The error message 450 4.7.1 Client host rejected: cannot find your hostname indicates that the receiving mail server performs a reverse DNS lookup on your server's IP address and fails to find a valid PTR record. This is a common anti-spam measure implemented by many mail servers.
From your dig -x 128.199.39.109 output, we can see:
;; QUESTION SECTION:
;109.39.199.128.in-addr.arpa. IN PTR
;; AUTHORITY SECTION:
39.199.128.in-addr.arpa. 1799 IN SOA ns1.digitalocean.com. hostmaster.39.199.128.in-addr.arpa. 1419274767 10800 3600 604800 1800
The NXDOMAIN response confirms there's no PTR record for your IP address. This is the root cause of the delivery failures.
Since you're using DigitalOcean, here's how to set up rDNS:
- Log in to your DigitalOcean control panel
- Navigate to Networking → Domains
- Click on your domain or add it if not already present
- Go to the reverse DNS section
- Add a PTR record for your mail server's IP pointing to your mail hostname
While fixing the rDNS issue is primary, you should also ensure your Postfix configuration is optimized:
# In /etc/postfix/main.cf
myhostname = mail.yourdomain.com
mydomain = yourdomain.com
myorigin = $mydomain
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
smtpd_banner = $myhostname ESMTP $mail_name
biff = no
append_dot_mydomain = no
readme_directory = no
After making changes, verify your setup:
# Test reverse DNS
dig -x your.server.ip
# Test SMTP greeting
telnet your.server.ip 25
# Test mail delivery
swaks --to recipient@example.com --from you@yourdomain.com --server your.server.ip
Consider implementing these to improve deliverability:
- SPF record:
v=spf1 a mx ip4:your.server.ip ~all - DKIM signing
- DMARC policy
- TLS encryption
Remember that DNS changes may take up to 48 hours to propagate globally, though typically it's much faster.
The error 450 4.7.1 Client host rejected: cannot find your hostname occurs when the receiving mail server performs a reverse DNS lookup on your server's IP address and fails to find a matching PTR (Pointer) record. This is a common anti-spam measure used by many mail servers.
Your dig output shows the core problem:
;; QUESTION SECTION:
;109.39.199.128.in-addr.arpa. IN PTR
;; AUTHORITY SECTION:
39.199.128.in-addr.arpa. 1799 IN SOA ns1.digitalocean.com. hostmaster.39.199.128.in-addr.arpa. 1419274767 10800 3600 604800 1800
The NXDOMAIN response indicates no PTR record exists for your IP 128.199.39.109. Mail servers often require both:
- A valid PTR record pointing from IP to hostname
- A matching A record pointing from hostname back to IP
For DigitalOcean droplets (which your SOA record suggests you're using), create a PTR record:
# Example steps for DigitalOcean:
1. Log in to DigitalOcean control panel
2. Navigate to Networking -> Domains
3. Add your server's hostname (e.g., mail.example.com)
4. Create an A record pointing to your server IP
5. Go to Droplets -> your droplet -> Settings
6. Under 'Reverse DNS', enter your FQDN (e.g., mail.example.com)
While fixing DNS is primary, improve your Postfix config (main.cf):
# Add to /etc/postfix/main.cf
smtpd_helo_required = yes
smtpd_helo_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_invalid_helo_hostname,
reject_non_fqdn_helo_hostname,
reject_unknown_helo_hostname
myhostname = mail.btcontract.com
After making changes, verify with these commands:
# Check PTR record
dig -x 128.199.39.109
# Check forward confirmation
dig mail.btcontract.com
# Test SMTP connection
telnet mail.da.net.ua 25
EHLO mail.btcontract.com
Consider implementing these to improve deliverability:
# SPF record example for your DNS
"v=spf1 a mx ip4:128.199.39.109 -all"
# DKIM setup (using OpenDKIM)
sudo apt-get install opendkim opendkim-tools
sudo mkdir -p /etc/opendkim/keys/btcontract.com