[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

rDNS problem...

Posted on 2014-02-18
7
Medium Priority
?
263 Views
Last Modified: 2014-02-20
Hi,

We run a mail server / Exchange 2007, it receives for multiple domains. Recently we have one client who said that emails from him to us were bouncing back to him. There have been no other reports of this problem by anyone else. So I asked for his 'delivery failed' message and it turns out his ISP (BT) is reporting this:

The account or domain may not exist, they may be blacklisted, or missing the proper dns entries.

Well, I have run our domain through MX Toolbox and the domain most definitely exists, it is not blacklisted by anyone, leaving only the DNS entries...

It says that the rDNS is incorrect because the domain is not mentioned in the mail serverHELO/EHLO host name used in the connection, which is true because the domain in question is not the 'main' domain on the server...

I then ran ptr:87.194.***.*** through and it reports back 87-194-***-***.bethere.co.uk

Whilst our ISP is O2, (hence the bethere reference) I was not expecting that back...

Any ideas would be appreciated,

Thanks
0
Comment
Question by:ServTech
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
7 Comments
 
LVL 43

Assisted Solution

by:Adam Brown
Adam Brown earned 1000 total points
ID: 39868956
What that means is that his mail server is enforcing SPF lookup data. His mail server is doing a reverse lookup on your mail server's IP address to see if the domain on record for that IP matches what the email server says it is. In order to resolve this issue, you would need to contact the ISP that provides your public IP address and request a change to your rDNS entry for that IP. It should match what shows up on your Exchange Receive Connector's setting for response to EHLO/HELO. If what shows up there isn't a public address, change it to be so.
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39871050
A bad PTR or SPF record shouldn't affect INBOUND email though, unless you are using that does those checks for you. If that is the case then the only option is to whitelist as the PTR and other DNS settings should be set by the sender (or whoever looks after the sending server).

Simon.
0
 

Author Comment

by:ServTech
ID: 39871108
Yes that is a good point Simon, why would a server 'care' and do an SPF look up when sending, isn't this mainly done when receiving mail as an anti spam deterrent..?
0
Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39871144
The error you have posted

"The account or domain may not exist, they may be blacklisted, or missing the proper dns entries."

Would tend to suggest there is a problem with YOUR MX records, and the remote service (BT) is trying to deliver the email to the wrong server which doesn't recognise your domain. Check that your MX records are correct, that they don't have bogus servers. Also check the A records for the hosts that are in the MX records and ensure those are valid as well.

Simon.
0
 

Author Comment

by:ServTech
ID: 39871237
I've just done an MX lookup and the mail server address is correct:

        smtp:      87.194.***.***
      
      smtp       87.194.***.***   Warning - Reverse DNS does not match SMTP Banner
      smtp       87.194.***.***   8.611 seconds - Not good! on Transaction Time
      smtp       87.194.***.***   OK - 87.194.***.*** resolves to 87-194-***-***.bethere.co.uk
      smtp       87.194.***.***   OK - Supports TLS
      smtp       87.194.***.***   0.952 seconds - Good on Connection time
      smtp       87.194.***.***   OK - Not an open relay

Then did SPF lookup and got this:

         spf:  ******.co.uk
      
      TXT Record       A Valid TXT Record was not found
      SPF Record       A Valid SPF Record was not found

Would this be the reason for BT server rejecting/bouncing the mail..?
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 1000 total points
ID: 39873027
As I wrote above, BT shouldn't care about inbound email to YOUR server, it is only outbound email FROM your server that would be a problem.
To resolve that issue you would need to get the PTR changes to match your MX record host name.

Lack of SPF record isn't a problem for most sites, it can help, but SPF isn't used enough to be able to drop email on it alone. Ignore the banner error.

Simon.
0
 

Author Comment

by:ServTech
ID: 39874098
Ok, will do, thanks.
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

One-stop solution for Exchange Administrators to address all MS Exchange Server issues, which is known by the name of Stellar Exchange Toolkit.
Want to know how to use Exchange Server Eseutil command? Go through this article as it gives you the know-how.
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question