineering.com [78 ms]
MAIL FROM: <supertool@mxtoolbox.com>
250 2.1.0 supertool@mxtoolbox.com...
RCPT TO: <test@example.com>
550 5.7.1 Unable to relay for test@example.com [62 ms]
QUIT
221 2.0.0 APOLLO.mvengineering.com Service closing transmission channel [94 ms]
reverse lookup smtp diag port scan blacklist
Reported by mxtoolbox.com on Friday, March 19, 2010 at 12:00:26 PM (History)
ptr:66.17.19.200 ptr
Type IP Address Domain Name TTL
PTR 66.17.19.200 apollo.mvengineering.com 60 min
reverse lookup smtp diag port scan blacklist
Reported by adns01.la.telepacific.net on Friday, March 19, 2010 at 12:00:11 PM (History)
Error
mx requires a Fully Qualified Domain Name and 66.17.19.200 is not a valid FQDN.
Invalid Inputreverse lookup smtp diag port scan blacklist
Reported by mxtoolbox.com on Friday, March 19, 2010 at 11:40:48 AM
<APOLLO.mvengineering.com #5.7.1 smtp;554 5.7.1 <apollo.mvengineering.com[
Now, we had this error last week, and it turned out that our IP ended up on a couple of blacklists. Our IP has since been removed, and things seemed to be back to normal.
So, I went to MXToolbox and genereted various reports, which all came back OK, except for one that reads as follows:
"Error
mx requires a Fully Qualified Domain Name and 66.17.19.200 is not a valid FQDN.
Invalid Input"
Could this be the reason we are being blocked? And, how do I fix it?
The full MXToolbox details are below:
___________________
blacklist:66.17.19.200 blacklist
Checking 66.17.19.200 against 105 known blacklists...
Listed 0 times with 4 timeouts.
Blacklist Status Reason TTL ResponseTime
AHBL OK 47
ANT OK 172
Backscatter.org OK 47
BARRACUDA OK 47
BURNT-TECH OK 16
CASA-CBL OK 47
CASA-CBL+ OK 62
CASA-CDL OK 62
CBL OK 31
CYBERLOGIC OK 47
CYMRU-BOGONS OK 62
DAN-TOR OK 125
DAN-TOREXIT OK 125
DEADBEEF OK 62
DNSBLINFO OK 109
DUINV OK 312
DULRU OK 203
EMAILBASURA OK 484
FABELSOURCES OK 109
FIVETEN OK 109
GIRL OK 109
GRIP OK 109
HIL OK 109
HIL OK 109
HILLI OK 156
ICMFORBIDDEN OK 172
IMP-SPAM OK 296
IMP-WORM OK 296
INTERSIL OK 156
ivmSIP OK 156
ivmSIP/24 OK 156
KEMPTBL OK 156
KUNDENSERVER OK 156
LASHBACK OK 156
LNSGBLOCK OK 156
LNSGBULK OK 156
LNSGDUL OK 156
LNSGMULTI OK 156
LNSGOR OK 156
LNSGSRC OK 156
MSRBL-Combined OK 156
MSRBL-Images OK 156
MSRBL-Phising OK 156
MSRBL-Spam OK 156
MSRBL-Viruses OK 156
NERD OK 156
NETHERRELAYS OK 156
NETHERUNSURE OK 156
NIXSPAM OK 172
NJABL OK 172
NJABLDUL OK 172
NJABLFORMMAIL OK 172
NJABLMULTI OK 172
NJABLPROXIES OK 172
NJABLSOURCES OK 172
NLKUNBLACKLIST OK 187
NLKUNWHITELIST OK 187
NOFALSEPOSITIVE OK 172
NOMOREFUNN OK 218
ORID OK 437
ORVEDB OK 203
OSPAM OK 187
PDL OK 187
PSBL OK 187
RATS-Dyna OK 203
RATS-NoPtr OK 203
RATS-Spam OK 203
RBL-JP OK 203
REDHAWK OK 203
RSBL OK 359
SCHULTE OK 218
SDERB OK 218
SENDERBASE OK 218
SERVICESNET OK 218
SOLID OK 218
SORBS-BLOCK OK 218
SORBS-DUHL OK 218
SORBS-HTTP OK 218
SORBS-MISC OK 218
SORBS-SMTP OK 218
SORBS-SOCKS OK 218
SORBS-SPAM OK 218
SORBS-WEB OK 218
SORBS-ZOMBIE OK 218
SPAMCANNIBAL OK 218
SPAMCOP OK 218
Spamhaus-ZEN OK 218
SPAMSOURCES OK 218
SPEWS1 OK 218
SPEWS2 OK 218
SWINOG OK 359
TECHNOVISION OK 312
Tiopan OK 312
TRIUMF OK 312
UCEPROTECTL1 OK 312
UCEPROTECTL2 OK 312
UCEPROTECTL3 OK 312
VIRBL OK 312
WPBL OK 312
WSFF OK 312
ZONEEDIT OK 312
CSMA TIMEOUT 0
RANGERSBL TIMEOUT 0
RRBL TIMEOUT 0
SPAMRBL TIMEOUT 0
reverse lookup smtp diag port scan blacklist
Reported by mxtoolbox.com on Friday, March 19, 2010 at 12:01:32 PM (History)
scan:66.17.19.200 scan
6 open ports:
21 ftp Success 62 ms
25 smtp Success 62 ms
80 http Success 62 ms
110 pop3 Success 62 ms
143 imap Success 62 ms
443 https Success 62 ms
These ports were closed:
22 ssh Timeout 0 ms
23 telnet Timeout 0 ms
53 dns Timeout 0 ms
139 netbios Timeout 0 ms
389 ldap Timeout 0 ms
587 msa-outlook Timeout 0 ms
1433 sql server Timeout 0 ms
3306 my sql Timeout 0 ms
3389 remote desktop Timeout 0 ms
8080 webcache Timeout 0 ms
reverse lookup smtp diag port scan blacklist
Reported by mxtoolbox.com on Friday, March 19, 2010 at 12:01:11 PM
smtp:66.17.19.200 smtp
220 APOLLO.mvengineering.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.3959 ready at Fri, 19 Mar 2010 10:00:29 -0700
Not an open relay.
