Solved

rDNS problem...

Posted on 2014-02-18
7
260 Views
Last Modified: 2014-02-20
Hi,

We run a mail server / Exchange 2007, it receives for multiple domains. Recently we have one client who said that emails from him to us were bouncing back to him. There have been no other reports of this problem by anyone else. So I asked for his 'delivery failed' message and it turns out his ISP (BT) is reporting this:

The account or domain may not exist, they may be blacklisted, or missing the proper dns entries.

Well, I have run our domain through MX Toolbox and the domain most definitely exists, it is not blacklisted by anyone, leaving only the DNS entries...

It says that the rDNS is incorrect because the domain is not mentioned in the mail serverHELO/EHLO host name used in the connection, which is true because the domain in question is not the 'main' domain on the server...

I then ran ptr:87.194.***.*** through and it reports back 87-194-***-***.bethere.co.uk

Whilst our ISP is O2, (hence the bethere reference) I was not expecting that back...

Any ideas would be appreciated,

Thanks
0
Comment
Question by:ServTech
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
7 Comments
 
LVL 41

Assisted Solution

by:Adam Brown
Adam Brown earned 250 total points
ID: 39868956
What that means is that his mail server is enforcing SPF lookup data. His mail server is doing a reverse lookup on your mail server's IP address to see if the domain on record for that IP matches what the email server says it is. In order to resolve this issue, you would need to contact the ISP that provides your public IP address and request a change to your rDNS entry for that IP. It should match what shows up on your Exchange Receive Connector's setting for response to EHLO/HELO. If what shows up there isn't a public address, change it to be so.
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39871050
A bad PTR or SPF record shouldn't affect INBOUND email though, unless you are using that does those checks for you. If that is the case then the only option is to whitelist as the PTR and other DNS settings should be set by the sender (or whoever looks after the sending server).

Simon.
0
 

Author Comment

by:ServTech
ID: 39871108
Yes that is a good point Simon, why would a server 'care' and do an SPF look up when sending, isn't this mainly done when receiving mail as an anti spam deterrent..?
0
Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39871144
The error you have posted

"The account or domain may not exist, they may be blacklisted, or missing the proper dns entries."

Would tend to suggest there is a problem with YOUR MX records, and the remote service (BT) is trying to deliver the email to the wrong server which doesn't recognise your domain. Check that your MX records are correct, that they don't have bogus servers. Also check the A records for the hosts that are in the MX records and ensure those are valid as well.

Simon.
0
 

Author Comment

by:ServTech
ID: 39871237
I've just done an MX lookup and the mail server address is correct:

        smtp:      87.194.***.***
      
      smtp       87.194.***.***   Warning - Reverse DNS does not match SMTP Banner
      smtp       87.194.***.***   8.611 seconds - Not good! on Transaction Time
      smtp       87.194.***.***   OK - 87.194.***.*** resolves to 87-194-***-***.bethere.co.uk
      smtp       87.194.***.***   OK - Supports TLS
      smtp       87.194.***.***   0.952 seconds - Good on Connection time
      smtp       87.194.***.***   OK - Not an open relay

Then did SPF lookup and got this:

         spf:  ******.co.uk
      
      TXT Record       A Valid TXT Record was not found
      SPF Record       A Valid SPF Record was not found

Would this be the reason for BT server rejecting/bouncing the mail..?
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 250 total points
ID: 39873027
As I wrote above, BT shouldn't care about inbound email to YOUR server, it is only outbound email FROM your server that would be a problem.
To resolve that issue you would need to get the PTR changes to match your MX record host name.

Lack of SPF record isn't a problem for most sites, it can help, but SPF isn't used enough to be able to drop email on it alone. Ignore the banner error.

Simon.
0
 

Author Comment

by:ServTech
ID: 39874098
Ok, will do, thanks.
0

Featured Post

PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Unified and professional email signatures help maintain a consistent company brand image to the outside world. This article shows how to create an email signature in Exchange Server 2010 using a transport rule and how to overcome native limitations …
This article will help to fix the below errors for MS Exchange Server 2013 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

689 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question