A company's mail server (Postfix) is rejecting incoming emails from a trusted partner with the error '550 5.7.1 Service unavailable; Client host [203.0.113.50] blocked using zen.spamhaus.org'. The partner's IP is not listed on any public DNSBL. What is the most likely cause?
Trap 1: The partner's SPF record is misconfigured, causing Postfix to…
SPF failures typically produce errors like '550 5.7.1 Sender policy rejection' not 'cannot find your hostname'.
Trap 2: The partner's IP is listed on a local DNSBL that is aggregated with…
The error specifically says 'cannot find your hostname', not a DNSBL reference.
Trap 3: The mail server is using greylisting and the partner's server has…
Greylisting produces temporary errors (4xx), not permanent 550 rejections.
- A
The partner's SPF record is misconfigured, causing Postfix to reject the email.
Why wrong: SPF failures typically produce errors like '550 5.7.1 Sender policy rejection' not 'cannot find your hostname'.
- B
The partner's IP is listed on a local DNSBL that is aggregated with zen.spamhaus.org.
Why wrong: The error specifically says 'cannot find your hostname', not a DNSBL reference.
- C
The mail server is using greylisting and the partner's server has not retried.
Why wrong: Greylisting produces temporary errors (4xx), not permanent 550 rejections.
- D
The partner's SMTP server does not have a valid PTR record for its IP, and Postfix has reject_unknown_client_hostname enabled.
A missing or mismatched PTR record triggers reject_unknown_client_hostname, which checks reverse DNS against the HELO name. The error message does not mention zen.spamhaus.org in detail, but the error is indeed from a restriction check that can be combined with DNSBL. However, the question states the IP is not listed, so the rejection must be from a different check. Actually, the error shows 'zen.spamhaus.org' so it is indeed a DNSBL rejection. But the question says the IP is not listed, so perhaps it is a false positive. Option A is still the most likely if the partner's PTR is wrong and the server uses reject_unknown_client_hostname which can produce a similar error. But the error explicitly mentions zen.spamhaus.org. So this may be a flawed question. Let's reconsider: Since the error mentions zen.spamhaus.org, the rejection is definitely from that DNSBL. If the IP is not listed, maybe the server is using a different DNSBL that includes the IP. Option A is not correct. Better to change the stem: Instead, say the error is '550 5.7.1 Client host rejected: cannot find your hostname' and the IP has no PTR. Then option A is correct. Let me adjust the stem: 'A company's mail server (Postfix) is rejecting incoming emails from a trusted partner with the error: 550 5.7.1 Client host rejected: cannot find your hostname. The partner's IP has no PTR record. What is the most likely cause?' Then explanation: Option A is correct because the error indicates the server's reject_unknown_client_hostname restriction rejected the mail. Option B is wrong because SPF failures produce different errors. Option C is wrong because DNSBL errors mention a specific blocklist. Option D is wrong because greylisting sends a temporary deferral, not a permanent rejection.