Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » DNS server failure (error 472)
  •  
tonyswu

Messages: 271
Karma: 5
Send a private message to this user
This morning an user got a bounced message, and I thought the error is rather weird. The bounced message said:

<sales@domain.net> (mail.domain.net: 472 user<_at_>ourdomain.com DNS server failure)
Diagnostic-Code: SMTP; 472 user<_at_>ourdomain.com DNS server failure

I've verified that our Kerio mail server is using good DNS servers provided by our ISP. I've also confirmed that there are 3 DNS servers for redundancy. I checked the log, and I didn't see any error on DNS failure regarding this particular domain. I also verified the receiving domain, their MX record looks correct and there is proper reversed DNS. I've also been able to establish telnet connection to the receiving mail server from our Kerio server. I could also tell the receiving mail server is CommuniGate. Has anyone seen this error before and has some recommendations?

Thanks.
  •  
Kedar

Messages: 1320
Karma: 48
Send a private message to this user
I guess there is problem with DNS servers used on remote side and this message came from CommuniGate.

[Updated on: Wed, 25 April 2012 07:27]

  •  
freakinvibe

Messages: 1542
Karma: 62
Send a private message to this user
It might be that the recipient's server (CommuniGate) is looking up the host that you send in the HELO command. If this can't be looked up, you might get that error back. Most common issue is that a local name is used, like localhost.localdomain.

So check what you have configured as "Internet Hostname" in the Web Admin (This is on the Domains config page).

Also make sure that you have correct Reverse DNS setup for your KC server public IP address.

Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
  •  
tonyswu

Messages: 271
Karma: 5
Send a private message to this user
freakinvibe wrote on Wed, 25 April 2012 01:18
It might be that the recipient's server (CommuniGate) is looking up the host that you send in the HELO command. If this can't be looked up, you might get that error back. Most common issue is that a local name is used, like localhost.localdomain.

So check what you have configured as "Internet Hostname" in the Web Admin (This is on the Domains config page).

Also make sure that you have correct Reverse DNS setup for your KC server public IP address.


Our Kerio server does have a FQDN as the internet hostname. It also has proper reversed DNS.
  •  
freakinvibe

Messages: 1542
Karma: 62
Send a private message to this user
OK, thanks for checking that. When I look at this discussion:

http://www.issociate.de/board/index.php?t=msg&th=167119& amp;rid=0

It looks like CommuniGate Pro is checking if "ourdomain.com" (The host part of your email address) has a proper A-Record in DNS.

While most other mail servers check if the MX-Record exists, Communigate Pro seems to check the A-Record, which doesn't really make sense.

Can you try to set the A-Record and check if the error goes away?


Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
  •  
freakinvibe

Messages: 1542
Karma: 62
Send a private message to this user
Another thought. Looking at this forum entry:

http://sip-guru.com/Lists/CGatePro/Message/89392.html

it could be that CommuniGate Pro looks up the MX record of "ourdomain.com", but then can't lookup the A-Record for the host given in the MX record. So if you have multiple MX records and one of them has a non-resolvable host, CommuniGate will give an error back.

Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
  •  
tonyswu

Messages: 271
Karma: 5
Send a private message to this user
Good points, freakinvibe. I checked both, our domain does have an A record for "domain.com", and we only have one MX record which is the A record of mail.domain.com.

I was thinking perhaps it was the SPF record? This user's domain is hosted on our Kerio server, but they don't have proper SPF record setup. But even so it should consider "neutral" (neither blocked nor allowed), which should still be allowed through. I will ask the client to put in a SPF record and see if that helps.

Thanks for your recommendations, freakinvibe.
Previous Topic: when inbox messages read they are deleted and moved to junk folder
Next Topic: KOFF 6.7.3 Upgrade to KOFF Connect
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Thu Oct 19 12:41:44 CEST 2017

Total time taken to generate the page: 0.00391 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.