Rejections from a specific domain 2

[scottew]

I have been receiving the following rejection when trying to send to a specific domain.

You do not have permission to send to this recipient. For assistance, contact your system administrator.
<mail.factorhealth.com #5.7.1 smtp;551 5.7.1 Unable to Resolve IP Address >

Any ideas what might be causing this? I have been looking up a few things, but nothing I have tried is working.

Thanks in advance.
Scott

 

[monsterjta]

Try the following resource link.

http://www.microsoft.com/exchange/techinfo/tips/trblsht_tip01.asp

Hope This Helps,

Good Luck!

(I do what I can with what I know)

 

[markdmac]

First try to telnet to their IP address using port 25. If you cannot do that you know that either their mail system is down or you may be faced with either a bad MX record (so you have the wrong IP) or problem with routing to them. TRACERT to their IP will help you determine if it is a routing problem.

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at

http://www.thespidersparlor.com/vbscript

 

[TigerfanLSU]

I used DNSSTUFF.com and tested that domain and it checks out. Do you have a stale cached record in your local DNS server? What happens when you ping that address from your exchange server? It should be 72.242.62.18

 

[monsterjta]

I don't see a reverse DNS entry for this domain. DNS may resolve, but not RDNS. Many larger ISP's will perform a Reverse DNS lookup on sending domains. If there is no RDNS record entry with YOUR service provider, or you host your own external DNS and do not have the RDNS entry, then you will get a bounced email.

I did a reverse DNS lookup on mail.factorhealth.com, which came back with errors stating there is no record.

Hope This Helps,

Good Luck!

(I do what I can with what I know)

 

[scottew]

Thanks for the help guys. Let me say that I am not much of a networking expert, yet.

It is strange, but the the domain that I am trying to send email to has been working fine until this morning. This is the scenario, it may be weird but it is what I have inherited.

We have 3 T1's which are provided to us by a company called Deltacom. Then I have 1 domain, factorhealth.com which is registered with Register.com and they host our external DNS for this domain which has the MX and A records. Then we have 2 other domains which are hosted by different providers, but I guess that doesn't matter at this time.

I used dnsstuff.com to do a reverse DNS Lookup on my IP address (72.242.62.18) and this is what I got in return.

How I am searching:
Asking g.root-servers.net for 18.62.242.72.in-addr.arpa PTR record:  
       g.root-servers.net says to go to dill.arin.net. (zone: 72.in-addr.arpa.)
Asking dill.arin.net. for 18.62.242.72.in-addr.arpa PTR record:  
       dill.arin.net [192.35.51.32] says to go to NS1.DELTACOM.NET. (zone: 242.72.in-addr.arpa.)
Asking NS1.DELTACOM.NET. for 18.62.242.72.in-addr.arpa PTR record:  Reports mail1.factorfoundation.org. [from 207.230.75.34]

Answer:
72.242.62.18 PTR record: mail1.factorfoundation.org. [TTL 86400s] [A=None] *ERROR* There is no A record for mail1.factorfoundation.org. (may be negatively cached).

To see the reverse DNS traversal, to make sure that all DNS servers are reporting the correct results, you can click here.

When I click there for the correct results, this is what I get.

Getting NS record list at a.root-servers.net... Done! 
Looking up at the 7 72.in-addr.arpa. parent servers: 

Server Response Time 
figwort.arin.net [192.42.93.32] NS1.DELTACOM.NET. NS2.DELTACOM.NET.  13ms 
henna.arin.net [192.26.92.32] NS1.DELTACOM.NET. NS2.DELTACOM.NET.  15ms 
indigo.arin.net [192.31.80.32] NS1.DELTACOM.NET. NS2.DELTACOM.NET.  77ms 
epazote.arin.net [192.41.162.32] NS1.DELTACOM.NET. NS2.DELTACOM.NET.  93ms 
dill.arin.net [192.35.51.32] NS1.DELTACOM.NET. NS2.DELTACOM.NET.  92ms 
chia.arin.net [192.5.6.32] NS1.DELTACOM.NET. NS2.DELTACOM.NET.  170ms 
basil.arin.net [192.55.83.32] NS1.DELTACOM.NET. NS2.DELTACOM.NET.  295ms 

Status: Records all match. 

Looking up at the 2 242.72.in-addr.arpa. parent servers: 

Server Response Time 
ns1.deltacom.net [207.230.75.34] mail1.factorfoundation.org.  26ms 
ns2.deltacom.net [207.230.75.50] mail1.factorfoundation.org.  91ms

As I mentioned, my domain is factorhealth.com. Prior to my arrival at this company, factorfoundation.org and factorhealth.com were somehow connected but are now 2 separate entities.

So I am wondering why the Reverse DNS is coming back with mail1.factorfoundation.org?

Thanks again for the help in trying to figure this out.
Scott

 

[monsterjta]

I host multiple email domains that reverse resolve only to one domain (ie; domains B, C and D all reverse to domain A). I haven't had any issues with this. This mail1.factorfoundation.org RDNS record was probably overlooked when these 2 organizations split.

The thing is, when you try to reverse mail.factorhealth.com it will not fine an A record. If I'm not mistaken, this is a problem.

Below are your current records, which look fine:

factorhealth.com. MX IN 86400 mail.factorhealth.com
mail.factorhealth.com. A IN 86400 72.242.62.18

However, when I reverse mail.factorhealth.com I get this:

72.242.62.18 PTR record: mail1.factorfoundation.org. [TTL 86400s] [A=None] *ERROR* There is no A record for mail1.factorfoundation.org. (may be negatively cached).

I certainly would check that your ISP has the correct RDNS entry for mail.factorhealth.com.


Hope This Helps,

Good Luck!

(I do what I can with what I know)

 

[markdmac]

I agree with monster. You should resolve the RDNS issue before attemtping to troubleshoot further. Your ISP should be able to help you out.

The company you are contacting probably switched their SPAM filtering and are now checking for the RDNS which is why you are not able to send to them. If you do a test, I am sure you will find you also cannot send to AOL, Hotmail, Yahoo and MSN accounts.

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at

http://www.thespidersparlor.com/vbscript

 

[scottew]

I finally figured out what happened. In my office, we have 3 T1's, one of which had a CAT5 cable going over to the office next door. That T1 is the 72.242.62.18 and was previously used by factorfoundation.org. They were running Exchange on an SBS box. When the companies split and they moved out, we kept the T1. In order to seperate some network traffice, we used the T1 (72.242.62.18) for our data network which is running Exchange. Our other T1's are for our video conference system and IP phone system.

The part I am unsure about at this point is who to contact. Our external DNS is hosted by Register.com and T1's are provided by Deltacom.

Also, do I need to set up any other entries in our DNS?

Thanks again for all the help!

 

[monsterjta]

Your DNS entries on Register look fine. You need to contact Deltacom and have them modify your RDNS entry to something like this:

72.242.62.18 IN PTR mail.factorhealth.com.

Hope This Helps,

Good Luck!

(I do what I can with what I know)

 

[scottew]

Thanks for the help guys. I had them modify the RDNS entry to this

72.242.62.18 PTR record: mail.factorhealth.com. [TTL 86400s] [A=72.242.62.18]

and it is now working.

A couple of stars for you guys. Now, I just have to get the IMF working with Marks script and I will be all set.