Symantec Messaging Gateway (SMG) defers or rejects a message for which a DNS PTR record lookup results in failure

book

Article ID: 159110

calendar_today

Updated On:

Products

Messaging Gateway

Issue/Introduction

When receiving a message from mail server (MTA) for which DNS PTR record lookup fails, SMG that uses a single network interface and port for both inbound and outbound communications will defer or reject the connection. This will occur regardless of whether PTR record lookups have been disabled or not.

 

When the sending MTA connects and the PTR record lookup fails, the Symantec Messaging Gateway will return one or both of the following SMTP responses:

421 4.4.0 Unable to connect to DNS - try again later
554 5.1.2 Recipient address rejected: User unknown

 

Cause

This issue occurs when the Mail Acceptance list contains a domain name rathern than an IP.  The Mail Acceptance lists can be found in the Edit Host Configuration page's SMTP tab:

Administration > Configuration > Edit a Scanner host > SMTP tab, then Inbound or Outbound Mail Settings tabs.

Mail Acceptance lists will usually contain IPs, but in some circumstances will have domain names as well. When a domain name is used, an IP must be resolved to determine what direction the message is destined for, inbound or outbound. If the reverse DNS lookup fails for the domain, and therefore no IP can be resolved, the message is deferred, or sometimes rejected, since the Messaging Gateway cannot determine what direction to route the message.

The message is usually deferred so it can be attempted again at a later time when any DNS issues may have been resolved.

Environment

The Symantec Messaging Gateway is configured to use a single network interface and port for both inbound and outbound communications.

Resolution

This issue can be corrected around by one of the following methods:

  • Use only IP addresses in the Inbound and Outbound Mail Acceptance lists.
  • Use one ethernet interface for inbound and another for outbound.
  • Use separate ports for inbound and outbound.
  • Work to correct the underlying DNS PTR record issues that are the source of the issue.

 These settings can be modified in the Control Center interface in the SMTP configuration of the Scanner hosts:

  1. Click the Administration tab.
  2. Under Hosts in the left pane, click Configuration.
  3. Edit one of the Scanner hosts.
  4. Click on the SMTP tab.
  5. Make the necessary changes.
  6. Click the Save button.