1. This forum is read-only and considered to be an Archive. Please utilize the SmarterTools Community for future interaction and posts.

550 5.7.1 Client host rejected: cannot find your hostname

Discussion in 'SmarterMail' started by Relleum, Sep 23, 2008.

  1. Relleum

    Relleum New Member

    I've been having a few peculiar problems since switching from Merak to SmarterMail. The first problem is that some clients have their emails bounce back with the following message:
    550 5.7.1 Client host rejected: cannot find your hostname
    I'm pretty sure this has to do with reverse lookup, but if you take a look at this dns report: http://www.intodns.com/maebrunkendesign.com, you will see that my Reverse MX A records are resolving. Granted, they seem to resolve to 3a.ee.85ae.static.theplanet.com (which is the company that hosts my server), but does it have to resolve to the same domain as the sending email (*@maebrunkendesign.com)?
    The other problem, which may be related, is that yahoo mail seems to be delaying deliveries from all the domains on my server:
    [*][*][*]<style>
    Reason: Remote host said: 421 Message from
    (174.133.238.58) temporarily deferred - 4.16.50. Please refer to http://help.yahoo.com/help/us/mail/defer/defer-06.html
    This looks like they are graylisting, but even when messages are successfully delivered hours (sometimes days) later, The same process has to be repeatedwhen sending subsequent emails. The end result is that every email sent to yahoo since I started using smartermail is delayed.
    What could be the problem? Please help!
  2. csimo

    csimo Product Expert

    If you want your mail delivered properly the Official Host Name of the sending server should match the PTR (reverse DNS) of the sending IP Address, and there should be an "A" record that matches the OHN as well.

    Example:

    mail.yourdomain.com (Official Host Name) on 123.123.123.123

    PTR for 123.123.123.123 should match mail.yourdomain.com (contact The Planet to do this for you)

    There should be an A record in yourdomain.com pointing to 123.123.123.123

    Problem will go away if you do the above.

    -Joe
  3. jerger

    jerger New Member

    smartermail is somewhat broke if your having the same issue as me... but after hours of emailing them back and forth i gave up... and did something invalid to fix it... not sure if your having the same issue.

    send tests here:
    check-auth@verifier.port25.com
    spf-test@openspf.org

    for the 2nd spf-test@openspf.org ... does your helo=pass helo=none or helo=failed? for us we had it pass with imail. switched to smartermail and it said none... since smartermail was not properly answering the helo test. they blamed openspf.org's test... which is kind of funny.

    anywho... your hostname should match your mail host... in your dns. for example ours is...
    for cleanhound.com...
    mail.cleanhound.com
    -we have this set to our internal ip address in SM hostnames... since sm looks at it with the ip of the nic. you could probably do the hostname twice to the internal and external ip... try one at a time (try internal first... external later)

    so our hostname is mail.cleanhound.com . we have a blank name spf record...
    v=spf1 a mx ptr mx:mail.cleanhound.com ip4:207.250.223.0/24 ~all

    this is how its suppose to work. however SM returns helo=none!!!!

    so here is the solution:
    create a second spf record... (usually a txt record) with the same name as the smartermail mx prefix... in our case ours is "mail" for mail.cleanhound.com . so we created a second txt record named mail ("mail" without quotes)
    -we then pasted the same spf value... which is above...

    it now says pass! what a pain in the ass.

    *** some notes ***
    -if you have it done properly with fqdn... like "name.domain.com" which cname "mail" pointing to ip of "name"... this wont work because of this issue. you have to recreate your mx and host records to reflect "mail" or something like this... then match this to the hostname. don't use a cname... instead use the name for your txt mail record. if you have cname "mail" you cannot have a txt record "mail" as well. this is stupid and against federal guidelines for fqdn.
  4. pdecker

    pdecker Member

    I receive and spf=pass with a single TXT spf record in DNS.

    v=spf1 mx mx:mail.domain.com ip4:11.22.33.44 -all

    FYI
  5. jerger

    jerger New Member

    when i had the similiar problem i received an spf pass as well.. but what about "helo=" does it say
    helo=none
    helo=pass
    helo=fail
    ?

    this is for the test:
    spf-test@openspf.org
  6. csimo

    csimo Product Expert

    I think you're relying on an unreliable test source. I've never seen SmarterMail fail to give out the proper HELO or EHLO.

    If you want to test SPF you can send me an email at my test account c s i m o j o e at g m a i l . c o m and I'll send you a reply with the complete message header showing your SPF and DomainKeys tests. I'll be in and out of the office today, but I'll get to it ASAP.

    Keep in mind that SPF is of little positive use. Many spammers pass SPF. You shouldn't give a negative weight because a message passes SPF, but a small weight if it fails.

    DomainKeys is a much better system (DKIM being even better).

    -Joe
  7. jerger

    jerger New Member

    err... well thats good for your servers maybe... but professional servers for marketing like ours.. or for others that host other companies email... domainkeys is not enough because many legacy servers like imail do not even support checking domainkeys, only spf and other basic spam tools. anyways...also this user is having issues. PLEASE HELP SOLVE THE ISSUES, saying spf isn't widely supported or is stupid might be true but doesn't solve his issues.

    1. smartermail often does fail helo... on certain advance tests such as aol... send a message to your aol account... view the headers/source... do you pass both tests with + or n, or - ? if you pass spf, but fail helo test... it will have the first be N or missing, and the second +
    idealy:
    X-AOL-SCOLL-AUTHENTICATION: domain : mail.buildingoperatingmanagement.com ; SPF_helo = +
    X-AOL-SCOLL-AUTHENTICATION: domain : buildingoperatingmanagement.com ; SPF_822_from = +

    2. if your having helo hostmaster issues you'll probably pass spf, but have helo=none on this test:
    spf-test@openspf.org

    if you pass both thats a good thing!

    3. check that relaying is off/none and both below are CHECKED
    [TABLE]
    | <input id="ctl00_MPH_chksmtpAuthBypassRelay" name="ctl00$MPH$chksmtpAuthBypassRelay" checked="checked" type="checkbox"><label for="ctl00_MPH_chksmtpAuthBypassRelay">Disable relay settings when using SMTP authentication</label> | </tr>
    | <input id="ctl00_MPH_chkEnforceSMTPAuth" name="ctl00$MPH$chkEnforceSMTPAuth" checked="checked" type="checkbox"><label for="ctl00_MPH_chkEnforceSMTPAuth">Enable domain's SMTP auth setting for local deliveries</label>
    [/TABLE]
    4. domainkeys are ideal... spf records do not hurt to implement... some sites require spf records for hotmail and exchange servers that check SENDERID. if you do not implement spf
    its much more difficult to send email to free mail sources such as hotmail. sender ids can help. this isn't going to fix your problem. you could turn off domainkeys to see if it solves the issue.

    5. "Keep in mind that SPF is of little positive use. Many spammers pass
    SPF. You shouldn't give a negative weight because a message passes but a small weight if it fails.
    "

    agreed... thats what i do:)