450 4.7.25 Client host rejected

mfarazk86 asked:

On #Exchange2013 I am getting the error message as follows,
generated the error ‘[{LRT=};{LED=450 4.7.25 Client host rejected: cannot find your hostname, [xxx.xxx.xxx.130]};{FQDN=};{IP=}]’.

I am getting this error message only when the user sends email to a particular domain.
I have recently configured SPF, DKIM, DMARC records on DNS Level by requesting the ISP.

FQDN which I am using for sending emails is mx1.xyz.com.ab which is associated with the public IP – xxx.xxx.xxx.131
I have checked the PTR records for the IP ending with .131 on mxtoolbox.com, they do exist. I have also checked the PTR records for the IP which is mentioned in the error message, i.e. .130. Also for this IP the PTR records exist.
I have verified the PTR records through nslookup also and the results are all same as shown in mxtoolbox.com.
Further information, I have configured the SPF Record as follows,
xyz.com.ab. IN TXT "v=spf1 mx a ptr ip4:xxx.xxx.xxx.131 ip4:xxx.xxx.xxx.130 ~all"

The mails are getting delivered to Gmail, Hotmail, and other domains. Only to a particular domain, users are not able to send the emails.

Any help would be much appreciated because this issue is now eating up my brains.

Thanks.
Faraz.

My answer:


The domain you are sending to, like many domains, requires that your DNS match in both forward and reverse direction. Thus the PTR record for your IP address must return a hostname, and that hostname’s address record must return the same IP address.

(When such a mismatch occurs with large providers such as Gmail or O365, they usually send such messages to the Spam/Junk folder rather than rejecting them outright, though I have occasionally seen Gmail actually reject messages, and Microsoft is infamous for rejecting large quantities of legitimate mail for incomprehensible reasons.)

You should double check your DNS records and that they are accessible from any arbitrary location on the Internet. If your DNS records really are correct, then the problem is likely at the receiving end.


View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.