SMTP communication problem (RDNS Reverse DNS)

Discussion in 'Windows Small Business Server' started by Greg Salyer, Jul 14, 2008.

  1. Greg Salyer

    Greg Salyer Guest

    There was a SMTP communication problem with the recipient's email server.
    Please contact your system administrator.

    < #5.5.0 smtp;554
    <[]>: Client host rejected:
    Please use SMTP relay of your ISP or setup non-generic DNS>

    I get this when I try to email to craigslist emails. I think it has to do
    with reverse dns. How do I setup my SBS 2003 server to handle this
    correctly? I have a static IP ( that runs the SBS. It receives
    email for the following domains
    Greg Salyer, Jul 14, 2008
    1. Advertisements

  2. Greg Salyer

    Greg Salyer Guest

    How can I get the rdns to state it is from my domain (

    Greg Salyer, Jul 15, 2008
    1. Advertisements

  3. Greg Salyer

    Joe Guest

    Except that pretty well all the blacklists will automatically include
    generic-type PTRs such as the OP's. I do it a different way, I look for
    generic 'hostnames' in PTR and/or HELO and refuse them, but it comes to
    the same thing.

    There really is no substitute for an ISP that knows something about the
    Internet, and has an interest in keeping its customers. The big boys
    couldn't give a damn about one account in hundreds of thousands.

    I have a customer with a static IP address on a 'business' account with
    my country's monopoly telecoms provider, and because it returns a
    generic PTR, he can't send email. He's on SORBS, among others, who
    publicly state this as a policy.
    Joe, Jul 15, 2008
  4. I have to disagree with this. MOST blacklists do *not* include generic PTR
    records. As you stated, the big boys have thousands of customers. If
    blacklist managers like spamcop and spamhaus started rejecting mail simply
    because the PTR record was generic, you'd see this newsgroup LIT UP with
    problems. There are also small businesses that use completely hosted (and
    shared) services. If you get a shared 1&1 account, for example, your email
    server is also the email server for dozens, or even hundreds of other
    domains. It is *impossible* to set a PTR record to match the domain in this
    case, because the server itself services multiple domains. Legitimately
    even. There are plenty of reasons for a PTR record to mismatch, and blaming
    the ISP or implying that they are uncooperative is, IMHO, inaccurate and
    could be misleading.

    What *is* increasingly common is small businesses using DYNAMIC ip
    addresses. And companies like Comcast have recently been submitting those
    lists to the major blacklist providers because hosting a business server on
    a residential account is specifically breaking terms of service. Of course
    the current practice to 'get around' this is to use a smarthost like DynDNS.
    But that practice too will soon come under scrutiny. Comcast has been, for
    some time, playing with protocol analysis...currently to scale bit-torrent
    traffic, but soon to find and target account abuse. :/ Sorry to say.

    But at any rate, it is *rarely* necessary for the PTR record to match the
    sending domain.

    Cliff Galiher, Jul 16, 2008
  5. Greg Salyer

    stephen Guest

    Generic rDNS can be scored negatively in email policy checks on
    individual mail servers, not necessarily listed in block lists.

    The PTR record doesn't need to match the sending domain (impossible as
    Cliff points out), but it can match the A record of the HELO string of
    the connecting server. This is sometimes taken into account on email
    policy checks and can help detect forgeries. Messages may not be
    immediately rejected, but the result can count in an overall score used
    to determine if the mail gets through.

    However, the checks against generic rDNS are just to ensure that the
    mail server administrator has made the effort to get a customized DNS
    record (i.e not one with an IP address embedded etc.). This customized
    address can be anything. If you have a static IP from a decent ISP, they
    will usually customize the PTR record on your behalf or allow you to do
    so yourself. If you can't get a customized PTR, you should use a smarthost.

    If you are getting a customized PTR for your connecting IP, you should
    make it match the HELO string of your mail server, for example, the A
    record for should point to your outbound IP, the PTR
    for this IP should be, and you should set the FQDN in
    the SMTP connector to to set the HELO greeting the same.

    Please note that none of this is anything to do with MX records as they
    are for *inbound* mail. Your MX record may point to,
    but it may also point to an external relay such as messagelabs or
    exchange defender.
    stephen, Jul 16, 2008
  6. Greg Salyer

    Joe Guest

    Since you mention 1&1, they use SORBS and hence will not accept mail
    from an IP address with a generic PTR. This was the case I mentioned:
    1&1 won't accept mail from a BT business account with a static IP
    address, because of the dodgy PTR. The BT account owner could of course
    use Yahoo, as advised by their partner BT, which does not offer a
    smarthost on this 'business' service.
    Mine doesn't. But it is a proper hostname, actually a sub-domain of my
    ISP, with a matching A record in public DNS.
    Joe, Jul 16, 2008
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.