0 seconds - Good on Connection time
0.296 seconds - Good on Transaction time
OK - 66.17.19.200 resolves to apollo.mvengineering.com
OK - Reverse DNS matches SMTP Banner
Session Transcript:
HELO please-read-policy.mxtoolb
250 APOLLO.mvengineering.com [78 ms]
MAIL FROM: <supertool@mxtoolbox.com>
250 2.1.0 supertool@mxtoolbox.com...
RCPT TO: <test@example.com>
550 5.7.1 Unable to relay for test@example.com [62 ms]
QUIT
221 2.0.0 APOLLO.mvengineering.com Service closing transmission channel [94 ms]
reverse lookup smtp diag port scan blacklist
Reported by mxtoolbox.com on Friday, March 19, 2010 at 12:00:26 PM (History)
ptr:66.17.19.200 ptr
Type IP Address Domain Name TTL
PTR 66.17.19.200 apollo.mvengineering.com 60 min
reverse lookup smtp diag port scan blacklist
Reported by adns01.la.telepacific.net on Friday, March 19, 2010 at 12:00:11 PM (History)
Error
mx requires a Fully Qualified Domain Name and 66.17.19.200 is not a valid FQDN.
Invalid Inputreverse lookup smtp diag port scan blacklist
Reported by mxtoolbox.com on Friday, March 19, 2010 at 11:40:48 AM
You also have an MX record with a priority of 0 - which some mail servers don't get on with - please change this to anything other than 0.
Both MX records you have point to the same IP - which is a complete waste of time. If one MX goes down, they both go down. Lose one of the MX records.
Both MX records you have point to the same IP - which is a complete waste of time. If one MX goes down, they both go down. Lose one of the MX records.
$ dig -x 66.17.19.200
...
;; ANSWER SECTION:
200.19.17.66.in-addr.arpa.
Everythig's OK. Let's check MX record:
$ dig -x 66.17.19.200 MX
...
;; QUESTION SECTION:
;200.19.17.66.in-addr.arpa
;; AUTHORITY SECTION:
19.17.66.in-addr.arpa. 3600 IN SOA adns01.la.telepacific.net.
no ANSWER section.
You need a record on DNS servers adns01.la.telepacific.net.
...
;; ANSWER SECTION:
200.19.17.66.in-addr.arpa.
Everythig's OK. Let's check MX record:
$ dig -x 66.17.19.200 MX
...
;; QUESTION SECTION:
;200.19.17.66.in-addr.arpa
;; AUTHORITY SECTION:
19.17.66.in-addr.arpa. 3600 IN SOA adns01.la.telepacific.net.
no ANSWER section.
You need a record on DNS servers adns01.la.telepacific.net.
ASKER
I removed the MX record with priority of 0, so the only remaining MX has priority of 10.
Am checking with our ISP regarding DNS on their servers...
Am checking with our ISP regarding DNS on their servers...
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I added the following SPF: v=spf1 mx mx:mail1.mvengineering.com
ASKER
I have opened a ticket with our ISP to rDNS both apollo and mail1 to the 66.x IP.
ASKER
Our ISP indicates that they only allow us to have one rDNS per IP. So, I remove the apollo rDNS record and changed it to mail1. Then I deleted the apollo A record.
Sounds good to me.
You also need to change your FQDN on the Exchange Server.
Open up Exchange System Manager> Server> Your Server> Protocols> SMTP. SMTP Virtual Server Properties> Delivery Tab> Advanced Button.
Change the FQDN to be mail1.yourdomain.com
Open up Exchange System Manager> Server> Your Server> Protocols> SMTP. SMTP Virtual Server Properties> Delivery Tab> Advanced Button.
Change the FQDN to be mail1.yourdomain.com
ASKER
Our SMTP Virtual Server is not running. In ESM, there is an entry directly below the SMTP Virtual Server, titled E-mail SMTP, and that is the only protocol running under SMTP. Could this be part of the problem as well?
The name of the Virtual Server is not relevant - they can be renamed. Look at the properties of that and follow from:
E-mail SMTP Properties> Delivery Tab> Advanced Button.
Change the FQDN to be mail1.yourdomain.com
E-mail SMTP Properties> Delivery Tab> Advanced Button.
Change the FQDN to be mail1.yourdomain.com
ASKER
I understand. The FQDN is now mail1.
https://www.experts-exchange.com/articles/Software/Server_Software/Email_Servers/Problems-sending-mail-to-one-or-more-external-domains.html
Sounds like your configuration is not right, especially if you have an IP address for an MX record. This should be an FQDN e.g., mail.yourdomain.com
My artice will help you determine any other problems that there are.