exim error : all relevant MX records point to non-existent hosts

[freakie]

Hi,

im trying to receive a password reset mail from a dutch company.

but whatever i do trying to whitelist them i see this in the logs:

rejectlog:2024-01-10 15:32:26 H=mail-db5eur01acsn259.outbound.protection.outlook.com (EUR01-DB5-obe.outbound.protection.outlook.com) [104.47.2.59] sender verify fail for <[email protected]>: all relevant MX records point to non-existent hosts

the name login.nederlandseloterij.nl has no a record but does have a mx record.

so how come this error and how can i prevent/fix it?

 

[Richard G]

the name login.nederlandseloterij.nl has no a record but does have a mx record.

They configured it wrongly. They use MX for both login and main domain. But the error is that they don't use an A record but a CNAME record to a non-existing eu.sparkpostmail.com domain. They might have forgotten to change this record also to outlook.

so how come this error and how can i prevent/fix it?

First of all, send them a message explaining their record are incorrect and not working, so they can fix it. Or call them stating you can't fix things because they have a bad configuration running now, so you can't receiver answers to your mails either.
I had something with bad configured things with RDW too about 2 years ago, which made my mailservers refuse their mail, but I believe they fixed it now.

If you're using outlook, I'm afraid there is nothing you can do,.

On your own server, you might try to use the whitelist* files in the /etc/virtual/ directory.
Restart Exim after you made changes to these files.

 

[freakie]

thanks for your answer. i have tried to contact them but no luck yet.

 

[Incredi-man]

Still same problem: 2025-05-11 20:40:12 H=mail-westeuropeazacs10210072.outbound.protection.outlook.com (AM0PR83CU005.outbound.protection.outlook.com) [40.93.65.72] sender verify fail for <[email protected]>: all relevant MX records point to non-existent hosts

MX record differs from sending server 'outbound.protection.outlook.com', did whitelisting work? If (hopefully) yes: what to whitelist in what file?

 

[Richard G]

MX record differs from sending server 'outbound.protection.outlook.com',

No it's the other way around. Sender verify failed for Nederlandseloterij.nl and I highly doubt that whitelisting will work as SPF is already done at MTA connection level. You can try but I doubt it will work.

Again, you have to contact the Nederlandse Loterij and point them to this issue to have them fix it. The problem cause needs to be fixed by them, not by Microsoft.

 

[Richard G]

I've found the cause of the culprit and it's really with the Nederlandse Loterij.
This is the issue. If you do an MX lookup for Nederlandse Loterij, then you get this result:

nederlandseloterij.nl.  300     IN      MX      0 nederlandseloterij-nl.mail.protection.outlook.com.

which points out that they are also using Microsoft Outlook, so far so good.

Now the problem cause. For the no-reply, they use the SUBdomain login.nederlandseloterij.nl and now we do the same as above and get this result:

login.nederlandseloterij.nl. 300 IN     MX      10 mail.nederlandseloterij.nl.

A check for this points out that this is a CNAME (which is now allowed according to the RFC's anyway, so foei!) to eu.sparkmail.com.

So now we get this result:

telnet mail.nederlandseloterij.nl 25
telnet: mail.nederlandseloterij.nl: Name or service not known
mail.nederlandseloterij.nl: Unknown host

So we try the CNAME it's pointing to:

telnet eu.spartkpostmail.com 25
telnet: eu.spartkpostmail.com: Name or service not known
eu.spartkpostmail.com: Unknown host

Which prooves that Microsoft is correct for refusting the mail because the MX record does not point to a known host.
I should get paid by the Nederlandse Loterij for finding the cause of the issue so they can fix their crap. I will not post the fix for the issue, I've done enough work for them.

Mail them and point them to this post so they can see what things they do wrong.

 

[Incredi-man]

Thank you Richard!

 

[Richard G]

You're welcome.