none
SMTP Reverse DNS Mismatch

    Question

  • Hello I am using Exchange server 2007.

    I am not able to send mails to few domains.
    for example yahoo  rediff no issues but with hotmail i am not able to send or receive.

    In mxtoolbox i have checked my exchange server ip address for blacklists.
    I am getting 4 timeouts.
    and also i am getting SMTP Reverse DNS Mismatch.
    Please do refer attachment.

    Is it issue with configuration or my exchange server is blacklisted.
    If it is blacklisted what is procedure to remove my server ip from blacklist



    Wednesday, January 09, 2013 9:56 AM

All replies

  • Have you created a PTR record on the external DNS server pointing back to your server.

    Sukh

    Wednesday, January 09, 2013 10:04 PM
  • "Most SMTP servers will accept your mail if you simply have a reverse DNS entry.  It does not have to match the domain name on your e-mail address.  Some SMTP servers will reject mail if the reverse DNS doesn't match the HELO/EHLO hostname used in the connection.  If your mail server's hostname is mail.example.com then your reverse DNS, MX record, HELO/EHLO, and SMTP greeting banner should all be mail.example.com as well."

    From:

    http://serverfault.com/questions/24943/reverse-dns-how-to-correctly-configure-for-smtp-delivery

    ----

    If you look at your Send Connector, General Tab (Organization level, HT), what do you have for the HELO/EHLO setting?

    If I recall correctly, that should match the target of your reverse DNS record, i.e.

    11.22.33.44 -> mail.contoso.com 

    http://2.bp.blogspot.com/_8cKJgEQ3LNM/SsHQap_Q67I/AAAAAAAAAAM/OegrQW5txx4/s320/sendconnector.png

    IP address in the PTR record should match the one used to send mail from your organization, either that of your mail server or, more likely, that of the external port on your firewall (if you use 1 to 1 NAT).


    Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you.



    Wednesday, January 09, 2013 10:13 PM
  • Oh yes, timeout does not indicate you are on a blacklist. I have not tried recently, but I believe I too have timeouts against a certain number of these websites.

    Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you.

    Wednesday, January 09, 2013 10:14 PM
  • I have checked for smtp on the website dns queries , i am getting this errors.

    I am using exchange server 2007. please guide me to resolve this issue ASAP

    Thursday, January 10, 2013 9:47 AM
  • I have checked for smtp on the website dns queries , i am getting this errors.

    I am using exchange server 2007. please guide me to resolve this issue ASAP

    Thursday, January 10, 2013 9:47 AM
  • As mentioned before it seems like you have not created the PTR record?

    Sukh

    Thursday, January 10, 2013 9:55 AM
  • Do guide me where to create the pointer record and how to create. In my exchange 2007 server or at the ISP DNS.

    Thursday, January 10, 2013 4:46 PM
  • Please contact your ISP and ask them to create a PTR record for you. Not something you create on your Exchange server.

    Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you.

    Thursday, January 10, 2013 6:10 PM
  • Sorry forgot that bit, has to be done on your external DNS and if you manage your external DNS then you can create it yourself.

    It's all in that KB anyway.


    Sukh

    Thursday, January 10, 2013 6:22 PM
  • Hello

    I spoke with the ISP and they said that the PTR record is available.

    I am getting mails from some domains and from some domains i am not getting.

    any configuration that i should do on my exchange.

    Please guide me

    Friday, January 11, 2013 4:14 AM
  • Have confirmed and actually seen how it has been setup and does it match your external IP?

    Sukh

    Friday, January 11, 2013 10:11 AM
  • Yes, have you ever used nslookup?

    http://support.microsoft.com/kb/200525?wa=wsignin1.0

    ----------------------

    Here's an example (slight edited):

    [PS] C:\>nslookup
    Default Server:  DC1.mynet.lan
    Address:  10.0.0.10

    > set q=ptr
    > 11.20.30.15
    Server:  DC1.mynet.lan
    Address:  10.0.0.10

    Non-authoritative answer:
    11.20.30.15.in-addr.arpa        name = mail.my-domain-here.net

    ------------------------------

    In case you are wondering, these commands are equivalent:

    set q=ptr

    set type=ptr

    set querytype=ptr

    -----------------------------

    Anyway...

    1. the IP address configured by your ISP for your PTR record should match the external interface (mailserver or firewall) from which email is sent to the outside world.

    2. The domain name shown by the PTR query should be what is indicated on the general tab of the Send Connector properties (HELO/EHLO setting). 


    Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you.



    Friday, January 11, 2013 2:14 PM
  • i have checked nslookup. i dont see any issues 

    can you send me your email id i will forward you the domain name 

    Saturday, January 12, 2013 9:46 AM
  • Can you post the ndr when you send? & turn up protocol logging on the send connector?c

    Sukh

    Saturday, January 12, 2013 12:21 PM