I would like to create a not too technical howto to address the most common issues that prevent the sending from our mail server.
Before talking about the problem, I thought it appropriate to define (simplifying) some necessary concepts
DNS Server manages the host name (www.mydomain.com) <-> IP (X.X.X.X) resolution for one or more domains (mydomain.com).
If the DNS server is not Nethserver, changes must be made by a web configuration panel or by asking the DNS service providers.
A DNS server allows:
HOST: association name -> IP (mail.mydomain.com -> x.x.x.x). You can attach multiple hosts to an IP (www.mydomain.com -> x.x.x.x)
MX records: indicates the host responsible to receive/send mail for the domain (MX: mail.mydomain.com). You can specify multiple hosts, giving different priorities (weight)
TXT record: host or ip from which you can send emails even if they are not specified in the record mx
There are two types of DNS queries:
Direct : It 's the classic demand that occurs typing an address (www.mydomain.com) on a browser.
The client requests the IP starting from host name.
Reverse : Starting from ip it returns the host name.
In our case it’s used to check the IP, of a mail server, starting from name with which it occurs
How it works (very simplified) a mail server
- When a server sends an email to a mailbox (email@example.com) queries the DNS server to get mail server for the domain. (MX records = mail.mydomain.com).
- Then queries the DNS server for the IP for host (mail.mydomain.com -> X.X.X.X).
- Once identified, verify that the mailbox (johndoe) exists
- If everything is correct it asks to send email.
- The receiving server checks the host name to the sending server.
- It asks, to the dns server, what MX record of sender domain and verify that it matches the hostname of the sender server.
- Through reverse DNS check that the caller server IP coincides with the hostname
- If the txt record is set, checks whether the sending server is authorized
- If ok it proceeds with receiving email
If somethingis incorrect, the email is rejected.
You may be inserted in some blacklisk.
We get to the point
Howto solve sending emails problems
When mail is rejected, you have to understand what is wrong and to proceed with the server arrangement.
To simplify the controls I use the site MxToolBox (http://mxtoolbox.com)
First of all check the rejected email:
Often rejected email specify the cause of the rejection.
The most common causes are:
- wrong recipient
- mail server limitation.
Before proceeding with blacklist removal, you need to solve the problem.
Check that the server settings are correct:
By mxtoolbox.com site go to mxlookup, type the domain name and click the button “mxlookup”. It returns the list of MX server for the domain
The name listed must match the public name of Nethserver. If necessary, set the correct host in the administration panel of the dns or change the Nethserver name.
To the right of the mx records Click the link “Smtp test”
Check the result. If an error occurs, select the link “More info”
Make sure that the reverse DNS (named PRT) is configured correctly, otherwise require correction to the ADSL manager. To check, select “Reverse Lookup” in the orange button and insert your public IP.
Always in orange button, select Blacklist and click it. See which blacklists have intercepted the server (they appear first)
Click “Detail” for more informationand to find the link to removal request.
If you use a smarthost, also check the ip of the adsl that exposes the mail server
You can be included in the blacklist for other causes:
- Sending emails with multiple recipients: in case of sending email to many recipients it is preferable to send to groups of 10 (max) recipients
- Ip ADSL blocked for virus spam.
- The PBL blacklists checking various features of server and ADSL line. In ITALY there are ADSL lines with assigned IP (IP is a dinamic IP assigned by reservation and therefore do not change but it’s not a static ip). This blacklist is widespread
It will ban without possibility of removal. The only solution is to change the line or use a smarthost
Other site to test BlackList are:
- Attachment too big: The recipient accepts emails with attachments smaller size. In this case you can divide the attachment or use ownCloud
- Exceeded the hourly / daily limit of emails that can be sent