[SOLVED] Sendmail deferred mails to queue, Helo command rejected: Host not found

ponganthony · 01-29-2014, 01:08 AM

Dear All,

I have been using the Sendmail SMTP server for a period of time. It works fine.

Recently, mails to a specific domain (anyname@rcptto.com.hk) cannot be sent. All mails to the rcptto.com.hk (any user) are deferred and put to a queue (by viewing mailq).

The server send mail of other addresses out with no problem (only mails of @rcptto.com.hk are deferred and queued). The mails in the queue sit there forever.

The queue looks as following:

/var/spool/mqueue (1 request)
-----Q-ID----- --Size-- -----Q-Time----- ------------Sender/Recipient-----------
s0T4Ft0X008764 202 Wed Jan 29 12:17 <anthony@mailfrom.com.hk>
(Deferred: 450 4.7.1 <server5.mailfrom.com.hk>: Helo command reje)
<estherc@rcptto.com.hk>
Total requests: 1

I looked at the maillog. It shows the following:

Jan 29 12:19:45 server5 sendmail[8764]: s0T4Ft0X008764: from=<anthony@mailfrom.com.hk>, size=240, class=0, nrcpts=1, msgid=<201401290417.s0T4Ft0X008764@server5.mailfrom.com.hk>, proto=SMTP, daemon=MTA, relay=server5.mailfrom.com.hk [192.168.1.7]

Jan 29 12:19:45 server5 sendmail[8782]: s0T4Ft0X008764: to=<estherc@rcptto.com.hk>, ctladdr=<anthony@mailfrom.com.hk> (501/501), delay=00:02:05, xdelay=00:00:00, mailer=esmtp, pri=120240, relay=mail.rcptto.com.hk. [14.136.207.228], dsn=4.7.1, stat=Deferred: 450 4.7.1 <server5.mailfrom.com.hk>: Helo command rejected: Host not found

Please help me on the following questions:

1. What is "Helo command rejected"? What address (mailto.com.hk or rcptto.com.hk) has been used in the Helo command? Why is it rejected?

2. It seems to me a DNS problem (as it cannot find a Host). Both address could be resolved in the DNS. Could it be a reverse DNS problem?

3. Which host could not be found (mailto.com.hk or rcptto.com.hk)?

4. Has the mail ever leave the server? It must be my server that rejected the mail. But why?

5. Could it be other problems?

Please help.
Thanks,

Anthony Pong.

Ser Olmy · 01-29-2014, 01:25 AM

Quote:

Originally Posted by ponganthony

Jan 29 12:19:45 server5 sendmail[8764]: s0T4Ft0X008764: from=<anthony@mailfrom.com.hk>, size=240, class=0, nrcpts=1, msgid=<201401290417.s0T4Ft0X008764@server5.mailfrom.com.hk>, proto=SMTP, daemon=MTA, relay=server5.mailfrom.com.hk [192.168.1.7]

Jan 29 12:19:45 server5 sendmail[8782]: s0T4Ft0X008764: to=<estherc@rcptto.com.hk>, ctladdr=<anthony@mailfrom.com.hk> (501/501), delay=00:02:05, xdelay=00:00:00, mailer=esmtp, pri=120240, relay=mail.rcptto.com.hk. [14.136.207.228], dsn=4.7.1, stat=Deferred: 450 4.7.1 <server5.mailfrom.com.hk>: Helo command rejected: Host not found

Please help me on the following questions:

1. What is "Helo command rejected"? What address (mailto.com.hk or rcptto.com.hk) has been used in the Helo command? Why is it rejected?

It looks like the server mail.rcptto.co.hk is rejecting a HELO command containing the hostname server5.mailfrom.com.hk.

Quote:

Originally Posted by ponganthony

2. It seems to me a DNS problem (as it cannot find a Host). Both address could be resolved in the DNS. Could it be a reverse DNS problem?

No, it looks more like a regular (forward) DNS problem.

Quote:

Originally Posted by ponganthony

3. Which host could not be found (mailto.com.hk or rcptto.com.hk)?

4. Has the mail ever leave the server? It must be my server that rejected the mail. But why?

In answer to question 3, I'd say the former.

