# sendmail cannot resolve PTR record



## DrJ (Dec 3, 2015)

A week ago I installed 64-bit FreeBSD 10.2, Mate (the gnome2 fork) and Evolution 3.16.5, among other things, in a VMware Workstation virtual machine (Win7).  I find that sendmail gives an error message "Relaying temporarily denied.  Cannot resolve PTR record for ..." 

I can send mail to myself.  My domain is a subdomain; I can send email messages to others on the primary domain.  However, I can't send anything beyond that.

I've never seen this error since I started using FreeBSD back in the 5.4 days, and I've no idea how to correct it.  Any suggestions would be most appreciated!


----------



## trev (Dec 4, 2015)

Can you resolve the PTR record with dig(1) or drill(1)?


----------



## DrJ (Dec 4, 2015)

trev said:


> Can you resolve the PTR record with dig(1) or drill(1)?


You are going to have to speak slowly.  I've been with FreeBSD a long time, but I do not know many of the inside workings.  With that in mind, what are dig(1) or drill(1)??


----------



## junovitch@ (Dec 4, 2015)

drill(1) and dig(1) are tools for DNS lookup.  An example would be `drill -x 8.8.8.8`.  Sendmail is sensitive to DNS issues so if things like that are failing then DNS needs to be looked at.


----------



## DrJ (Dec 4, 2015)

Thank you.  dig seems not to be installed, but drill is.  I'll try a couple of outside addresses.

Additional data: I have a couple of older FreeBSD VMs (9 era/Gnome2) that were perfectly functional when last used.  They now not able to send or receive email.  Weird.  The web/email hosting company claims that nothing has changed over the last week or so, but tech support often is the last to know.  Also, I had installed Thunderbird some days ago, but never configured it.  I set it up quickly, and it seems to work fine.  I don't know what MTA Thunderbird uses.


----------



## scottro (Dec 4, 2015)

`dig` has a nice thing that `drill` lacks, the +short option.  I like to install dns/bindtools and use dig.


----------



## junovitch@ (Dec 4, 2015)

On 9.x and earlier, ISC's dig(1) was part of the base system along with BIND.  On 10.x and later, NLnet labs Unbound suite and drill(1) are included instead.

This certainly does look to be some changes to DNS resolution somewhere in the network that are causing issues.


----------



## DrJ (Dec 4, 2015)

`% drill 66.237.94.160`
Error: error sending query: Could not send or receive, because of network error​
This is an address to a colleague at NIH, so it should be good.


----------



## DrJ (Dec 4, 2015)

Including the -x flag gives the same result.


----------



## junovitch@ (Dec 4, 2015)

Can you post the contents of /etc/resolv.conf?


----------



## DrJ (Dec 4, 2015)

`prosecco:/etc % more resolv.conf`

```
# Generated by resolvconf
search wavecable.com
nameserver 192.168.0.1
```

Wavecable is my ISP; the other is my local router.  I wondered if this was an issue with reverse lookups, but it always has worked in the past.


----------



## junovitch@ (Dec 4, 2015)

`drill -x @8.8.8.8 66.237.94.160` for a query to Google fails.  It works for a reverse DNS lookup of my home router IP address.  I think the issue with with the ISP.


----------



## DrJ (Dec 4, 2015)

OK -- what do I ask the ISP?  And my apologies for using drill incorrectly!


----------



## junovitch@ (Dec 4, 2015)

DrJ said:


> `% drill 66.237.94.160`
> Error: error sending query: Could not send or receive, because of network error​This is an address to a colleague at NIH, so it should be good.



So this address is not your home address so it's not your ISP responsibility.  I also see this fail using the command mentioned above to a public DNS server.

Does a reverse DNS lookup of your home IP address work?  That will at least rule out local issues with your ISP's DNS.


----------



## DrJ (Dec 4, 2015)

`drill -x <homeaddress>` gives the same error as above.  Using the IP address for my website/email host works.


----------



## DrJ (Dec 4, 2015)

deleted because of newer information.


----------



## trev (Dec 4, 2015)

Please don't just disappear - tell us what the solution was so that others with similar issues may benefit.


----------



## Deleted member 9563 (Dec 4, 2015)

Not mention people who just read stuff here in order to learn.


----------



## DrJ (Dec 4, 2015)

There is no solution yet, but scottro pointed out something to me in an email message off the forum here that I have to pursue.  It is late, and I'm heading to bed, but I'll follow up.  Heaven knows that FreeBSD documentation often is scarce, and these and other fora are the only places where one learns things.

Stay tuned!


----------



## DrJ (Dec 4, 2015)

OK -- I'll expand before turning in.  I installed the bind utilities, and found with dig (and scottro's help) that I could locate the IP address of my mail server.  That IP address could not identify the name of my mail server, but rather the domain that hosts mine.  It seems not to be my ISP, but the company that hosts my subdomain.  My wife holds the main domain so it is no big deal, but we have to get the pointers pointing in the right direction.

I'll call them in the morning, and let you know here what happens.

Damn these things are frustrating.


----------



## scottro (Dec 4, 2015)

To clarify, for those following along trying to get a better handle on DNS.   We'll say the good doctor's mail server is called mail.example.com with an address of 1.2.3.4 and his wife's domain is examplewife.com.  

```
dig +short mail.example.com
1.2.3.4
dig -x 1.2.3.4
something.examplewife.com
```

So, he needs a PTR (also called rDNS and reverse DNS) to point 1.2.3.4 to mail.example.com.  

Also, note that it's best to have a PTR record only pointing to one host. While people sometimes do have it pointing at multiple hosts for various reasons, it can be problematic as the response to a lookup might be host1, host2, or both of 'em.  

 (There's a good chance everything at something.examplewife.com will work without that reverse DNS pointing at it, though ideally, find something without a PTR record in your allowed range of IP's and give that IP to the server.)


----------



## DrJ (Dec 4, 2015)

scottro has it exactly right.  I contacted Westhost, which we use for web and email services, to update the PTR record to point to my email server instead of my wife's.  I'll post when things work as they should.  FWIW, Westhost has been very good for us, and this is the first glitch we have had in about 10 years.


----------



## DrJ (Dec 4, 2015)

The answer from Westhost:

After looking at your request to up date the DNS so that the IP 1.2.3.4 resolves back to example.com. We can not do that currently because the primary domain on the account is examplewife.com. You would need to either change the primary domain of the account, or you would need to have a separate account for example.com with a dedicated IP. Please let us know if you have any other questions or concerns.​Needless to say, I am very unimpressed.

Is anyone aware of a hosting company that uses FreeBSD as a local VM for their clients?


----------



## DrJ (Dec 5, 2015)

I don't know if anyone still is following this thread, but it gets curiouser and curiouser.  I have a bunch of older FreeBSD VMs that I checked for email delivery, and they didn't work.  I went back to check that one of my old FreeBSD VMs was set up properly.  It turns out that I had it set to work offline.  Makes sense, since I was transferring the various email files to the new VM.

When I switched it to work online, it sent the email message to my gmail address just fine.  So there is something different in the new sendmail configuration.  This one may not be Westhost's fault.


----------



## Deleted member 9563 (Dec 5, 2015)

DrJ said:


> I don't know if anyone still is following this thread,


Yes, there's 111 views.


----------



## DrJ (Dec 5, 2015)

Well, my follow-ups will have to wait.  I have business that needs urgent attention and a trip to Washington DC.  I won't be able to get back to this until Friday (a week from now).


----------



## Savagedlight (Dec 13, 2015)

Maybe the one that can send is using a smarthost (i.e. forwards outgoing e-mail to ISP's e-mail server)?


----------



## DrJ (Dec 31, 2015)

I have given up on this project.  My goal was to get Evolution to work properly, and it seems that the current version does not.  There is a known bug that prevents the spam filters from working properly, and that makes it useless for me.

So I reloaded the VM from an old backup, and futzed with the email files to make them current.  I still have to rsync the two VMs to get the files updated too, but that is pretty easy to do.


----------

