We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.

How do I configure my Email Security Gateway to work with "DYNDNS" as my DNS Servers ?

  • