1

I've got a ISPconfig 3 production server set up, running Ubuntu Server 9.04. My e-mail gets delivered ok to almost every other server I send mail to except for one (smtp.chello.nl which bounces my email). In my /var/log/mail.err I found the below error.

Sep 23 08:59:33 <MYHOSTNAME> postfix/smtp[26944]: 3DB2B1456149: to=<<RECIPIENT>@chello.nl>, relay=smtp.chello.nl[213.46.255.2]:25, delay=2, delays=0.02/0.01/1.9/0.04, dsn=5.1.0, status=bounced (host smtp.chello.nl[213.46.255.2] said: 550 5.1.0 Dynamic/Generic hostnames are blocked. Please contact your Email Provider. Your IP was <MY IP>. Your hostname was ??. (in reply to MAIL FROM command))

What could be the cause of this?

I did an SMTP check on mxtools.com and got the following:

OK - Not an open relay
OK - 0 seconds - Good on Connection time
OK - 1.482 seconds - Good on Transaction time
OK - 83.161.xx.xx resolves to a83-161-xx-xx.xxx.xxx.nl
WARNING - Reverse DNS does not match SMTP Banner

Update:
My IP is static.

Pylsa
  • 205
  • 1
  • 3
  • 9

7 Answers7

2

sometimes error messages say what they mean and mean what they say:

550 5.1.0 Dynamic/Generic hostnames are blocked

This means that your IP address is intentionally blocked by the receiver because it matches a pattern they don't want to accept email from.

The most likely reason: either your email server's IP address is in a dynamic range, or its in a range that your ISP have registered as dynamic. Is that the case? (if you didn't obscure the IP address I could have a go at checking myself, the pattern of what you did post suggests it probably is dynamic)

If that's the case then your options are limited to either moving to a proper "fixed" IP address or relaying through a smarthost at your ISP. People don't have to accept email from your server if they don't want to.

Looking at the comments, it appears you have two problems

  1. A fixed IP address but with a "generic" DNS name (e.g. abc.171.biz.def.yourisp.nl) is a 'generic' address as opposed to 'www.BloodPhilia.nl')
  2. No correct reverse lookup (PTR record) in DNS.

Assuming you can't/don't want to just forward stuff through a smarthost (e.g. you forward all your email from your server to your ISP and they send it out into the world on your behalf) then:

  • You'd need to register a domain name, if you haven't already, e.g. 'BloodPhilia.nl' and get basic DNS set up for that domain by your ISP.
  • Then get them to create an entry for your email server in DNS, e.g. both A and PTR records for 'mail.BloodPhilia.nl' pointing at the IP address of your email server.
  • Lastly, configure the email server so it identifies itself as 'mail.BloodPhilia.nl' in its banner.
Rob Moir
  • 31,664
  • 6
  • 58
  • 86
  • My IP is static and I figure it has something to do with the error that MXtools.com gives me: `WARNING - Reverse DNS does not match SMTP Banner` – Pylsa Sep 23 '10 at 09:30
  • Well that would certainly be a problem, if your reverse DNS and server banner don't match then you have an issue. I'd say you also have an issue with the DNS entry itself, it looks like a 'generic' entry to me, and the rejection message did mention that is why it was rejecting your message. – Rob Moir Sep 23 '10 at 09:32
  • So how would I go about solving this issue? – Pylsa Sep 23 '10 at 09:39
  • just added a bunch of stuff to the answer that will hopefully help. Unless you really want and need to operate your own, independant mail server then the quickest fix is probably to ask your ISP about them 'smarthosting' your email. – Rob Moir Sep 23 '10 at 10:00
  • It's all fixed now! Thanks for the effort. I changed my ISP's PTR record to the domain set in my SMTP banner and it's all good now. – Pylsa Sep 23 '10 at 13:21
2

You need to get your reverse DNS fixed.

Since you have concealed your IP, I have no way of giving useful suggestions on that count.

However, if you helo as smtp.example.com, I recommend that you have your domain name provider add an A record for smtp.example.com pointing to your IP, and get your ISP to give you reverse DNS for the same name.

$ dig outbound-us1.mailhostbox.com

; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 <<>> outbound-us1.mailhostbox.com ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16706 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION: ;outbound-us1.mailhostbox.com. IN A

;; ANSWER SECTION: outbound-us1.mailhostbox.com. 14369 IN A 70.87.28.138

;; Query time: 0 msec ;; SERVER: 172.16.140.35#53(172.16.140.35) ;; WHEN: Thu Sep 23 17:07:58 2010 ;; MSG SIZE rcvd: 62

$ dig -x 70.87.28.138

; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 <<>> -x 70.87.28.138 ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63397 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION: ;138.28.87.70.in-addr.arpa. IN PTR

;; ANSWER SECTION: 138.28.87.70.in-addr.arpa. 86385 IN CNAME 138.28.87.70.in-addr.ev1.opticaljungle.com. 138.28.87.70.in-addr.ev1.opticaljungle.com. 86385 IN PTR outbound-us1.mailhostbox.com.

;; Query time: 6 msec ;; SERVER: 172.16.140.35#53(172.16.140.35) ;; WHEN: Thu Sep 23 17:07:46 2010 ;; MSG SIZE rcvd: 138

See the A and PTR results.

Devdas
  • 737
  • 4
  • 6
1

It looks like you may have a dynamic address. Many mail servers, mine included will refuse email. Check to see if you are listed at spamhaus.org. Even if your address is not dynamic it looks enough like one to get you blocked on some servers.

If you have a dynamic address relay via your ISPs server. If not get your DNS (A record in your DNS) and rDSN (PTR record from your ISP) fixed.

Ensure your server uses the fully qualified domain name in its HELO message. Using a simple host name will get you blocked on a number of servers.

BillThor
  • 27,354
  • 3
  • 35
  • 69
1

Check your domain and IP for blacklisting; your server may be blacklisted somewhere.

Falcon Momot
  • 24,975
  • 13
  • 61
  • 92
Ahmed
  • 11
  • 1
0
  1. check you ip: http://www.mxtoolbox.com/SuperTool.aspx
  2. check mailname(cat /etc/mailname), hostname($hostname), PTR (host IPADDR). well if they match
bindbn
  • 5,153
  • 2
  • 26
  • 23
  • Could this have something to do with the error that MXtools.com gives me: `WARNING - Reverse DNS does not match SMTP Banner`? – Pylsa Sep 23 '10 at 09:32
0

Have you correctly specified a valid FQDN for your email server? Does your SMTP banner give a hostname of 'localhost.localdomain' or something similarly vague.

A quick fix sounds like it would be to either change your FQDN to that of the reverse IP, or (more appropriately) ensure your reverse DNS of your IP is the same as the FQDN you are reporting to be.

Andrew Taylor
  • 884
  • 4
  • 6
  • That will help with people who just do reverse DNS lookups, and _is_ an important step. Some people do not accept email from 'generic' host names, however, and this won't help in that case. And the question suggests this latter case is the reason for rejection here, so I think bloodphilia needs to solve both issues. – Rob Moir Sep 23 '10 at 11:46
  • But what makes it generic; if he changes his FQDN to the that of the reverse IP, he won't have a non-resolvable domain name reported by his MTA (unless he's purposefully done that, in which case nothing will help him). – Andrew Taylor Sep 24 '10 at 11:17
0

The simplest fix for this is to setup your ISP's mail server as the smarthost for your existing server.

All emails your server cannot deliver locally will be handed to the ISP's SMTP server for delivery.

http://www.howtoforge.com/postfix_relaying_through_another_mailserver

Phil Hannent
  • 675
  • 2
  • 10
  • 21