NTS Forums

Please login or register.

Login with username, password and session length
 

News:

Welcome to the Newtek Technology Services Forum!


Author Topic: AOL: 421 SERVICE NOT AVAILABLE (Reverse DNS)  (Read 63442 times)

Offline Swede78

  • Hosting Newbie
  • *
  • Posts: 84
  • Karma: +0/-0
AOL: 421 SERVICE NOT AVAILABLE (Reverse DNS)
« on: March 16, 2005, 04:07:48 PM »
I'm getting the following message when I send an email from my server (via PHP script) to any AOL account:

Quote
quote:Could not deliver message to the following recipient(s):

Failed Recipient: user @ aol.com
Reason: Remote host said: 421 SERVICE NOT AVAILABLE



Is this due to a setting in DNS, Network settings, or SPF?  After I started getting these bounce-backs, I tried adding SPF TXT's to my DNS.  And alhough the test sites say my settings should work, I'm still getting these bounce-backs.

Any suggestions?

Tuzzanti [CT]

  • Guest
AOL: 421 SERVICE NOT AVAILABLE (Reverse DNS)
« Reply #1 on: March 16, 2005, 07:48:32 PM »
AOL blocks servers that send to much email to them that gets marked as spam by their customers.  Did you send out a large list?  

Tim Uzzanti
CrystalTech
www.crystaltech.com

Quote
quote:Originally posted by Swede78

I'm getting the following message when I send an email from my server (via PHP script) to any AOL account:

Quote
quote:Could not deliver message to the following recipient(s):

Failed Recipient: user @ aol.com
Reason: Remote host said: 421 SERVICE NOT AVAILABLE



Is this due to a setting in DNS, Network settings, or SPF?  After I started getting these bounce-backs, I tried adding SPF TXT's to my DNS.  And alhough the test sites say my settings should work, I'm still getting these bounce-backs.

Any suggestions?


Offline Swami_Webananda

  • Hosting Newbie
  • *
  • Posts: 11
  • Karma: +0/-0
AOL: 421 SERVICE NOT AVAILABLE (Reverse DNS)
« Reply #2 on: March 17, 2005, 06:04:46 AM »
swede, you keep posting your problems to these forums, how about sending an email to support rather than whining about them here. Quicker solutions and a happy customer :)

Offline MorningZ

  • Hero Member
  • *****
  • Posts: 5,381
  • Karma: +124/-25
    • My Neglicted Personal Website
AOL: 421 SERVICE NOT AVAILABLE (Reverse DNS)
« Reply #3 on: March 17, 2005, 07:45:24 AM »
Lots of information, phone numbers, and generally all about AOL Email

http://postmaster.info.aol.com

*****
"When I get fired, i want people to say: Wow! did that guy get canned!!!!" - George Castanza
"When I get fired, i want people to say: Wow! did that guy get canned!!!!" - George Castanza

"if you have one bucket that holds two gallons and another bucket that holds five gallons... how many buckets do you have?" - Mike Judge's Idiocracy

Offline Swede78

  • Hosting Newbie
  • *
  • Posts: 84
  • Karma: +0/-0
AOL: 421 SERVICE NOT AVAILABLE (Reverse DNS)
« Reply #4 on: March 17, 2005, 09:17:16 AM »
Tim,
No, we're sending out 2 or 3 a day.  I can't imagine this would do it.  Plus, this started happening immediately after we moved to another server.  So, I suspect that something is not setup correctly.  Just don't know what.


MorningZ,
Thanks.  I found that it's a Reverse DNS issue through your suggested link.  Strange, because I have the reverse DNS setup, and it seems to be working properly according to www.dnsstuff.com.  But, at least I now know what to concentrate on.  What's even more strange is that reverse DNS was NOT setup on my old server.


Swami_Webananda,
Quote
quote: swede, you keep posting your problems to these forums, how about sending an email to support rather than whining about them here. Quicker solutions and a happy customer :)


Hmmm, strange... isn't this how a forum works.  You post a problem, question, or start a discussion.  Hopefully someone responds with something useful (although that obviously isn't always the case).  And instead of it being a private discussion, other people can find it and possibly learn from it, or add to the discussion themselves.  And in many cases, this process can reduce the number of people calling or emailing support with a common question or concern, which frees support up, which results in faster support for those who are needing it and faster support for those who find what they're looking for here.  I'm assuming that I'm not the only one who will experience this problem.

And I do contribute to these forums more than just asking questions.  I also look through others posts and try to help when possible.

