Jim Wobig
asked on
DNS issues and email problems
I just started working for a company that the old admin had placed their own external DNS server on the internet and it has died. He didn't document the server or the setting so I cant recreate. I decided the easiest way to get their web, email, and VPN solution back up was to register with Network Solutions. All is working properly but email which I can send/receive to most companies we work with but there are several domain that I cant send to. It doesn't give me a non-delivery error but Exchange will say after several day that it given up on trying to deliver the message. If I do a DNS report it says the following:
"One or more addresses referenced by MX records do not have a matching reverse DNS entry" and this is what I have registered:
206.188.198.41 has mx.mycompany.com. | 70.xx.xx.10 listed.
205.178.190.41 has mx.mycompany.com. | 70.xx.xx.10 listed.
We had our ISP do a reverse lookup entry which took them four weeks but I still can send email to some domains. Here is the revers DNS lookup;
Server: 4.2.2.1
Address: 4.2.2.1#53
Non-authoritative answer:
10.xx.xx.70.in-addr.arpa canonical name = mx.mycompany.com.
Authoritative answers can be found from:
mycompany.com
origin = NS81.WORLDNIC.com
mail addr = namehost.WORLDNIC.com
serial = 114041815
refresh = 10800
retry = 3600
expire = 604800
minimum = 3600
I really need to get this fixed and appreciate any input to get this resolved.
"One or more addresses referenced by MX records do not have a matching reverse DNS entry" and this is what I have registered:
206.188.198.41 has mx.mycompany.com. | 70.xx.xx.10 listed.
205.178.190.41 has mx.mycompany.com. | 70.xx.xx.10 listed.
We had our ISP do a reverse lookup entry which took them four weeks but I still can send email to some domains. Here is the revers DNS lookup;
Server: 4.2.2.1
Address: 4.2.2.1#53
Non-authoritative answer:
10.xx.xx.70.in-addr.arpa canonical name = mx.mycompany.com.
Authoritative answers can be found from:
mycompany.com
origin = NS81.WORLDNIC.com
mail addr = namehost.WORLDNIC.com
serial = 114041815
refresh = 10800
retry = 3600
expire = 604800
minimum = 3600
I really need to get this fixed and appreciate any input to get this resolved.
ASKER
mx.domain.com
There is absolutely no need to publish IP's or domain names - it just makes you a bigger target, so please don't publish them.
If you are having problems sending emails to certain domains, you can use telnet to manually test mail-flow from your server to their server and see if you get any obvious errors.
http://support.microsoft.com/kb/153119
Alan
(EE Zone Advisor)
If you are having problems sending emails to certain domains, you can use telnet to manually test mail-flow from your server to their server and see if you get any obvious errors.
http://support.microsoft.com/kb/153119
Alan
(EE Zone Advisor)
This is a DNS problem related to matching forward and inverse records.
Security by obscurity is not security.
Security by obscurity is not security.
Having seen the domain and having checked that myself, I can confirm that that isn't the problem.
Alan
Alan
This is a DNS error:
"One or more addresses referenced by MX records do not have a matching reverse DNS entry"
"One or more addresses referenced by MX records do not have a matching reverse DNS entry"
ASKER
It is a problem because we cant send email to certain domain. Jesper, how would I fix this problem?
I take that back - I ran a lookup on the domain posted and then a reverse lookup on my Mac and got the same result, but running the same check on www.blacklistalert.org shows a problem with no Reverse DNS.
So you need to call your ISP and ask them to add Reverse DNS to your fixed IP address as mx.yourdomain.com and that should help.
If that doesn't completely resolve the issue, please have a read of my article:
https://www.experts-exchange.com/Software/Server_Software/Email_Servers/A_2427-Problems-sending-mail-to-one-or-more-external-domains.html
Alan
So you need to call your ISP and ask them to add Reverse DNS to your fixed IP address as mx.yourdomain.com and that should help.
If that doesn't completely resolve the issue, please have a read of my article:
https://www.experts-exchange.com/Software/Server_Software/Email_Servers/A_2427-Problems-sending-mail-to-one-or-more-external-domains.html
Alan
ASKER
I have called them and it took me 4 weeks to have them make add the reverse entry. Up until today if I did a reverse lookup I would get nothing but now I get this;
Server: 4.2.2.1
Address: 4.2.2.1#53
Non-authoritative answer:
Name: mx.mycompany.com
Address: 70.xx.xx.10
And thank you Alan for the advice, I was hesitant to publish but am desperate to get answers.