The mail is being rejected due to an inability to resolve a hostname. I realize both domains must be internal to your organization (as a SOA lookup returns NXDOMAIN for both domains), but perhaps "mail.rcptto.com.hk" is using a DNS server which attempts to resolve non-local queries through an external server, and hence cannot resolve the other internal domain?

ponganthony · 01-29-2014, 01:54 AM

Dear Ser Olmy,
The domains are not internal to our organization. I make up the domain name for privacy purpose. They are public.
I have also made typo mistakes. The sender should be mailfrom.com.hk. The receiver should be rcptto.com.hk. Even though they are all made up names.

Let me try to sum up your comments:

1. Server mail.rcptto.com.hk rejects a Helo command containing the hostname server5.mailfrom.com.hk.
2. It is a forward DNS problem.
3. The host mailfrom.com.hk could not be found.
4. The mail has been send but not successful because it has been rejected by the mail.rcptto.com.hk server.

Let me clarify:

1. The domains are not internal to our organization.
2. I try to dig the 2 domain names (the real ones, not the made up ones stated in this post). They can be resolved by the DNS server.

The question now is:

1. Did I understand your comments correctly?
2. Why the server mail.rcptto.com.hk could not resolve the domain name mailfrom.com.hk? When in my machines, it can be resolved by a public DNS server.

Please help.
Thanks,
Anthony Pong

Ser Olmy · 01-29-2014, 02:09 AM

Yes, you did interpret my comments correctly.

So the domain names are public, and the true name of "server5.mailfrom.com.hk" is registered in the relevant domain zone. In that case, it is possible that the remote mail server ("mail.rcptto.com.hk") is being ambigous in its response, and it could indeed be a reverse DNS issue.

Is there a reverse DNS record for the IP address of "server5.mailfrom.com.hk"?

ponganthony · 01-29-2014, 02:43 AM

Dear Ser Olmy,
Thank you for your reply.

I made a DNS lookup for mailfrom.com.hk and it gives the followings:

$ dig mailfrom.com.hk

; <<>> DiG 9.7.2-P2-RedHat-9.7.2-2.P2.fc14 <<>> mailfrom.com.hk
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54463
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;mailfrom.com.hk. IN A

;; ANSWER SECTION:
mailfrom.com.hk. 28411 IN A 203.174.34.140

;; AUTHORITY SECTION:
mailfrom.com.hk. 6348 IN NS ns7.newsbook.net.
mailfrom.com.hk. 6348 IN NS ns6.newsbook.net.

;; ADDITIONAL SECTION:
ns6.newsbook.net. 143452 IN A 202.155.223.104
ns7.newsbook.net. 143452 IN A 175.45.0.84

;; Query time: 22 msec
;; SERVER: 202.82.1.1#53(202.82.1.1)
;; WHEN: Wed Jan 29 16:19:42 2014
;; MSG SIZE rcvd: 125

But when I lookup the reverse DNS, it is no good:

$ dig -x 202.155.223.104

; <<>> DiG 9.7.2-P2-RedHat-9.7.2-2.P2.fc14 <<>> -x 203.174.34.140
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 64682
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;140.34.174.203.in-addr.arpa. IN PTR

;; AUTHORITY SECTION:
34.174.203.in-addr.arpa. 446 IN SOA idns1.newttidc.com. hostmaster.newttidc.com. 2011102001 3600 1800 3600000 3600

;; Query time: 20 msec
;; SERVER: 202.82.1.1#53(202.82.1.1)
;; WHEN: Wed Jan 29 16:21:41 2014
;; MSG SIZE rcvd: 110

It does not resolve down to the full IP address.
Do you think it is the core of the problem?

Regards,
Anthony Pong

Ser Olmy · 01-29-2014, 02:48 AM

Yes, that could very well be it.

Before high-quality blocklists became commonly available, and before SPF records were invented, reverse DNS checking was one of the few somewhat effective anti-spam measures available to mail server administrators. There are still many servers out there that won't accept mail from servers without reverse DNS records.

I noticed you ran dig on what appears to be the domain name rather than the hostname of the mail server. The A record of a domain (if it exists) may or may not correspond to that of a server in that domain. Just to be completely clear, it's the mail server IP that needs a reverse record.

ponganthony · 01-29-2014, 02:55 AM

Dear Ser Olmy,

I now know the problem and I shall try to solve it.
Thank you very much.

Anthony Pong