Email problem. 451 #4.1.8 Domain of sender address does not resolve

[Cimcim]

Hello,
At the begining I want to say hello to everyone on forum. This is my first post. I have problems with sending emails. We have about 20 domains on server and we send and receive emails. But when we want to send email to domain nfz.gov.pl we have info in log file:
2022-11-10 12:58:47 H=mx1.nfz.gov.pl [194.50.61.119]: SMTP error from remote mail server after MAIL FROM:<[email protected]> SIZE=148250: 451 #4.1.8 Domain of sender address <[email protected]> does not resolve
I don't know how to fix it. Or where to check what's wrong. Probably there is DNS problem, but I'm not sure. Centos 7
Please help

 

[johannes]

do you have a PTR DNS record for your hostname, propably at domainregistrar side?

 

[Cimcim]

my IP is 185.42.221.224
hostname: serwer.astrim.pl

nslookup -q=ptr 185.42.221.224

Non-authoritative answer:
224.221.42.185.in-addr.arpa     name = serwer.astrim.pl

 

[Active8]

Glue Check

FAIL: Found differences between information provided by your authoritative name servers and glue provided by the parent name servers:

• ns2.astrim.pl. @parent=[185.42.221.225] @ns=[185.42.221.224]

The glue provided by the parent name servers has to match the data provided by the authoritative name servers.

 

[Richard G]

That's only the 2nd nameserver which is wrong, but that should not be causing the mail issue.

#4.1.8 Domain of sender address <[email protected]> does not resolve

Seems this issue only exists on the nfz.gov.pl domain, because that olk.katowice.pl domain does resolve everywhere.
Be sure the ip's of that gov.pl are not blocked anywhere in your firewall or something.

However it woulnd indeed be better to fix the ns2 ip anyway.

 

[Cimcim]

This is not firewall. We check it from diffrent location and the effect was the same.
I'm wondering what settings should be on the server on my side because I found old post about ptr and I see that I need to add entries in in your /etc/named.conf and /var/named/hostname.db ( https://forum.directadmin.com/threads/reverse-dns-how.2175/ )

 

[Cimcim]

in website https://www.checktls.com/TestReceiver I have 1 problem:

Certificate #1 of 3 (sent by MX):
		Cert VALIDATED: ok
		Cert Hostname DOES NOT VERIFY (mail.olk.katowice.pl != serwer.astrim.pl | DNS:serwer.astrim.pl)
		So email is encrypted but the host is not verified

 

[Richard G]

and I see that I need to add entries in in your /etc/named.conf and /var/named/hostname.db

No you don't!
Creating TPR records in DA is normally of totally no use. The PTR/rDNS records are created at the one providing you with the ip's which makes them known on the internet, which is mostly your datacenter or VPS/Server provider.
If you own the netblock and give ip's to your users then it -might- be necessary. Normally it's not needed in DA, you do that at the control panel of the datacenter.
As far as I've seen your PTR records are correct, you can check at intodns.com for your records. Only ns2 is not correct.

I have 1 problem:

Did you create a certificate for your hostname seperately?

Like login in via SSH and then:

cd /usr/local/directadmin/scripts
./letsencrypt.sh request_single serwer.astrim.pl 4096