Solved

rDNS problem...

Posted on 2014-02-18
7
244 Views
Last Modified: 2014-02-20
Hi,

We run a mail server / Exchange 2007, it receives for multiple domains. Recently we have one client who said that emails from him to us were bouncing back to him. There have been no other reports of this problem by anyone else. So I asked for his 'delivery failed' message and it turns out his ISP (BT) is reporting this:

The account or domain may not exist, they may be blacklisted, or missing the proper dns entries.

Well, I have run our domain through MX Toolbox and the domain most definitely exists, it is not blacklisted by anyone, leaving only the DNS entries...

It says that the rDNS is incorrect because the domain is not mentioned in the mail serverHELO/EHLO host name used in the connection, which is true because the domain in question is not the 'main' domain on the server...

I then ran ptr:87.194.***.*** through and it reports back 87-194-***-***.bethere.co.uk

Whilst our ISP is O2, (hence the bethere reference) I was not expecting that back...

Any ideas would be appreciated,

Thanks
0
Comment
Question by:ServTech
  • 3
  • 3
7 Comments
 
LVL 38

Assisted Solution

by:Adam Brown
Adam Brown earned 250 total points
Comment Utility
What that means is that his mail server is enforcing SPF lookup data. His mail server is doing a reverse lookup on your mail server's IP address to see if the domain on record for that IP matches what the email server says it is. In order to resolve this issue, you would need to contact the ISP that provides your public IP address and request a change to your rDNS entry for that IP. It should match what shows up on your Exchange Receive Connector's setting for response to EHLO/HELO. If what shows up there isn't a public address, change it to be so.
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
Comment Utility
A bad PTR or SPF record shouldn't affect INBOUND email though, unless you are using that does those checks for you. If that is the case then the only option is to whitelist as the PTR and other DNS settings should be set by the sender (or whoever looks after the sending server).

Simon.
0
 

Author Comment

by:ServTech
Comment Utility
Yes that is a good point Simon, why would a server 'care' and do an SPF look up when sending, isn't this mainly done when receiving mail as an anti spam deterrent..?
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
Comment Utility
The error you have posted

"The account or domain may not exist, they may be blacklisted, or missing the proper dns entries."

Would tend to suggest there is a problem with YOUR MX records, and the remote service (BT) is trying to deliver the email to the wrong server which doesn't recognise your domain. Check that your MX records are correct, that they don't have bogus servers. Also check the A records for the hosts that are in the MX records and ensure those are valid as well.

Simon.
0
 

Author Comment

by:ServTech
Comment Utility
I've just done an MX lookup and the mail server address is correct:

        smtp:      87.194.***.***
      
      smtp       87.194.***.***   Warning - Reverse DNS does not match SMTP Banner
      smtp       87.194.***.***   8.611 seconds - Not good! on Transaction Time
      smtp       87.194.***.***   OK - 87.194.***.*** resolves to 87-194-***-***.bethere.co.uk
      smtp       87.194.***.***   OK - Supports TLS
      smtp       87.194.***.***   0.952 seconds - Good on Connection time
      smtp       87.194.***.***   OK - Not an open relay

Then did SPF lookup and got this:

         spf:  ******.co.uk
      
      TXT Record       A Valid TXT Record was not found
      SPF Record       A Valid SPF Record was not found

Would this be the reason for BT server rejecting/bouncing the mail..?
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 250 total points
Comment Utility
As I wrote above, BT shouldn't care about inbound email to YOUR server, it is only outbound email FROM your server that would be a problem.
To resolve that issue you would need to get the PTR changes to match your MX record host name.

Lack of SPF record isn't a problem for most sites, it can help, but SPF isn't used enough to be able to drop email on it alone. Ignore the banner error.

Simon.
0
 

Author Comment

by:ServTech
Comment Utility
Ok, will do, thanks.
0

Featured Post

Why spend so long doing email signature updates?

Do you spend loads of your time carrying out email signature updates? Not very interesting are they? Don’t let signature updates get you down. Let Exclaimer Cloud - Signatures for Office 365 make managing email signatures a breeze.

Join & Write a Comment

We are happy to announce a brand new addition to our line of acclaimed email signature management products – CodeTwo Email Signatures for Office 365.
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now