Also, it's nice to avoid paying $65/hour when possible on non-crucial problems.  If I don't get the answer here, then I will go to them.


Thank you,
Swede

Offline MorningZ

  • Hero Member
  • *****
  • Posts: 5,381
  • Karma: +124/-25
    • My Neglicted Personal Website
AOL: 421 SERVICE NOT AVAILABLE (Reverse DNS)
« Reply #5 on: March 17, 2005, 09:23:08 AM »
Quote
quote:Originally posted by Swede78

MorningZ,
Thanks.  I found that it's a Reverse DNS issue through your suggested link.  Strange, because I have the reverse DNS setup, and it seems to be working properly according to www.dnsstuff.com.  But, at least I now know what to concentrate on.  What's even more strange is that reverse DNS was NOT setup on my old server.


Well, apparently AOL email servers look at the IP of the server where it was sent from and need to verify that somehow

Here's my AOL troubles chronicled with what i thought was DNS issues, but it turns out someone reported me as Spam and i am now blocked (although it doesn't seem that i am fully blocked) by AOL....

*****
"When I get fired, i want people to say: Wow! did that guy get canned!!!!" - George Castanza
"When I get fired, i want people to say: Wow! did that guy get canned!!!!" - George Castanza

"if you have one bucket that holds two gallons and another bucket that holds five gallons... how many buckets do you have?" - Mike Judge's Idiocracy

Offline Swede78

  • Hosting Newbie
  • *
  • Posts: 84
  • Karma: +0/-0
AOL: 421 SERVICE NOT AVAILABLE (Reverse DNS)
« Reply #6 on: March 18, 2005, 08:58:38 AM »
Thanks, it was actually the reverse DNS.  I made a mistake when I set them up.  I set up a mail.domain.com per each domain IP.  Instead I should have put all the mail.*.com's in the smartermail IP.  Now, it seems to be working.

Offline Swede78

  • Hosting Newbie
  • *
  • Posts: 84
  • Karma: +0/-0
AOL: 421 SERVICE NOT AVAILABLE (Reverse DNS)
« Reply #7 on: March 23, 2005, 08:44:34 AM »
Well... I thought it was solved.  But, only partially.  According to dnsstuff.com, my reverse DNS entries are being picked up.  But, I have multiple mail.domains.com entered in the Reverse DNS for my SmarterMail IP.  Dnsstuff.com states that this is legal, but sometimes only the first entry is looked at.  Also, which one is considered the first entry is basically random.  So, it is working, but only sometimes.

So, now my question is... how can I get ALL my mail.domain.com's to have an absolute reverse DNS that always works?  This must be possible.  I have one SmarterMail server set up on one IP.  But, all domains' DNS MX records point to this one IP.  So, I'm just lost as to how this can be done.  I don't get it.  Other servers have multiple domains without reverse DNS problems.  What am I doing wrong?

DNS setup for each domain:
NS records -> pointing to the ns1.--- and ns2.---
A record -> pointing to the domain IP
MX record -> pointing to mail.domain.com
TXT record -> with the SPF string
A record (*) -> pointing to the domain IP
A record (mail) -> pointing to the smartermail IP
A record (www) -> pointing to the domain IP

and these two records are only found in one of my domain's DNS zone:
A record (ns1) -> pointing to the machine IP
A record (ns2) -> pointing to the machines 2nd IP (or web IP?)


Please, any assistance would be appreciated.

Thank you,
Swede

Offline Selenia

  • Hosting Newbie
  • *
  • Posts: 34
  • Karma: +0/-0
    • http://www.tenchu.de
AOL: 421 SERVICE NOT AVAILABLE (Reverse DNS)
« Reply #8 on: March 23, 2005, 12:34:14 PM »
Actually your settings look right.
Did you do this dnsreport.com test?

It shouldn't matter which host is returned by the reverse dns lookup because they all point to the same email server.

I set up mail server and one website on the same IP and this morning the DNS results looked all fine, so I think this is definately not the issue.

Did you make any DNS changes recently?
I think it is often just a matter time.
What you could do is put wrong information (nameservers) in the dns reverse settings. Then wait until the dnsreport shows you the wrong settings. Afterwards you put the (presumably) right settings again and wait for them to show up. This way you know when the change has been made.
This might not be very elegant, but at least you see what "settings" are currently used. At least this helped me.

