554 .5.7.1 Reverse DNS lookup failed.

Posted on 2014-11-04
Last Modified: 2014-11-05
I got the following error while sending emails to a particular customer:

554.5.7.1 Connection rejected. Reverse DNS lookup failed. Sending IP address does not match existing 'A', 'AAAA' or 'PTR' record. Connection to host lost.

I do have two Reverse DNS records set up in my ISP:

The A record for my mail server is :

Can you tell what causes my mails being rejected?
Question by:Castlewood
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +1

Expert Comment

by:Lime Sparx
ID: 40422062
How long has it been since you had the revDNS record set up?  It could be that it hasn't propagated to your client's DNS sources yet.


Accepted Solution

stu29 earned 167 total points
ID: 40422218
What IP address does your mail leave your network on?  Does it match one of your reverse IP's?
LVL 40

Expert Comment

ID: 40422311
I think stu29 is on the right track.  If your mail is leaving from the .115 IP, then your A record doesn't match up.  You would either need to create another A record for to point to that IP (and make sure you can accept mail sent to that IP), or adjust your PTR record to use another name, and then create a matching A record.
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.


Author Comment

ID: 40422985
"What IP address does your mail leave your network on? "
How to tell? Is there any way to tell?

Assisted Solution

by:Lime Sparx
Lime Sparx earned 166 total points
ID: 40423030
Send an email to an outside email address and then examine the headers in that email for the IP address that your mail server used to send it.

Expert Comment

ID: 40423789
If this IP address turn out to be different from your RDNS records, you should create an outbound NAT rule on your firewall to force your mail traffic out one of those IP addresses.  This way your originating and reverse IP's will match and should cure this issue for you.

Author Comment

ID: 40424217
Just figured that we use port forwarding via the Cisco ASA whose IP is .114 -- which is the IP to receive mail and is the IP the A record points to. The Exchange server IP is .115 and it is the IP our mail is leaving from. So far the solutions suggested are:
1. (per footech) Skip port forwarding and directly use .115 to receive mails. And create another A record and PTR to match this IP.
2. (per footech) still use port forwarding and IP .114 to receive mail. But simply change PTR for .115 and also create an A record, say for .115.
  Do you think this will work since the receiving and sending are through different IP?
3. (per stu29) create an outbound NAT rule on ASA to force mail traffic out from .114 instead of .115.
  Can you tell me how to do this?
LVL 40

Assisted Solution

footech earned 167 total points
ID: 40424355
#2 is probably easiest to implement.
2. Yes that is perfectly fine.  It is no problem to send and receive through different IPs, the records just have to match up.  One other thing, it's good practice to have your SMTP banner match to the same name that you use in the PTR and matching A record.  Most servers don't block you when there's a mismatch, but some do.

Featured Post

Edgartown IT Case Study

Learn about Edgartown's quest to ensure the safety and security of the entire town's employee and citizen data. Read the case study!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How to update GAL in O365? 4 33
Hybrid Exchange 6 29
DNS Record Manupluation 11 44
Exchange 2013 - Receiving Mail for 2 different Domains 4 13
Lotus Notes – formerly IBM Notes – is an email client application, while IBM Domino (earlier Lotus Domino) is an email server. The client possesses a set of features that are even more advanced as compared to that of Outlook. Likewise, IBM Domino is…
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question