Dear All Greetings,
i am admin for ISP two years now, relay emails for more than 300 companies (CentOS/Postfix). Relaying more than 10,000 messages every hours successfully. no one has ever compliant for non delivery. but i cannot relay to this domain. The servers responsible for accepting messages are rejecting. i have given the whole log for experts to monitor.
it is something out of control, because it is not my problem. Our server has all record created (A,MX,PTR,SPF etc). i have three relay hosts fully functional. destination server is not accepting from any relay host.
can anyone try from his server and see if it is deliverable to ray@tata-nigeria.com
Thanks / Regards Prabhpal S. Mavi
Apr 12 11:06:00 titan postfix/qmgr[11860]: C3C142E4012: from=****@digital-infotech.net, size=1391, nrcpt=1 (queue active) Apr 12 11:06:02 titan postfix/smtp[12039]: C3C142E4012: host mx2.servershost.net[205.234.223.160] said: 450 4.1.7 ****@digital-infotech.net: Sender address rejected: unverified address: host mail.digital-infotech.net[41.211.25.193] said: 450 4.7.1 Client host rejected: cannot find your hostname, [205.234.223.198] (in reply to RCPT TO command) (in reply to RCPT TO command) Apr 12 11:06:03 titan postfix/smtp[12039]: C3C142E4012: to=ray@tata-nigeria.com, relay=mx3.servershost.net[66.225.214.101]:25, delay=1381, delays=1377/0.03/3.4/0.31, dsn=4.1.7, status=deferred (host mx3.servershost.net[66.225.214.101] said: 450 4.1.7 ****@digital-infotech.net: Sender address rejected: unverified address: host mail.digital-infotech.net[41.211.25.193] said: 450 4.7.1 Client host rejected: cannot find your hostname, [205.234.223.198] (in reply to RCPT TO command) (in reply to RCPT TO command))
Thanks / Regards Prabhpal S. Mavi
Hi,
On Thu, Apr 12, 2012 at 2:29 PM, Prabhpal S. Mavi prabhpal@digital-infotech.net wrote:
it is something out of control, because it is not my problem. Our server has all record created (A,MX,PTR,SPF etc). i have three relay hosts fully functional. destination server is not accepting from any relay host.
Looking at the error msg briefly I think the problem is with the DNS records:
rejected: cannot find your hostname, [205.234.223.198] (in reply to RCPT TO command) (in reply to RCPT TO command))
$ host 205.234.223.198 198.223.234.205.in-addr.arpa domain name pointer mx4.servershost.net.
$ host mx4.servershost.net mx4.servershost.net has address 66.225.237.241
As you can see the DNS resolves to different IP address than given by the PTR record. Some email systems consider this as an indication of a misconfigured mail server (spam sending attempt) and refuse to relay.
Best, Peter
Dear Peter,
Thanks for your swift response, well diagnosed.
my_server=mail.digital-infotech.net (sending) destination=mx4.servershost.net (receiving)
I feel that part of log [host mail.digital-infotech.net[41.211.25.193] said: 450 4.7.1 Client host rejected:cannot find your hostname, [205.234.223.198]
is logged by my server, perhaps it is receiving bounce back. because if my server is sending mail, it don't have to perform any look up expect MX.
The DNS record problem is with receiver server not sender. why receiver said [Sender address rejected: unverified address]. this is what i have problem with. Kindly advice ....
Thanks / Regards
Hi,
On Thu, Apr 12, 2012 at 2:29 PM, Prabhpal S. Mavi prabhpal@digital-infotech.net wrote:
it is something out of control, because it is not my problem. Our server has all record created (A,MX,PTR,SPF etc). i have three relay hosts fully functional. destination server is not accepting from any relay host.
Looking at the error msg briefly I think the problem is with the DNS records:
rejected: cannot find your hostname, [205.234.223.198] (in reply to RCPT TO command) (in reply to RCPT TO command))
$ host 205.234.223.198 198.223.234.205.in-addr.arpa domain name pointer mx4.servershost.net.
$ host mx4.servershost.net mx4.servershost.net has address 66.225.237.241
As you can see the DNS resolves to different IP address than given by the PTR record. Some email systems consider this as an indication of a misconfigured mail server (spam sending attempt) and refuse to relay.
Best, Peter _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Thanks / Regards Prabhpal S. Mavi
On 04/12/12 4:35 AM, Peter Peltonen wrote:
$ host 205.234.223.198 198.223.234.205.in-addr.arpa domain name pointer mx4.servershost.net.
