550 invalid DNS MX or A/AAAA resource record

Hi!

Got a few of these in my mail.log: May 8 16:32:23 epost postfix/smtp[30168]: B43188284B: to=<[email protected]>, relay=mx00.gmx.com[74.208.5.4]:25, delay=1.3, delays=0.05/0/0.41/0.87, dsn=5.0.0, status=bounced (host mx00.gmx.com[74.208.5.4] said: 550-Requested action not taken: mailbox unavailable 550 invalid DNS MX or A/AAAA resource record (in reply to MAIL FROM command))</[email protected]>

Same errors appear and whats in common seems to be MX gmx.com. The addresses ends with europe.com, email.com, web.de etc. but all seem to belong to gmx.com.

Have googled and there aren't that much info, except people who says it's due to rDNS (reverse lookup). Only thing is that I've got rDNS properly setup, which makes me believe this error is on the other side (GMX.COM).

Any ideas, or info on this would be highly appreciated.

Thanks!

10 Replies

Your MX record is a CNAME instead of an A or AAAA record?

Apparently that's what they dislike, based on RFC 2181 section 10.3:

http://www.iredmail.org/forum/topic8938 … d-dns.html">http://www.iredmail.org/forum/topic8938-iredmail-support-550requested-action-not-taken-mailbox-unavailable-550-invalid-dns.html

You do a "MAIL FROM [email protected]" as part of the SMTP transaction. "yyy.zzz" must have an MX that resolves to an A or AAAA record (depending on IP4 or IP6). If there's no MX then there must be an A or AAAA record. An MX record can not point to a CNAME, it must point to an A/AAAA record.

This is a pretty common anti-spam ruleset used on many servers and catches quite a lot of spam.

Right on target!

I'm using CNAME records as MX with prio 10 and 20. I added another M now with priority 5, and used the IP4 instead, just to make sure everything works before I change the other two.

Thanks!

Hi!

I'm still having problems with this. The other day I noticed this in the postfix log again:````
550 invalid DNS MX or A/AAAA resource record

In my DNS configuration I've got 3 MX records:````
epost    MX   5 123.123.123.123
epost    MX   10 123.123.123.123
epost    MX   20 123.123.123.123

Earlier the two with prio 10 and 20 was CNAME records pointing to a host name, but I changed them yesterday to A records with TTL 3600, which means it SHOULD work now after more than 24 hours. But when sending an email to a gmx.net address, the same error appear in the postfix log.

Can anyone point me in the right direction? I have no idea how to solve this.

Thank you!

@RFC 5321:

When a domain name associated with an MX RR is looked up and the

associated data field obtained, the data field of that response MUST

contain a domain name. That domain name, when queried, MUST return

at least one address record (e.g., A or AAAA RR) that gives the IP

address of the SMTP server to which the message should be directed.

MX records should be domain names, not IP addresses. Said domain names should resolve directly to IP addresses via A or AAAA records, not CNAMEs. Looks like you took care of the CNAME problem but you aren't supposed to use IP addresses directly.

Ok thanks, I'm sending e-mails from [email protected]. Should the setup be like your sample above?

Hmm okay.. So you mean I have to add at least one MX like this: mailx MX 5 email.mydomain.com email A 123.123.123.123

Would that make the mentioned error to go away?

Thanks!

The MX record needs to correspond to the sending email domain for it to have any impact on the error message. If you are sending/receiving mail from an address like [email protected], then your latest DNS records should be correct.

If you are sending/receiving mail from [email protected], then you would want to lose the "mailx" part of the MX entry and leave it blank MX 5 email.mydomain.com email A 123.123.123.123

Hi!

Just to confirm, should it be like this? email MX 5 email.mydomain.com email A 123.123.123.123

My sender address is [email protected] i.e. a subdomain.

Thanks!

That should work. Actually in that case, you don't really need an MX record (if you don't, the A record will be treated as an implicit MX record), but it hurts nothing to have one.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct