Reverse DNS Question

Mr E · 08-08-2005 1:14pm #1

Hi folks... quick question...

A colleague of mine tried sending an email to a customer, and got the following message (IP and domain masked):

You do not have permission to send to this recipient. For assistance, contact your system administrator.
<ntsrv01.XXXXX.LOC #5.7.1 smtp;550 5.7.1 This system is configured to reject mail from 100.200.300.400 (DNS reverse lookup failed)>

I understand what happened from a technical standpoint (the recipient server did a reverse dns lookup on our website, saw that it didn't match the IP of the exchange server). I want to know what can be done to fix it? The website is hosted with an Irish company (and has one IP address), and our exchange server is in-house here (with a completely different IP address).

What do I need to do for a reverse DNS lookup to succeed in this situation?

Thanks in advance...

Sponge Bob · 08-08-2005 1:35pm

set exchange to allow relay from your internal ip address range at all times or iuse smtp auth or both . where is the colleague physically located ?

Mr E · 08-08-2005 1:48pm

She is located in the office here next to me (so she would be using our exchange server). The customer is in South Africa.

How do you set exchange to allow relay?

ntlbell · 08-08-2005 7:08pm

TmB wrote:

She is located in the office here next to me (so she would be using our exchange server). The customer is in South Africa.

How do you set exchange to allow relay?

Doesn't look like a relay issue to me, I think Bob has misunderstood what has happened, nor has it anything to do with a "website"

is your exchange server internet facing? (is it on an external ip address)

for example say your web site is www.exchangeisapos.com ip 1.2.3.4

and your exchange server sits on smtp.exchangeisapos.com

the DNS check is done on the address of the mail server not your "website"

so my guess is you need an RDNS entry for smtp.exchangeisapos.com

or if your relay exchange out through a sendmail box for example sendmail.exchangeisapos.com the the RDNS needs to be for that.

bloke · 08-08-2005 7:16pm

I'm presuming you have a set of public IP addresses, one of which is your exchange server, supplied by your ISP.

Simply contact your ISP and request that they check forward and reverse DNS is configured correctly for the IP & hostname(s) assigned to your exchange server.

Mr E · 09-08-2005 9:56am

Thats interesting, actually. I had a look at our domain config.

We have a custom A record for mail.companyname.com pointing at our exchange IP address. We also have a custom MX record for companyname.com pointing at mail.companyname.com.

So is something set up wrong?

Sponge Bob · 09-08-2005 10:43am

in the internet connector you can set relaying so that all internal IP addresses can sentd mail ....because they are internal , eg your ip addresss is 192.168.10.16 so you set network 192.168.10.0 as authorised to send.

the server is , say 192.168.10.68 so the internal dns (A and MX) should be consistent but you appear to have noted correctly that

1. A record is mail.companyname.com 192.168.10.xxx

2. MX is for companyname.com is alos 192.168.10.xxx (MX for companyname.com points to mail.companyname.com thats because the MX is for all mail to the domain companyname.com not all mail to mail.companyname.com

nevertheless you may have to check the properties for the internet mail connnector on the exchange server to ensure that the 192.168.10.0 range is allowed to relay without authentication.

TimTim · 09-08-2005 10:47am

You'd have to call your ISP or whoever provides the IP block you are using and ask them to setup PTR records for your domain and tell them its because your mail is being rejected as it doesn't have a reverse DNS entry.

The technical thing is IN ARPA or something like that.

cgarvey · 09-08-2005 12:03pm

Yup TimTim and ntlbell have it.. you just need to have your IP provider (your ISP presumably) add a PTR record ("reverse dns") for your exchange server's external IP.

ntlbell · 09-08-2005 12:46pm

TmB wrote:

Thats interesting, actually. I had a look at our domain config.

We have a custom A record for mail.companyname.com pointing at our exchange IP address. We also have a custom MX record for companyname.com pointing at mail.companyname.com.

So is something set up wrong?

That's fine as these are your forwards not reverse.

if you look after your own DNS both forward and reverse you can just add a PTR record and like others have said if you don't just ask your ISP to do it for you.

Sponge Bob · 09-08-2005 2:06pm

'your isp' is whoever hosts the domain companyname.com in this case

ntlbell · 09-08-2005 2:12pm

Sponge Bob wrote:

'your isp' is whoever hosts the domain companyname.com in this case

Uhm no.

the domain could be hosted by blacknight soloutions, but they have no control over PTR's for his office's network conectivity, where the actuall exchange server is.

so in this case the isp is who ever has assigned him his ip scope for his office network conectivity (external address's)

who ever hosts usually has control of forward unless he has the domain pointed at his own name server's.

so in this case "your isp" is your ip bandwith provider.

Sponge Bob · 09-08-2005 2:37pm

/me bad

if the exchange server is on a fixed external ip then the provider of the fixed Ip must set up the reverse , thats correct

Reverse DNS Question

Comments