$ host mx4.servershost.net mx4.servershost.net has address 66.225.237.241
As you can see the DNS resolves to different IP address than given by the PTR record. Some email systems consider this as an indication of a misconfigured mail server (spam sending attempt) and refuse to relay.
except, thats the receiving server, and it shouldn't be rejecting itself.
$ host -t MX tata-nigeria.com tata-nigeria.com mail is handled by 30 mx4.servershost.net. tata-nigeria.com mail is handled by 10 mx2.servershost.net. tata-nigeria.com mail is handled by 20 mx3.servershost.net. $ host mx4.servershost.net mx4.servershost.net has address 66.225.237.241
the host is probably dualhomed, and that 66 IP matches the reverse...
$ host 66.225.237.241 241.237.225.66.in-addr.arpa domain name pointer mx4.servershost.net.
servershost.net appears to be a US based hosting company, yet their WHOIS data is shrouded, and they dont have any websites at that domain name, further http://rbls.org/servershost.net says they are broken, and have no postmaster or abuse alias as required by the internet RFCs.
Dear John,
Thanks for your response. good information provided. Thanks / Regards
On 04/12/12 4:35 AM, Peter Peltonen wrote:
$ host 205.234.223.198 198.223.234.205.in-addr.arpa domain name pointer mx4.servershost.net.
$ host mx4.servershost.net mx4.servershost.net has address 66.225.237.241
As you can see the DNS resolves to different IP address than given by the PTR record. Some email systems consider this as an indication of a misconfigured mail server (spam sending attempt) and refuse to relay.
except, thats the receiving server, and it shouldn't be rejecting itself.
$ host -t MX tata-nigeria.com tata-nigeria.com mail is handled by 30 mx4.servershost.net. tata-nigeria.com mail is handled by 10 mx2.servershost.net. tata-nigeria.com mail is handled by 20 mx3.servershost.net. $ host mx4.servershost.net mx4.servershost.net has address 66.225.237.241
the host is probably dualhomed, and that 66 IP matches the reverse...
$ host 66.225.237.241 241.237.225.66.in-addr.arpa domain name pointer mx4.servershost.net.
servershost.net appears to be a US based hosting company, yet their WHOIS data is shrouded, and they dont have any websites at that domain name, further http://rbls.org/servershost.net says they are broken, and have no postmaster or abuse alias as required by the internet RFCs.
-- john r pierce N 37, W 122 santa cruz ca mid-left coast
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Thanks / Regards Prabhpal S. Mavi
On 12.4.2012 13:29, Prabhpal S. Mavi wrote:
Dear All Greetings,
i am admin for ISP two years now, relay emails for more than 300 companies (CentOS/Postfix). Relaying more than 10,000 messages every hours successfully. no one has ever compliant for non delivery. but i cannot relay to this domain. The servers responsible for accepting messages are rejecting. i have given the whole log for experts to monitor.
it is something out of control, because it is not my problem. Our server has all record created (A,MX,PTR,SPF etc). i have three relay hosts fully functional. destination server is not accepting from any relay host.
can anyone try from his server and see if it is deliverable to ray@tata-nigeria.com
Thanks / Regards Prabhpal S. Mavi
Apr 12 11:06:00 titan postfix/qmgr[11860]: C3C142E4012: from=****@digital-infotech.net, size=1391, nrcpt=1 (queue active) Apr 12 11:06:02 titan postfix/smtp[12039]: C3C142E4012: host mx2.servershost.net[205.234.223.160] said: 450 4.1.7 ****@digital-infotech.net: Sender address rejected: unverified address: host mail.digital-infotech.net[41.211.25.193] said: 450 4.7.1 Client host rejected: cannot find your hostname, [205.234.223.198] (in reply to RCPT TO command) (in reply to RCPT TO command) Apr 12 11:06:03 titan postfix/smtp[12039]: C3C142E4012: to=ray@tata-nigeria.com, relay=mx3.servershost.net[66.225.214.101]:25, delay=1381, delays=1377/0.03/3.4/0.31, dsn=4.1.7, status=deferred (host mx3.servershost.net[66.225.214.101] said: 450 4.1.7 ****@digital-infotech.net: Sender address rejected: unverified address: host mail.digital-infotech.net[41.211.25.193] said: 450 4.7.1 Client host rejected: cannot find your hostname, [205.234.223.198] (in reply to RCPT TO command) (in reply to RCPT TO command))
Thanks / Regards Prabhpal S. Mavi
I think the destination server is trying a callback verification http://en.wikipedia.org/wiki/Callback_verification but that fails because your server is doing checks as described in http://en.wikipedia.org/wiki/FCrDNS
$ host 205.234.223.198 198.223.234.205.in-addr.arpa domain name pointer mx4.servershost.net. $ host mx4.servershost.net. mx4.servershost.net has address 66.225.237.241
Dear Markus Falb
Thanks for your response,
i know these commands but if you will carefully look into logs, you will notice that my server is sending mail not receiving. therefor it has nothing to do with their PTR weather it is correct or in correct. that is according to the logic. anyways
Thanks / Regards
On 12.4.2012 13:29, Prabhpal S. Mavi wrote:
Dear All Greetings,
i am admin for ISP two years now, relay emails for more than 300 companies (CentOS/Postfix). Relaying more than 10,000 messages every hours successfully. no one has ever compliant for non delivery. but i cannot relay to this domain. The servers responsible for accepting messages are rejecting. i have given the whole log for experts to monitor.
