Solved: sender rejected, envelope sender domain could not be resolved

ccna_security · ‎12-10-2019

Hello. approximately 5 month ago I enabled Envelop Sender Verification and using it without any problem till now. but one of our user called that an email didn't reach him(for example: test@test.com). I looked at monitoring tool but nothing found. I looked at archived logs and saw that email rejected due to envelope sender domain could not be resolved. the interesting part is that 2 days ago that user had talked to that email. I didn't understand why that email rejected in only that time.

let me tell you how I configured esa :

Default Policy Parameters -> Envelope Sender DNS Verification:-on->Use Sender Verification Exception Table-on:

after this issue I put test.com to Sender Verification Exception Table? will it solve the problem?

marc.luescherFRE · ‎12-10-2019

The message :

Tue Oct 8 03:15:04 2019 Info: ICID 1997553 Address: <test@test.com> sender rejected, envelope sender domain could not be resolved"

means that the sender PTR record could not be looked up at the time the message came in.

This means that the sending system or DNS entry had an issue and there is nothing you can do on your end.

View solution in original post

marc.luescherFRE · ‎12-10-2019

Hi there,

sender verification does a DNS lookup on the PTR record of the sending mailserver.

Once in a while it will happen that companies change mail gateways and "forget" to update the corresponding DNS records correctly. This is nothing you did wrong or can fix - unless you want to bypass the check for the host as you did.

Try entering the IP of the sending host here :

https://mxtoolbox.com/ReverseLookup.aspx

And let me know the output.

I hope that helps

-Marc

ccna_security · ‎12-10-2019

thanks for your answer. right now everythink seems to be ok. Only email send in October 7, 8 th some emails rejected form test@test.com. Right now they ask me to troubleshoot why that emails was rejected. that email was with high importance. I checked logs test@test.com had send several email successfully. but only in October 7 and 8 th problem occurred. Now I want to be sure that the problem was in other side. I have to proof it to user. is there any way you can suggest?

marc.luescherFRE · ‎12-10-2019

I would first check the mail_logs of the incoming messages and then match the DCID to the smtp log to see why the incoming message was rejected. If you dont have the smtp log enabled there will not be a lot we can do.

Just make sure you have it enabled for the future.

ccna_security · ‎12-10-2019

I looked at mail_logs from command line and observed that "Tue Oct 8 03:15:04 2019 Info: ICID 1997553 Address: <test@test.com> sender rejected, envelope sender domain could not be resolved". Don't you think smtp would also show the same logs? or it would give me comprehensive explanation?

do you recommend to enable smtp logs for all emails?

marc.luescherFRE · ‎12-10-2019

My best practice for all ESA is to always enable smtp_logs as it will always give you the SMTP error when something goes wrong like below. This is a very valuable tool if you have issues with messages coming in or NOT going out.

Tue Dec 10 09:34:28 2019 Info: ICID 37643844 >> 451 #4.1.8 Domain of sender address <74qxxfk38s153jw8l64n3wdhzsqiisdm-b@email.compliance4all.com> does not resolve

Tue Dec 10 09:34:28 2019 Info: ICID 37643844 address 69.166.148.101 dns host ms148-101.bronto.com sbrs 0.8
Tue Dec 10 09:34:28 2019 Info: ICID 37643844 >> 220 mv10.xxxxx.com ESMTP
Tue Dec 10 09:34:28 2019 Info: ICID 37643844 << EHLO ms148-101.bronto.com
Tue Dec 10 09:34:28 2019 Info: ICID 37643844 >> 250-mv10.xxxxxx.com\r\n250-8BITMIME\r\n250-SIZE 36700160\r\n250 STARTTLS
Tue Dec 10 09:34:28 2019 Info: ICID 37643844 << STARTTLS
Tue Dec 10 09:34:28 2019 Info: ICID 37643844 >> 220 Go ahead with TLS
Tue Dec 10 09:34:28 2019 Info: ICID 37643844 << EHLO ms148-101.bronto.com
Tue Dec 10 09:34:28 2019 Info: ICID 37643844 >> 250-mv10.xxxxxx.com\r\n250-8BITMIME\r\n250 SIZE 36700160
Tue Dec 10 09:34:28 2019 Info: ICID 37643844 << MAIL FROM:<74qxxfk38s153jw8l64n3wdhzsqiisdm-b@email.compliance4all.com> BODY=8BITMIME
Tue Dec 10 09:34:28 2019 Info: ICID 37643844 >> 451 #4.1.8 Domain of sender address <74qxxfk38s153jw8l64n3wdhzsqiisdm-b@email.compliance4all.com> does not resolve
Tue Dec 10 09:34:28 2019 Info: ICID 37643844 << RSET
Tue Dec 10 09:34:28 2019 Info: ICID 37643844 >> 250 reset
Tue Dec 10 09:34:28 2019 Info: ICID 37643844 << MAIL FROM:<74au3x0nq7g0a934lvll6onfy35o0sdm-b@email.compliance4all.com> BODY=8BITMIME
Tue Dec 10 09:34:28 2019 Info: ICID 37643844 >> 451 #4.1.8 Domain of sender address <74au3x0nq7g0a934lvll6onfy35o0sdm-b@email.compliance4all.com> does not resolve
Tue Dec 10 09:34:28 2019 Info: ICID 37643844 << QUIT
Tue Dec 10 09:34:28 2019 Info: ICID 37643844 >> 221 mv10.xxxxx.com
Tue Dec 10 09:34:28 2019 Info: ICID 37643844 close

I hope that helps.

-Marc

ccna_security · ‎12-10-2019

Ok i will enable it. But for know could we say that the problem was in other side? I want to know whether i had the problem or not

marc.luescherFRE · ‎12-10-2019

Base don the data you have the issue was caused by the sender.

ccna_security · ‎12-10-2019

Could you please explain a bit? The word you used a bit hard to me to understand))

marc.luescherFRE · ‎12-10-2019

The message :

Tue Oct 8 03:15:04 2019 Info: ICID 1997553 Address: <test@test.com> sender rejected, envelope sender domain could not be resolved"

means that the sender PTR record could not be looked up at the time the message came in.

This means that the sending system or DNS entry had an issue and there is nothing you can do on your end.

ccna_security · ‎12-10-2019

Thank you so much.