locked
Reverse DNS to exchange or spam filter? RRS feed

  • Question

  • Hi,

    I have a company running exchange 2003 envoirment. One of our users I getting NRD’s when sending to a particular domain. The error is #5.5.0 smtp;550 relay not permitted>. I can confirm that the issue is not with the recipient domain as I can send to this domain with no problem. My A records and MX records are setup correctly but I am thinking it is a reverse DNS issue which I know need to be set with the ISP but here is my question……My incoming mail comes through cloud based spam filter so my setup is that my MX record points to say myspamfilter.com and the spam filter forwards the mail to my on premise exchange. This all works fine and I know the issue is nothing to spam filter cause outgoing mail does not touch spam filter but thats just a bit of background. I ran myspamfilter.com on MX lookup and the reverse DNS resolves ok but there is a SMTP banner warning Reverse DNS does not match SMTP Banner. Do I need to set reverse DNS with my ISP to point to myspamfilter.com or directly to my exchange server. Any help would be much appricared.

    Thanks.

    Thursday, June 21, 2012 6:41 PM

Answers

  • On Thu, 21 Jun 2012 18:41:20 +0000, RainyDays84 wrote:
     
    >
    >I have a company running exchange 2003 envoirment. One of our users I getting NRD’s when sending to a particular domain. The error is #5.5.0 smtp;550 relay not permitted>. I can confirm that the issue is not with the recipient domain as I can send to this domain with no problem.
     
    Check youe SMTP protocol log and verify that your server tried to
    deliver the message to the right IP address.
     
    It wouldn't be the first time that somone's left a secondary (or
    tertiary) MX record lying around in DNS that refers to a machine that
    no longer accepts mail for the domain.
     
    If the message was directed to the correct IP address then contact the
    admin and ask why their machine(s) rejected the RCPT TO.
     
    >My A records and MX records are setup correctly but I am thinking it is a reverse DNS issue which I know need to be set with the ISP but here is my question……My incoming mail comes through cloud based spam filter so my setup is that my MX record points to say myspamfilter.com and the spam filter forwards the mail to my on premise exchange. This all works fine and I know the issue is nothing to spam filter cause outgoing mail does not touch spam filter but thats just a bit of background. I ran myspamfilter.com on MX lookup and the reverse DNS resolves ok but there is a SMTP banner warning Reverse DNS does not match SMTP Banner. Do I need to set reverse DNS with my ISP to point to myspamfilter.com or directly
    >to my exchange server. Any help would be much appricared.
     
    Your server's external IP address needs a PTR record. It really
    doesn't have to return the name that your server sends in the
    HELO\EHLO command, but it's not a bad idea if it does.
     
    ---
    Rich Matheisen
    MCSE+I, Exchange MVP
     

    --- Rich Matheisen MCSE+I, Exchange MVP
    • Marked as answer by Terence Yu Friday, June 29, 2012 3:03 AM
    Friday, June 22, 2012 2:24 AM

All replies

  • Hi,

    I have a company running exchange 2003 envoirment. One of our users I getting NRD’s when sending to a particular domain. The error is #5.5.0 smtp;550 relay not permitted>. I can confirm that the issue is not with the recipient domain as I can send to this domain with no problem. My A records and MX records are setup correctly but I am thinking it is a reverse DNS issue which I know need to be set with the ISP but here is my question……My incoming mail comes through cloud based spam filter so my setup is that my MX record points to say myspamfilter.com and the spam filter forwards the mail to my on premise exchange. Outgoing mail does not use smart host. This all works fine and I know the issue is nothing to spam filter cause outgoing mail does not touch spam filter but thats just a bit of background. I ran myspamfilter.com on MX lookup and the reverse DNS resolves ok but there is a SMTP banner warning Reverse DNS does not match SMTP Banner. Do I need to set reverse DNS with my ISP to point to myspamfilter.com or directly to my exchange server. Any help would be much appricared.

    Thanks.

    • Merged by Chester Hong Monday, June 25, 2012 5:23 AM duplicate
    Thursday, June 21, 2012 6:38 PM
  • On Thu, 21 Jun 2012 18:41:20 +0000, RainyDays84 wrote:
     
    >
    >I have a company running exchange 2003 envoirment. One of our users I getting NRD’s when sending to a particular domain. The error is #5.5.0 smtp;550 relay not permitted>. I can confirm that the issue is not with the recipient domain as I can send to this domain with no problem.
     
    Check youe SMTP protocol log and verify that your server tried to
    deliver the message to the right IP address.
     
    It wouldn't be the first time that somone's left a secondary (or
    tertiary) MX record lying around in DNS that refers to a machine that
    no longer accepts mail for the domain.
     
    If the message was directed to the correct IP address then contact the
    admin and ask why their machine(s) rejected the RCPT TO.
     
    >My A records and MX records are setup correctly but I am thinking it is a reverse DNS issue which I know need to be set with the ISP but here is my question……My incoming mail comes through cloud based spam filter so my setup is that my MX record points to say myspamfilter.com and the spam filter forwards the mail to my on premise exchange. This all works fine and I know the issue is nothing to spam filter cause outgoing mail does not touch spam filter but thats just a bit of background. I ran myspamfilter.com on MX lookup and the reverse DNS resolves ok but there is a SMTP banner warning Reverse DNS does not match SMTP Banner. Do I need to set reverse DNS with my ISP to point to myspamfilter.com or directly
    >to my exchange server. Any help would be much appricared.
     
    Your server's external IP address needs a PTR record. It really
    doesn't have to return the name that your server sends in the
    HELO\EHLO command, but it's not a bad idea if it does.
     
    ---
    Rich Matheisen
    MCSE+I, Exchange MVP
     

    --- Rich Matheisen MCSE+I, Exchange MVP
    • Marked as answer by Terence Yu Friday, June 29, 2012 3:03 AM
    Friday, June 22, 2012 2:24 AM