1

I'm trying to fix a problem with mailing in a VPS.

This VPS has only one public IP address and 5 domains hosted. The DNS (Bind) have the 5 different zones configured, every zone has an mx entry to mail.domainX.com and a A entry with mail.domainX.com referencing to the VPS IP public address.

The problem with the email appear when users from one of the domains try to send mails to people who have @microsofot.com e-mail address. About 20% of e-mails sent to that addresses are rejected with this error:

Diagnostic information for administrators:

Generating server:  <http://bigfish.com> bigfish.com

adress@domainX.com
#550 4.4.7 QUEUE.Expired; message expired ##

Investigating about this code error i read that is produced because reverse dns of the public IP don't resolve the name mail.domainX.com. Really it resolves this:

vpsname.myISP.com.333.222.111.in-addr.arpa.

I think in two possibles solutions for this:

1- Create a new zone in the VPS called 333.222.111.in-addr.arpa. and then add an PTR entry for every domain hosted in the VPS with the public IP, for example: mail.domainX.com. Note: I know this is not recommended and would bring me troubles in the future.

2- Change the MX entry in every zone and point it to vpsname.myISP.com. This would make that DNS and reverse DNS match. Note: I don't know if this is possible or will work without problems.

Which option would be better to fix this issue? Is there a better option?

Thanks.


Important note: I'm trying to fix this problem by myself because when i ask for help to my ISP they doesn't know how to fix this(!). Obviously i will will change my ISP in the future by i need to resolve this ASAP.

Juan
  • 119
  • 1
  • 2
  • 10

5 Answers5

1

The 'reverse DNS' check is usually done against the hostname provided by your MTA with the smtp HELO command. So, configuring your MTA so that it uses vpsname.myISP.com to present itself should be enough. If you use Postfix the smtp_helo_name directive should do it.

For Exim you may want to read When exim4 sends HELO/EHLO, how do I configure which host name it sends? .

S19N
  • 1,693
  • 1
  • 17
  • 28
  • 2
    This answer is __wrong__! The reverse DNS check is done against the IP where the connection comes from. The HELO/EHLO checks verify that the name provided equals the hostname. Additionally the hostname has to match the reverse DNS name. – mailq Jan 07 '12 at 17:09
  • I meant that the hostname provided with HELO has to match the one returned by the reverse DNS query. The element on which the 'reverse IP resolution' is done was already clear in the question so I didn't repeat it. Improvable indeed, but I wouldn't say wrong. – S19N Jan 07 '12 at 19:56
  • "the hostname provided with HELO has to match the one returned by the reverse DNS query" - lie! RTFM RFCs again. FQDN in EHLO **must** be **resolvable**! Period – Lazy Badger Jan 07 '12 at 22:40
1
  1. If you create own reverse-zone for /24 net, it will do nothing - nobody delegate you this zone for free (and old zone from old location will be used). JFYI - delegation of /32 just not doable

  2. Second solution is more usable, with one note - you can use any hostname for common MX and ask hoster to change reverse-record into your name, because anyway hostmaster must fix definition, even current

vpsname.myISP.com.333.222.111.in-addr.arpa. is bad name and result of missed dot after hostname vpsname.myISP.com in zone file (thus, $ORIGIN added to name)

Lazy Badger
  • 3,067
  • 14
  • 13
1

Option 1 won't work. Option 2 wont' work until the PTR record is corrected as noted by @Lazy Badger.

Follow these steps:

  • pick one domain for the MX and get the PTR record set to point to the domain name you are using as the MX (mail.example.com.) You could use vpsname.myISP.com as your MX if you get them to fix the PTR record, and there is an A record for vpsname.myISP.com pointing to that IP.
  • Configure EXIM to identify itself as the name you chose for your MX.
  • Point all the domains to use the chosen MX and configure EXIM to treat these domains as local.
  • Optionally, configure virtual domains in EXIM for some or all of the domains.
  • Ensure the postmaster address works for all your domains.
BillThor
  • 27,354
  • 3
  • 35
  • 69
0

If you put SPF records in place on all the domains in question, you can then specify the FQDN of the sending server as an allowed sender for that domain. Most filters honor SPF records these days so this would be the best place to start.

You definitely don't need the MX record and the reverse DNS address to match, think of how Google Apps works as a large scale example!

Try here for a wizard to generate you an SPF record.

You do however need your mail server to introduce itself as the same FQDN as it's reverse DNS, which is usually done by setting the server ehlo/helo response in that specific MTA.

SimonJGreen
  • 3,195
  • 5
  • 30
  • 55
0

One resolve for the Exchange Error 550 is :

Start Exchange System Manager (ESM) and go to the SMTP virtual server currently used. Select 'Properties'-> 'Access'-> 'Relay'. Now, check if the "Allow computers which successfully authenticate to relay" option is enabled.

If this does not help, and the case is of Exchange Database corruption, then go for a third party Exchange Server Repair tool.

Jenny
  • 1