Offline Swede78

  • Hosting Newbie
  • *
  • Posts: 84
  • Karma: +0/-0
AOL: 421 SERVICE NOT AVAILABLE (Reverse DNS)
« Reply #9 on: March 23, 2005, 02:48:25 PM »
Selenia,

Thanks for the suggestions.  I tried the dnsreport, and I only had a few minor warnings, such as SOA refresh and expire time (said they were a bit low) and a warning that I only have 1 MX record.  But, I only have 1 mailserver, so I can't do anything about that.

I haven't made any changes since last week.  When I go to dnsstuff.com and enter my smartermail server's IP, it lists all mail.domain.com's that I have email being sent from.  But, it warns that not all mail servers will see all listings, but may only see the 1st listing (which is apparantly random).

On my end, email works fine.  All email comes and goes just as it should.  The only problem I'm having is AOL (including @cs.com) addresses are being bounced back with a 421 error (which is that there is no Reverse DNS).

So, it seems that I can either tell AOL users that they have a 1 in 4 chance of getting email or I can setup only 1 (of the 4 total domains) reverse DNS entry for the most used domain.  I'm pretty sure the DNS settings are correct.  CT has looked at them and also agree that they look good (as they should, since I had them do it).

I just wonder how anyone else sets up reverse DNS for multiple domains with one mail server?

Offline Selenia

  • Hosting Newbie
  • *
  • Posts: 34
  • Karma: +0/-0
    • http://www.tenchu.de
AOL: 421 SERVICE NOT AVAILABLE (Reverse DNS)
« Reply #10 on: March 24, 2005, 06:30:10 AM »
Swede78, I am no expert but I think it doesn't matter which "host name" is returned, because they all belong to the same IP. The Mail Server is the one responsible to tell the incoming email for which domain it is.

So lets say someone makes a reverse dns call, then the only thing which is necessary is that this reverse call gives an answer. I don't think they do a string comparison if it returns "mail.domain.com" or "mail.domain2.com" . As long as anything is returned it is all right.

This is what I found on the AOL website (if I understand it correctly what I said above should be right):

If the sender’s domain is the only domain sending mail from a specific IP address, we recommend that the reverse DNS entry (PTR Record) match the domain name (A Record), but we do not require it.

AOL does require that all connecting Mail Transfer Agents have established reverse DNS, regardless of whether it matches the domain.
 
Reverse DNS must be in the form of a fully-qualified domain name – reverse DNS containing in-addr.arpa are not acceptable, as these are merely placeholders for a valid PTR record. Reverse DNS consisting only of IP addresses are also not acceptable, as they do not correctly establish the relationship between domain and IP address.

http://postmaster.aol.com/info/rdns.html

I know this doesn't solve your problem, but maybe the info helps you.

Also like someone above already said the error "421" is connected to "blocking someones email because of spam or other reasons" (it is not related to reverse DNS).

http://postmaster.aol.com/errors/index.html

So if you get error 421 you are probably on some temporary block list (this can happen when you offer newsletter service). In this case you would have to contact AOL directly and explain your case to them, I fear.

Offline Swede78

  • Hosting Newbie
  • *
  • Posts: 84
  • Karma: +0/-0
AOL: 421 SERVICE NOT AVAILABLE (Reverse DNS)
« Reply #11 on: March 24, 2005, 08:38:20 AM »
Thanks Selenia,

Well, I guess reverse DNS is not the problem.  I went back to check those AOL errors.  I didn't realize that they had multiple reasons for each code, I scrolled down until the 1st "421" I saw.  I wish they'd be more specific in the bounced back message, as to which "421" error it is.

Here are all the possible errors for "421".

421 HVU:B4
http://postmaster.info.aol.com/errors/421hvub4.html
There is at least one non-clickable URL in your e-mail that is generating substantial complaints from AOL members.

421 DNS:NR
http://postmaster.info.aol.com/errors/421dnsnr.html
Reverse DNS lookup for your IP address is failing.

421 RLY:H1
http://postmaster.info.aol.com/errors/421rlyh1.html
The IP address you are sending from has been temporarily rate limited due to AOL Member complaints.

421 RLY:NW
http://postmaster.info.aol.com/errors/421rlynw.html
The IP address you are sending from has been temporarily rate limited due to AOL Member complaints.

421 ISP:B2
http://postmaster.info.aol.com/errors/421ispb2.html
The IP address on your ISP's network has generated a high volume of mail to AOL and has exceeded our rate limit. Possible causes include a compromised or virus-infected personal computer or a non-disclosed server relaying mail within the ISP's network.