it is something out of control, because it is not my problem. Our server has all record created (A,MX,PTR,SPF etc). i have three relay hosts fully functional. destination server is not accepting from any relay host.
can anyone try from his server and see if it is deliverable to ray@tata-nigeria.com
Thanks / Regards Prabhpal S. Mavi
Apr 12 11:06:00 titan postfix/qmgr[11860]: C3C142E4012: from=****@digital-infotech.net, size=1391, nrcpt=1 (queue active) Apr 12 11:06:02 titan postfix/smtp[12039]: C3C142E4012: host mx2.servershost.net[205.234.223.160] said: 450 4.1.7 ****@digital-infotech.net: Sender address rejected: unverified address: host mail.digital-infotech.net[41.211.25.193] said: 450 4.7.1 Client host rejected: cannot find your hostname, [205.234.223.198] (in reply to RCPT TO command) (in reply to RCPT TO command) Apr 12 11:06:03 titan postfix/smtp[12039]: C3C142E4012: to=ray@tata-nigeria.com, relay=mx3.servershost.net[66.225.214.101]:25, delay=1381, delays=1377/0.03/3.4/0.31, dsn=4.1.7, status=deferred (host mx3.servershost.net[66.225.214.101] said: 450 4.1.7 ****@digital-infotech.net: Sender address rejected: unverified address: host mail.digital-infotech.net[41.211.25.193] said: 450 4.7.1 Client host rejected: cannot find your hostname, [205.234.223.198] (in reply to RCPT TO command) (in reply to RCPT TO command))
Thanks / Regards Prabhpal S. Mavi
I think the destination server is trying a callback verification http://en.wikipedia.org/wiki/Callback_verification but that fails because your server is doing checks as described in http://en.wikipedia.org/wiki/FCrDNS
$ host 205.234.223.198 198.223.234.205.in-addr.arpa domain name pointer mx4.servershost.net. $ host mx4.servershost.net. mx4.servershost.net has address 66.225.237.241 -- Kind Regards, Markus Falb
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Thanks / Regards Prabhpal S. Mavi
On 12.4.2012 14:16, Prabhpal S. Mavi wrote: ...
i know these commands but if you will carefully look into logs, you will notice that my server is sending mail not receiving. therefor it has nothing to do with their PTR weather it is correct or in correct. that is according to the logic.
...
If the receiving server is doing callback than the logic is reversed, so no, at that point your server turns into the receiver. please read my *whole* message again, not only the part with the commands. Have a look at the links I provided.
Dear Markus Falb
Thanks for your response, it is grate information. it is true i missed the part of your mails.
Thanks / Regards
On 12.4.2012 14:16, Prabhpal S. Mavi wrote: ...
i know these commands but if you will carefully look into logs, you will notice that my server is sending mail not receiving. therefor it has nothing to do with their PTR weather it is correct or in correct. that is according to the logic.
...
If the receiving server is doing callback than the logic is reversed, so no, at that point your server turns into the receiver. please read my *whole* message again, not only the part with the commands. Have a look at the links I provided. -- Kind Regards, Markus Falb Resident do not top post guerilla http://centos.org/modules/tinycontent/index.php?id=16 (The guidelines part)
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Thanks / Regards Prabhpal S. Mavi
Dear All,
I did promise to come back and update you after the problem resolved, but before that i am grateful and personally thanking to everyone for their input, efforts & energy.
