Solved

rDNS problem...

Posted on 2014-02-18
7
254 Views
Last Modified: 2014-02-20
Hi,

We run a mail server / Exchange 2007, it receives for multiple domains. Recently we have one client who said that emails from him to us were bouncing back to him. There have been no other reports of this problem by anyone else. So I asked for his 'delivery failed' message and it turns out his ISP (BT) is reporting this:

The account or domain may not exist, they may be blacklisted, or missing the proper dns entries.

Well, I have run our domain through MX Toolbox and the domain most definitely exists, it is not blacklisted by anyone, leaving only the DNS entries...

It says that the rDNS is incorrect because the domain is not mentioned in the mail serverHELO/EHLO host name used in the connection, which is true because the domain in question is not the 'main' domain on the server...

I then ran ptr:87.194.***.*** through and it reports back 87-194-***-***.bethere.co.uk

Whilst our ISP is O2, (hence the bethere reference) I was not expecting that back...

Any ideas would be appreciated,

Thanks
0
Comment
Question by:ServTech
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
7 Comments
 
LVL 40

Assisted Solution

by:Adam Brown
Adam Brown earned 250 total points
ID: 39868956
What that means is that his mail server is enforcing SPF lookup data. His mail server is doing a reverse lookup on your mail server's IP address to see if the domain on record for that IP matches what the email server says it is. In order to resolve this issue, you would need to contact the ISP that provides your public IP address and request a change to your rDNS entry for that IP. It should match what shows up on your Exchange Receive Connector's setting for response to EHLO/HELO. If what shows up there isn't a public address, change it to be so.
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39871050
A bad PTR or SPF record shouldn't affect INBOUND email though, unless you are using that does those checks for you. If that is the case then the only option is to whitelist as the PTR and other DNS settings should be set by the sender (or whoever looks after the sending server).

Simon.
0
 

Author Comment

by:ServTech
ID: 39871108
Yes that is a good point Simon, why would a server 'care' and do an SPF look up when sending, isn't this mainly done when receiving mail as an anti spam deterrent..?
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39871144
The error you have posted

"The account or domain may not exist, they may be blacklisted, or missing the proper dns entries."

Would tend to suggest there is a problem with YOUR MX records, and the remote service (BT) is trying to deliver the email to the wrong server which doesn't recognise your domain. Check that your MX records are correct, that they don't have bogus servers. Also check the A records for the hosts that are in the MX records and ensure those are valid as well.

Simon.
0
 

Author Comment

by:ServTech
ID: 39871237
I've just done an MX lookup and the mail server address is correct:

        smtp:      87.194.***.***
      
      smtp       87.194.***.***   Warning - Reverse DNS does not match SMTP Banner
      smtp       87.194.***.***   8.611 seconds - Not good! on Transaction Time
      smtp       87.194.***.***   OK - 87.194.***.*** resolves to 87-194-***-***.bethere.co.uk
      smtp       87.194.***.***   OK - Supports TLS
      smtp       87.194.***.***   0.952 seconds - Good on Connection time
      smtp       87.194.***.***   OK - Not an open relay

Then did SPF lookup and got this:

         spf:  ******.co.uk
      
      TXT Record       A Valid TXT Record was not found
      SPF Record       A Valid SPF Record was not found

Would this be the reason for BT server rejecting/bouncing the mail..?
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 250 total points
ID: 39873027
As I wrote above, BT shouldn't care about inbound email to YOUR server, it is only outbound email FROM your server that would be a problem.
To resolve that issue you would need to get the PTR changes to match your MX record host name.

Lack of SPF record isn't a problem for most sites, it can help, but SPF isn't used enough to be able to drop email on it alone. Ignore the banner error.

Simon.
0
 

Author Comment

by:ServTech
ID: 39874098
Ok, will do, thanks.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Lotus Notes – formerly IBM Notes – is an email client application, while IBM Domino (earlier Lotus Domino) is an email server. The client possesses a set of features that are even more advanced as compared to that of Outlook. Likewise, IBM Domino is…
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question