Clarifications on reverse lookup (PTR) | MDaemon Technologies, Ltd.
  1. Forum
  2. MDaemon
  3. Clarifications on reverse lookup (PTR)

Clarifications on reverse lookup (PTR)

  • M

    Hello everyone,

    I need some clarification regarding the topic mentioned above.

    I manage an old installation of MDaemon 14.5.7.
    A client who uses email accounts configured on my mail server pointed out that some emails are not being correctly delivered to their destination.
    After performing some checks, I discovered that, seemingly at random, the reverse lookup causes the server to close the connection; here’s an excerpt from a log:

    Fri 2025-10-24 14:35:43.020: <-- MAIL FROM:<xxx@domain.example> SIZE=3859437
    Fri 2025-10-24 14:35:43.020: Performing PTR lookup (57.18.140.94.IN-ADDR.ARPA)
    Fri 2025-10-24 14:35:43.067: *  D=57.18.140.94.IN-ADDR.ARPA TTL=(1) PTR=[id-euc1.prod.hydra.sophos.com]
    Fri 2025-10-24 14:35:43.067: *  Gathering A records...
    Fri 2025-10-24 14:35:43.144: *  D=id-euc1.prod.hydra.sophos.com TTL=(5) A=[94.140.18.94]
    Fri 2025-10-24 14:35:43.144: *  D=id-euc1.prod.hydra.sophos.com TTL=(5) A=[94.140.18.73]
    [...]
    Fri 2025-10-24 14:35:43.144: *  D=id-euc1.prod.hydra.sophos.com TTL=(5) A=[94.140.18.89]
    Fri 2025-10-24 14:35:43.144: *  D=id-euc1.prod.hydra.sophos.com TTL=(5) A=[94.140.18.90]
    Fri 2025-10-24 14:35:43.144: *  D=id-euc1.prod.hydra.sophos.com TTL=(5) A=[94.140.18.85]
    Fri 2025-10-24 14:35:43.144: *  MDaemon configured to drop connection on PTR record mismatch
    Fri 2025-10-24 14:35:43.144: ---- End PTR results
    Fri 2025-10-24 14:35:43.144: --> 501 5.7.0 Domain must resolve
    Fri 2025-10-24 14:35:43.144: SMTP session terminated (Bytes in/out: 995/4056)

    What’s strange is that if I run nslookup from the Windows command line, it correctly returns the sending server’s IP address, including 94.140.18.57.

    So, my doubts are:

    1 - Does MDaemon have some sort of timeout during the reverse lookup query?
    2 - Could the issue be related not to my MDaemon installation, but to whoever manages the sender’s subnet?
    3 - How could I work around the problem, other than adding the IPs to the whitelist?
    4- I’ve enabled the options “Send 501 and close connection if no PTR record exists (caution)” and “Send 501 and close connection if no PTR record match” — could the second option solve the issue?

    Thank you.

    Max

    0 likes
  • A

    MDaemon 14.5 is no longer supported. Our first reccomendation is to upgrade to a supported version, preferably the latest version (MDaemon 25.5.1). 

    MDaemon is doing a PTR lookup on the connecting IP, (94.140.18.57), and gets id-euc1.prod.hydra.sophos.com.  It then does an A record lookup on id-euc1.prod.hydra.sophos.com.  In my test there were 36 records returned from an A record lookup on id-euc1.prod.hydra.sophos.com.  MDaemon is only comparing the connecting IP to 4 of the IPs returned from the A record lookup and in the log snippet provided the connecting IP is not in the list of 4 records that are being checked.  Since it can't find the connecting IP in the list of records, it returns the mismatch error. 

    I see two options for you, upgrade to the latest version, which has been updated to support additional IP addresses returned by the lookup, or turn off the option for "Send 501 and close connection if no PTR record match".  You can still leave the option for Send 501 and close connection if no PTR record exists, enabled.

     

     

    --
    Arron Caruth

    0 likes
Please login to reply this topic!