Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
17221
Views
0
Helpful
3
Replies

Reason: 5.3.0 - Other mail system problem ('550', ['non-existent reverse DNS entry for X.X.X.X

mehmethyeni
Level 1
Level 1

‎12-21-2012 03:26 AM

We have configured a ESA for a customer whose appliance was broken down because of a software problem and being replaced with a new one by cisco.

Today we have a big problem about Reverse DNS. When they send email to their customers, the remote mail servers reject their messages. I double check the configuration and haven’t found anything. If we route mail traffic over exchange instead of ironport, there aren’t any problem. The broken device worked about 6 months without being connected. Also, the remote server sends a message like:

Diagnostic information for administrators:

Generating server: mail.xyz.com.tr

abc@test.com.tr
[89.19.0.217] #<[89.19.0.217] #5.0.0 smtp; 5.1.0 - Unknown address error 554-'This server requires PTR for unauthenticated connections.' (delivery attempts: 0)> #SMTP#

Has anyone come across this type of problem or error code?

1 person had this problem
Labels:
0 Helpful
3 Replies 3

sallena
Cisco Employee
Cisco Employee

‎12-21-2012 03:52 AM

Please check the IP address from which the mail is being delivered to the remote server. This address might differ when the mail is routed through the exchange and through IronPort.

Most probably, the issue could be because of PTR record of the IP address( that IronPort is using to send the mail) is not registered in the DNS or it is not matching with the domain name. Was there any change in the Network configuration on the new ESA compared to the broken down ESA?

0 Helpful

mehmethyeni
Level 1
Level 1
In response to sallena

‎12-21-2012 05:15 AM

Thanks for the response. The problem should be originated from wrong PTR record I think and I told that to the customer. There isn't any configuration change in both ESAs but nat was made by customer newly.

0 Helpful

sallena
Cisco Employee
Cisco Employee
In response to mehmethyeni

‎12-21-2012 06:35 AM

I guess adding NAT recently explains it. May be the customer can try to fix it by updating the DNS entries with the NAT IP address or skip NATting for the mails(packets) having source IP address as the IP address of the IronPort (provided the IP configured to IronPort is a public IP address).

0 Helpful
Customers Also Viewed These Support Documents