Server: 4.2.2.1
Address: 4.2.2.1#53
Non-authoritative answer:
Name: mx.mycompany.com
Address: 70.xx.xx.10
And thank you Alan for the advice, I was hesitant to publish but am desperate to get answers.
Just visit www.blacklistalert.org and put in your IP Address - it will be obvious that there still isn't Reverse DNS set properly or there is a DNS problem because they don't see Reverse DNS, yet I do see it on my Mac!
Alan
Alan
You can also run a command prompt nslookup on your IP Address and you should get mx.yourdomain.com returned as the result.
e.g., nslookup 70.xx.xx.10
e.g., nslookup 70.xx.xx.10
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
No-one has said it violates any security - it is just preferred by EE not to disclose such details and it isn't necessary to know such details to be able to resolve a problem like this. If the problem is Reverse DNS, then we can advise the person asking the question to go to somewhere like www.blacklistalert.org where they can put their own IP Address into the website and find out for themselves if it is set or not. Then if it isn't and they don't know how to set it, they can ask for advise and we can offer it.
I'm totally for you getting the points for this question because you pointed out about Reverse DNS 1st, and can make sure that happens if it doesn't, assuming that lack of Reverse DNS resolves the problem, despite it supposedly having been added by the ISP, which it doesn't appear they have done properly.
Alan
I'm totally for you getting the points for this question because you pointed out about Reverse DNS 1st, and can make sure that happens if it doesn't, assuming that lack of Reverse DNS resolves the problem, despite it supposedly having been added by the ISP, which it doesn't appear they have done properly.
Alan
ASKER
Per Alan's response I tried to telnet to the mail server (mx.mycompany.com). I get e response but it is from our Symantec Messaging Gateway server and not the mail server. I also ran Dig and got the following results;
C:\>dig mycomany.com
; <<>> DiG 9.9.5-W1 <<>> mycompany.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6854
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;mycompany.com. IN A
;; ANSWER SECTION:
mycompany.com. 11936 IN A 70.xxx.xxx.13
;; Query time: 0 msec
;; SERVER: 192.168.1.1#53(192.168.1.1 )
;; WHEN: Mon May 12 10:17:46 Pacific Daylight Time 2014
;; MSG SIZE rcvd: 48
C:\>dig mycompany.com MX
; <<>> DiG 9.9.5-W1 <<>> mycompany.com MX
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48911
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;mycompany.com. IN MX
;; ANSWER SECTION:
mycompany.com. 13142 IN MX 10 mx.mycompany.com.
;; Query time: 0 msec
;; SERVER: 192.168.1.1#53(192.168.1.1 )
;; WHEN: Mon May 12 10:18:16 Pacific Daylight Time 2014
;; MSG SIZE rcvd: 51
c:\
I'm not sure if this matters or not but could the problem be that some external email servers get a response from the Symantec gateway and not the email server?
C:\>dig mycomany.com
; <<>> DiG 9.9.5-W1 <<>> mycompany.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6854
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;mycompany.com. IN A
;; ANSWER SECTION:
mycompany.com. 11936 IN A 70.xxx.xxx.13
;; Query time: 0 msec
;; SERVER: 192.168.1.1#53(192.168.1.1
;; WHEN: Mon May 12 10:17:46 Pacific Daylight Time 2014
;; MSG SIZE rcvd: 48
C:\>dig mycompany.com MX
; <<>> DiG 9.9.5-W1 <<>> mycompany.com MX
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48911
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;mycompany.com. IN MX
;; ANSWER SECTION:
mycompany.com. 13142 IN MX 10 mx.mycompany.com.
;; Query time: 0 msec
;; SERVER: 192.168.1.1#53(192.168.1.1
;; WHEN: Mon May 12 10:18:16 Pacific Daylight Time 2014
;; MSG SIZE rcvd: 51
c:\
I'm not sure if this matters or not but could the problem be that some external email servers get a response from the Symantec gateway and not the email server?
That would help a lot.