When receiving a message from mail server (MTA) for which DNS PTR record lookup fails, SMG that uses a single network interface and port for both inbound and outbound communications will defer or reject the connection. This will occur regardless of whether PTR record lookups have been disabled or not.
When the sending MTA connects and the PTR record lookup fails, the Symantec Messaging Gateway will return one or both of the following SMTP responses:
421 4.4.0 Unable to connect to DNS - try again later
554 5.1.2 Recipient address rejected: User unknown
This issue occurs when the Mail Acceptance list contains a domain name rathern than an IP. The Mail Acceptance lists can be found in the Edit Host Configuration page's SMTP tab:
Administration > Configuration > Edit a Scanner host > SMTP tab, then Inbound or Outbound Mail Settings tabs.
Mail Acceptance lists will usually contain IPs, but in some circumstances will have domain names as well. When a domain name is used, an IP must be resolved to determine what direction the message is destined for, inbound or outbound. If the reverse DNS lookup fails for the domain, and therefore no IP can be resolved, the message is deferred, or sometimes rejected, since the Messaging Gateway cannot determine what direction to route the message.
The message is usually deferred so it can be attempted again at a later time when any DNS issues may have been resolved.
This issue can be corrected around by one of the following methods:
These settings can be modified in the Control Center interface in the SMTP configuration of the Scanner hosts: