Possibly forged hostname????

Unanswered Question

I am brand new to Ironport. This is our first school year using the product. We have recently had a problem with our students or faculty replying to emails from Notre Dame University. When a student or faculty member tries to reply we get this message back.

"Your message did not reach some or all of the intended recipients.

Subject: RE: Visit to Cathedral Prep
Sent: 9/8/2009 9:57 AM

The following recipient(s) cannot be reached:

[email protected] on 9/11/2009 9:57 AM
The e-mail system was unable to deliver the message, but did not report a specific reason. Check the address and try again. If it still fails, contact your system administrator.

Any one have any ideas why this would happen? Any help would be greatly appreciated. Also, so far this has happened to two emails that have been replied to that were going to two different people at nd.edu.

Thank you.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
SPAMHater_ironport Thu, 10/01/2009 - 16:07
User Badges:

First thing you should do is look thru your mail_logs and locate the emails. Check if the receiving domain is kicking back any 4xx or 5xx errors. Also as a general rule you should always make sure that DNS is working correctly for you and you are able to resolve the MX records for that domain. If all that checks, and they indeed are rejecting your mail. Ask them politely why :D

This is from the bounce log:
"RID 0 - 4.1.0 - Unknown address error ('451', ['4.1.8 Possibly forged hostname for']) "

I see other emails addressed to people at nd.edu that also were kicked back with the same error. The email addresses are valid since the emails that were sent were replies to emails that were received.

SPAMHater_ironport Thu, 10/01/2009 - 20:38
User Badges:


I assume that is the IP address of your IronPort sending the emails. It's really hard to tell exactly what they mean with that 4xx error they are kicking back RID 0 - 4.1.0 - Unknown address error ('451', ['4.1.8 Possibly forged hostname. Only they can tell you exactly what they mean by that, since those errors can be customized. My best guess would be that they are doing some multilpe DNS checks on the host name of your box, reverse, forward etc. and seeing if IP matches to host name, perhaps domain as well etc. I would engage the admin of the domain to find out exactly why they are rejecting your emails. Definitely make sure DNS is configured correctly on your side to avoid problems with external checks. Hope that helps.

SPAMHater_ironport Thu, 10/01/2009 - 21:12
User Badges:

If you google "dns tools" it should come up with a list of sites that offer some DNS checks. Usually a good place to start. I know dnsstuff.com is pretty good I think you have to pay now thought. dnstools.com as well
;-) maybe others can post some better ones.

SPAMHater_ironport Fri, 10/09/2009 - 16:19
User Badges:

Yes they have great support. Well at least we pointed you in the right direction. Glad it worked out ;-)


This Discussion