This inability is due to some email domains adoption of the RDNS (Reverse DNS) checking. The belief is, if you have a valid reverse DNs (Read: Valid = Any reverse DNS entry usually), then you are a “Valid Domain” to handle email from. Until the actual adoption of validated authentication which may come in the future, for the time being you can work around this inability to mail by having a valid PTR!
How this works is, the machine which will actually connect to the Internet and send email needs to have a valid PTR assigned to its IP address.
Below are steps detailed how to check that.
First, let’s discover the MX record for your domain, and the PTR record for your sending email server.
(Using Nslookup, we’ll check the details for hotmail.com)
We’re launching nslookup and looking at the details of the domain hotmail.com
Default Server: vnsc-bak.sys.gtei.net
>set type=mxSetting the type to MX will show us the Mail Exchanger records for the domain
>hotmail.comEnter a domain here, and it will display our Mail Exchangers
hotmail.com MX preference = 5, mail exchanger = mx4.hotmail.com
hotmail.com MX preference = 5, mail exchanger = mx1.hotmail.com
hotmail.com MX preference = 5, mail exchanger = mx2.hotmail.com
hotmail.com MX preference = 5, mail exchanger = mx3.hotmail.com
Now that we know the MX entries for inbound, we’ll check if they have a valid PTR
> set type=aThis will allow us to see the IP address assigned to the MX entries
Addresses: 220.127.116.11, 18.104.22.168, 22.214.171.124, 126.96.36.199
> set type=ptrNow we’ll check if they have a valid PTR
> 188.8.131.52The IP Address of the Mail Exchanger is specified here
184.108.40.206.in-addr.arpa name = mail.hotmail.com
220.127.116.11.in-addr.arpa name = mc1-reserved.bay6.hotmail.com
So, according to this, they have a valid record
If you received something similar to
*** vnsc-bak.sys.gtei.net can’t find 18.104.22.168.in-addr.arpa.: Non-existent domain
Then you do not have a valid PTR setup
If you’ve followed these steps and checked the PTR for the inbound mail receiver, now you should check the outbound.
Sometimes Inbound does not match the Outbound, so visit the following site from your mail server and you can check your IP address.
From your outbound mail server (The Mail server itself or an SMTP scanning/relayer) visit the following website:
www.pkguild.com/ip (There is also a link off the main site here – “Click here for your IP Address”)
And your results should look like this:
Default Server: vnsc-bak.sys.gtei.net
> set type=mx
pkguild.com MX preference = 0, mail exchanger = pkguild.com
pkguild.com internet address = 22.214.171.124
> set type=ptr
126.96.36.199.in-addr.arpa name = box81.bluehost.com
At this point, with a valid PTR – You can check to see if you can send mail by hand to these domains.
C:\> telnet mx1.hotmail.com
220 bay0-mc5-f9.bay0.hotmail.com. Mon, 6 Feb 2006 09:35:02 -0800
Enter helo domain.com where domain.com is the site you claim to be from
250 bay0-mc5-f9.bay0.hotmail.com (188.8.131.52) Hello [184.108.40.206]
mail from: <Christopher.Kusek@Pkguild.com>
Enter mail from: <email@example.com> this will dictate who it comes from.
250 Christopher.Kusek@Pkguild.com.Sender OK
rcpt to: <firstname.lastname@example.org>
Enter rcpt to: <email@example.com> this will be the recipient of the message.
Enter data – this allows you to start putting input of content in the message.
Test test mc test
Enter some kind of data.
Put a . and it commits the email and sends it.
354 Start mail input; end with .
250 <BAY0-MC5-F9gDznmG3d00498dc8@bay0-mc5-f9.bay0.hotmail.com> Queued mail for delivery
A simplified test of it which can be pasted into a telnet window are like this.
(After you have initiated your telnet)
mail from: firstname.lastname@example.org
rcpt to: user@domainIamConnectedto.com
Often times, you may also encounter an issue where Exchange is unable to deliver mail to some domains or reports errors on your server. This can happen when you have EDNS enabled on Windows 2003 DNS servers (Enabled by default)
To disable EDNS, you must first install the dnscmd.exe command-line tool from the Windows 2003 CD-ROM’s Support Tools. (\Support\i386\Suptools.msi)
From a command prompt type
dnscmd /config /enableednsprobes 0
This will then disable EDNS (You may need to restart the DNS Services on the 2003 DNS Server for it to take effect)
An external DNS query may cause an error message in Windows Server 2003
DNS query responses do not travel through a firewall in Windows Server 2003
Some DNS Name Queries Are Unsuccessful After You Upgrade Your DNS Server to Windows Server 2003