Getting false positive DNS errors when sending to ATT/SBC?

Are you running into this error message when sending to users at AT&T/SBCGlobal email domains

<(user)>: host [] said: 550 5.7.1 Connections not accepted from servers without a valid sender domain.xxx123 Fix reverse DNS for (in reply to MAIL FROM command)

And is your DNS configured correctly and working fine?

If so, you're not alone. Others have been reporting that this can be a sort of known issue there, and it turns out, if your mail server was able to retry the email message -- treating this as a 4xx deferral instead of a 5xx hard rejection, the message would probably go through on that second attempt. Sort of like grey listing, in a way.

If you use Postfix, here's how you could modify your mail server config to treat that as a 4xx instead of a 5xx:

smtp_reply_filter = pcre:/usr/local/etc/postfix/maps/smtp-reply-filter
# Busted DNS server at SBCGlobal/Bellsouth/Prodigy
/^550 \d.\d.\d (Connections not accepted from servers without a valid 
sender domain.*)/ 450 4.7.1 $1

This clever hack means that if you run into this error, Postfix will treat it as a 4xx delay and will retry the mail at the next retry interval. If the error is indeed due to a random glitch on the ATT/SBC side, this means that when retried, the mail should go through.

Do keep in mind: One should never just convert a 5xx permanent reject into a 4xx transient error without review and consideration beforehand. If you do this and it begins to force retries to millions of email messages unexpectedly, you could end up unfairly beating up a receiving ISP, increasing the load on their inbound mail servers by attempting to re-send messages that they are not expecting to be re-sent. Always test and tread carefully. Be a good internet neighbor.

Thanks to software consultant and email admin John Capo for the tip on this one!

1 comment:

Comments policy: Al is always right. Kidding, mostly. Be polite, and you're welcome to join in, even if it's a differing viewpoint.