421 ISP:B3
http://postmaster.info.aol.com/errors/421ispb3.html
The IP address on your ISP's network has generated a high volume of mail to AOL and has exceeded our rate limit. Possible causes include a compromised or virus-infected personal computer or a non-disclosed server relaying mail within the ISP's network.

421 ISP:B4
http://postmaster.info.aol.com/errors/421ispb4.html
The IP address on your ISP's network has generated a high volume of mail to AOL and has exceeded our rate limit. Possible causes include a compromised or virus-infected personal computer or a non-disclosed server relaying mail within the ISP's network.

421 SDI:T1
http://postmaster.info.aol.com/errors/421sdit1.html
The IP address you are sending from has been blocked due to AOL Member complaints and/or high volumes of e-mail.

421 DYN:T1
http://postmaster.info.aol.com/errors/421dynt1.html
The IP address you are sending from has been blocked due to AOL Member complaints and/or high volumes of e-mail.

421 CON:B1
http://postmaster.info.aol.com/errors/421conb1.html
The IP address has been blocked due to unfavorable e-mail statistics.


I have no idea which one is causing the problem.  We do not send spam.  And we maybe send 3 emails a day average to AOL members.  I don't get.  The thing that led me to believe this was a settings issue on my server, was that this started happening right after switching to another server.  I doubt I'll get a response anytime soon, if ever, but I'll send AOL an email.

Offline Selenia

  • Hosting Newbie
  • *
  • Posts: 34
  • Karma: +0/-0
    • http://www.tenchu.de
AOL: 421 SERVICE NOT AVAILABLE (Reverse DNS)
« Reply #12 on: March 24, 2005, 10:13:08 AM »
You don't have to send spam to be blocked by AOL, it is probably a fully automated system with no ability to differ right from wrong.
I know my domain was blocked temporarily when I had a newsletter service.
As far as I get it, only one AOL member has to consider your email as spam and you might end up getting blocked.

http://postmaster.info.aol.com/tools/dns.html

Since one of the possible 421 is a dns problem I suggest you run the test on the link above. If that gives you no new insights (and you live in NA) phone the postmaster help desk :D

You can also sign up for some sort of feedback form, so whenever an aol user claims you send spam you are notified.

http://postmaster.info.aol.com/fbl/index.html


I think, you should be able to fix the problem by removing the "mail.domain.com" that is blocked by AOL, this way it can't be returned by the reverse DNS.
As far as I got it it is enough if one "mail.whateverdomain.com" is returned, so save yourself the hassle and just have one "mai.domain.com" in the reverse dns entry (the one which is certainly not blocked).


Offline Swede78

  • Hosting Newbie
  • *
  • Posts: 84
  • Karma: +0/-0
AOL: 421 SERVICE NOT AVAILABLE (Reverse DNS)
« Reply #13 on: March 24, 2005, 12:22:51 PM »
Thank you for all the help and suggestions.  I did both things that you mentioned just a bit ago.  I'm not exactly sure what the Feedback Loop will accomplish, but set it up nonetheless.  The DNS test seemed to work also.

I called AOL, and surprisingly enough got through to a human in just a couple minutes.  They're very helpful and willing to try to resolve the problem.  They didn't find that my IPs/domains were being blocked automatically.  They asked me to send a test email, which concluded that they were seeing my Machine IP in the header information.  I don't understand how, because I've looked at this header info after sending it to other accounts, and I see our MailServer IP.  Anyway, I've now added our mail.domain.com to the reverse DNS for our Machine IP.  Maybe that'll do the trick.  Just have to wait for it to kick in and see.

Thank you!
Swede

Craig [CT]

  • Guest
AOL: 421 SERVICE NOT AVAILABLE (Reverse DNS)
« Reply #14 on: March 24, 2005, 05:52:54 PM »
SmarterMail along with most other server side email applications use the Machine IP to send the mail.  This means that the IP address that is listed in your TCP/IP properties in the IP ADDRESS field is the same IP address that email comes from when you send it from your dedicated server.  

Knowing this, you can login to the CONTROL CENTER and under SERVER go to REVERSE DNS ZONE MANAGER.  Find your machine IP and enter in a host record that uses the same IP.  If you don't have a host record that uses your machine IP, make one so that the reverse record matches the host record for the same IP.  After you save it in the Control Center it can take 12 to 24 hours to update (but can happen within 20 minutes depending on how busy the DNS servers are).

And finally, you can go to www.dnsstuff.com and use your machine IP in the REVERSE DNS test to see if it is working correctly