Dear Markus Falb,
i apologies for my statement yesterday, i actually missed the part of your email, undoubtedly the information you sent was very much valuable and helped to resolve the cause. i do not hesitate to accept that i did not know about call back function before your email.
Again special Thanks to Reindl Harald & Markus Falb, they made me to understand what i need to do in order to resolve the cause.
FOLLOWING HAS RESOLVED THE PROBLEM:
1.) As you all know, that server where i was sending the message to was configured for address verification & having incorrect PTR records. 2.) When it was coming back for address verification, my server was not accepting connection. 3.) Because my server was configured for "reject_invalid_helo_hostname"
i have to disable following in main.cf to deliver the mails to that server.
reject_invalid_helo_hostname reject_unknown_client_hostname reject_invalid_hostname
Thanks / Regards Prabhpal
Dear Markus Falb
Thanks for your response, it is grate information. it is true i missed the part of your mails.
Thanks / Regards
On 12.4.2012 14:16, Prabhpal S. Mavi wrote: ...
i know these commands but if you will carefully look into logs, you will notice that my server is sending mail not receiving. therefor it has nothing to do with their PTR weather it is correct or in correct. that is according to the logic.
...
If the receiving server is doing callback than the logic is reversed, so no, at that point your server turns into the receiver. please read my *whole* message again, not only the part with the commands. Have a look at the links I provided. -- Kind Regards, Markus Falb Resident do not top post guerilla http://centos.org/modules/tinycontent/index.php?id=16 (The guidelines part)
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Thanks / Regards Prabhpal S. Mavi
Thanks / Regards Prabhpal S. Mavi
On 4/12/2012 8:51 AM, Markus Falb wrote:
On 12.4.2012 14:16, Prabhpal S. Mavi wrote: ...
i know these commands but if you will carefully look into logs, you will notice that my server is sending mail not receiving. therefor it has nothing to do with their PTR weather it is correct or in correct. that is according to the logic.
...
If the receiving server is doing callback than the logic is reversed, so no, at that point your server turns into the receiver. please read my *whole* message again, not only the part with the commands. Have a look at the links I provided.
Markus is spot on. My mail server does reverse lookups to see if the mail server is real or not...in your case it would reject it since the mail server sending it does not equal what the look up says.
these rejects are used to prevent spammers. And they also teach us how to set up mail servers correctly. Learning curve, but it is for the best.
From: Prabhpal S. Mavi prabhpal@digital-infotech.net
Sender address rejected: unverified address: host mail.digital-infotech.net[41.211.25.193] said: 450 4.7.1 Client host rejected: cannot find your hostname, [205.234.223.198]
Is this the issue...? $ host 41.211.25.193 193.25.211.41.in-addr.arpa has no PTR record
JD
Hi JD,
Thanks for your response,
i am sure, it is some problem where you tried to resolve from. There is PTR for the host and it exists in my own authoritative DNS server. i tried to dig using through google DNS as well. Result shows that PTR is there.
[root@mailer mailer]# dig @8.8.8.8 -x 41.211.25.193
; <<>> DiG 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.2 <<>> @8.8.8.8 -x 41.211.25.193 ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48506 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION: ;193.25.211.41.in-addr.arpa. IN PTR
;; ANSWER SECTION: 193.25.211.41.in-addr.arpa. 10800 IN PTR mail.digital-infotech.net.
;; Query time: 255 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Thu Apr 12 12:08:14 2012 ;; MSG SIZE rcvd: 83
Thanks / Regards Prabhpal
From: Prabhpal S. Mavi prabhpal@digital-infotech.net
Sender address rejected: unverified address: host mail.digital-infotech.net[41.211.25.193] said: 450 4.7.1 Client host rejected: cannot find your hostname, [205.234.223.198]
Is this the issue...? $ host 41.211.25.193 193.25.211.41.in-addr.arpa has no PTR record
JD _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Thanks / Regards Prabhpal S. Mavi
On 04/12/12 4:59 AM, John Doe wrote:
Is this the issue...? $ host 41.211.25.193 193.25.211.41.in-addr.arpa has no PTR record
worked here.
$ host 41.211.25.193 193.25.211.41.in-addr.arpa domain name pointer mail.digital-infotech.net.
but it was a little slow coming back the first time (as reverse DNS often is).
-
Bob Hoffman -
John Doe -
John R Pierce -
Markus Falb -
Peter Peltonen -
Prabhpal S. Mavi