Page 1 of 1
The following addresses had permanent fatal errors
Posted: Wed Oct 31, 2007 4:50 pm
by sirmoes
I have the following error message after sending an email to some domains.
What is the problem?
The original message was received at Wed, 31 Oct 2007 21:10:58 +0100
from localhost [127.0.0.1]
----- The following addresses had permanent fatal errors -----
<xxxxxx@gmx.at>
(reason: 550-5.7.1 {mx087} Sorry, your helo has been denied.)
----- Transcript of session follows -----
... while talking to mx0.gmx.de.:
>>> RCPT To:<xxxxxx@gmx.at>
<<< 550-5.7.1 {mx087} Sorry, your helo has been denied.
<<< 550 5.7.1 (
http://portal.gmx.net/serverrules )
550 5.1.1 <xxxxxxx@gmx.at>... User unknown
Posted: Wed Oct 31, 2007 11:38 pm
by jaime.pinto
Start by checking the forward and reverse DNS entries for you server.
Posted: Thu Nov 01, 2007 4:40 am
by sirmoes
I have already thought about this.
But where do I have to check? The host file or the Bind DNS Server??
Posted: Thu Nov 01, 2007 8:15 am
by jaime.pinto
Use some external DNS check engine. For example:
http://www.dnsstuff.com/
DNSreport: pay attention to the MX records
Reverse DNS lookup: pay attention to the "Answer" part.
(reason: 550-5.7.1 {mx087} Sorry, your helo has been denied.)
This message is typical of when the "Answer" on the reverse doesn't match the domain part on the forward.
Posted: Thu Nov 01, 2007 7:30 pm
by adhodgson
Hi,
Also telnet to 127.0.0.1 on the Scalix server (or the server that sends messages out to the Internet). If Sendmail, it should reply with a 220 code, followed by the FQDN that it is using for the helo/ehlo string. This is what should be set (ideally) as the reverse DNS, on the public IP address, and an A record created to the same IP address.
Andrew.
Posted: Fri Nov 02, 2007 4:25 am
by sirmoes
And where can I change the FQDN
Posted: Fri Nov 02, 2007 4:48 am
by jaime.pinto
2 "locations", but they should coincide:
a) /etc/hosts on the scalix server
b) the public side of your DNS services
You may have an entry in the /etc/hosts that scalix is happy with, and which coincides with the "internal" leg of you DNS services (using "blessed" IPs). But that doesn't do any good in the real world. What is made available about your scalix server on the DMZ that counts, because that is what the internet sees. If you are doing port redirect on the firewall for example, you need to craft well what goes into the /etc/hosts of the scalix server and what goes in the external DNS.
Posted: Sat Nov 03, 2007 3:07 pm
by sirmoes
thanks