Solved

554 .5.7.1 Reverse DNS lookup failed.

Posted on 2014-11-04
8
1,126 Views
Last Modified: 2014-11-05
I got the following error while sending emails to a particular customer:

554.5.7.1 Connection rejected. Reverse DNS lookup failed. Sending IP address does not match existing 'A', 'AAAA' or 'PTR' record. Connection to host lost.

I do have two Reverse DNS records set up in my ISP:
173.210.10.114  mail.mydomain.com
173.210.10.115  mail.mydomain.com

The A record for my mail server is :
mail.mydomain.com  173.210.10.114

Can you tell what causes my mails being rejected?
Thanks.
0
Comment
Question by:Castlewood
  • 2
  • 2
  • 2
  • +1
8 Comments
 

Expert Comment

by:Lime Sparx
Comment Utility
How long has it been since you had the revDNS record set up?  It could be that it hasn't propagated to your client's DNS sources yet.

*sparx*
0
 
LVL 9

Accepted Solution

by:
stu29 earned 167 total points
Comment Utility
What IP address does your mail leave your network on?  Does it match one of your reverse IP's?
0
 
LVL 39

Expert Comment

by:footech
Comment Utility
I think stu29 is on the right track.  If your mail is leaving from the .115 IP, then your A record doesn't match up.  You would either need to create another A record for mail.mydomain.com to point to that IP (and make sure you can accept mail sent to that IP), or adjust your PTR record to use another name, and then create a matching A record.
0
 

Author Comment

by:Castlewood
Comment Utility
"What IP address does your mail leave your network on? "
How to tell? Is there any way to tell?
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 

Assisted Solution

by:Lime Sparx
Lime Sparx earned 166 total points
Comment Utility
Send an email to an outside email address and then examine the headers in that email for the IP address that your mail server used to send it.
0
 
LVL 9

Expert Comment

by:stu29
Comment Utility
If this IP address turn out to be different from your RDNS records, you should create an outbound NAT rule on your firewall to force your mail traffic out one of those IP addresses.  This way your originating and reverse IP's will match and should cure this issue for you.
0
 

Author Comment

by:Castlewood
Comment Utility
Just figured that we use port forwarding via the Cisco ASA whose IP is .114 -- which is the IP to receive mail and is the IP the A record mail.mydomain.com points to. The Exchange server IP is .115 and it is the IP our mail is leaving from. So far the solutions suggested are:
1. (per footech) Skip port forwarding and directly use .115 to receive mails. And create another A record and PTR to match this IP.
2. (per footech) still use port forwarding and IP .114 to receive mail. But simply change PTR for .115 and also create an A record, say server1.mydomain.com for .115.
  Do you think this will work since the receiving and sending are through different IP?
3. (per stu29) create an outbound NAT rule on ASA to force mail traffic out from .114 instead of .115.
  Can you tell me how to do this?
0
 
LVL 39

Assisted Solution

by:footech
footech earned 167 total points
Comment Utility
#2 is probably easiest to implement.
2. Yes that is perfectly fine.  It is no problem to send and receive through different IPs, the records just have to match up.  One other thing, it's good practice to have your SMTP banner match to the same name that you use in the PTR and matching A record.  Most servers don't block you when there's a mismatch, but some do.
0

Featured Post

Don't lose your head updating email signatures!

Do your end users still have the wrong email signature? Do email signature updates bore you or fill you with a sense of dread? You can make this a whole lot easier on yourself by trusting an Exclaimer email signature management solution. Over 50 million users do...so should you!

Join & Write a Comment

"Migrate" an SMTP relay receive connector to a new server using info from an old server.
Not sure what the best email signature size is? Are you worried about email signature image size? Follow this best practice guide.
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
how to add IIS SMTP to handle application/Scanner relays into office 365.

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now