Home / server / Questions / 26797
Accepted
Jason
Asked: 2009-06-17 11:08:59 +0800 CST

Why is my email coming from a different domain or IP?

  • 772

I have the following configured:

  1. mail.firstdomain.com - 1.1.1.1 - This domain sends out a lot of email (our newsletter to clients), and thus I keep the two separated.

  2. mail.seconddomain.com - 2.2.2.2 - This domain is were we send out email from our app (registrations, notifications, etc...)

  3. mail.mypersonaldomain.com - 3.3.3.3 - This is my personal email hosted by Google/GMail

I have some email that are sending from mail.secondomain.com being rejected:

 Could not deliver message to the following recipient(s):

 Failed Recipient: [email protected]
 Reason: Remote host said: 554 mail server permanently rejected message (#5.3.0)

In the header:

 Received: from 1.1.1.1 [2.2.2.2] by mail.mypersonaldomain.com with SMTP; (date and time)

How is this possible?

1.1.1.1 is not involved in the email sending. I assume this is from the recipients server associating the email from 2.2.2.2 with the other IP (1.1.1.1) and further, with my personal email server (mail.personaldomain).

I checked all the configuration, and I don't see anything other than mail.seconddomain.com being used. 1.1.1.1 and 2.2.2.2 are even in separate data centers.

Any ideas?

domain-name-system email smtp

4 Answers

  1. Best Answer

    My answer is similar to that of splattne but I have a different interpretation of the Recieved header 

    Received: from 1.1.1.1 [2.2.2.2] by mail.mypersonaldomain.com with SMTP; (date and time)

    The exact format of Recieved lines varies with different servers, but generally the from part consists of the name given in the HELO/EHLO SMTP command with the IP address the connection was recieved from in square brackets.

    This received line to me looks like the server gave '1.1.1.1' as its name in the HELO command.

    Are you able to run wireshark, or other equivalent package, to sniff the SMTP session and verify the hostname given within the SMTP protocol?

    • 4

  2. Is the text after "from" being picked up from the reverse-DNS entry for 2.2.2.2?

    Try

    "host 2.2.2.2"

    to check.

    (the "host" command is fairly standard on Unix-a-like systems, there will be Windows equivalents if you need one and failing that search Google for one of the many sites that will do rDNS lookups for you)

    • 0

  3. mail.mypersonaldomain.com seems to be the name given to the SMTP service. Your server is telling the remote SMTP the name using the SMTP HELO/EHLO command.

    • 0

  4. Write to [email protected] and you will receive back a nice report with a lot of details on how your mail server looks like, as seen from your correspondants. A great tool when debugging mail delivery problems.

    • 0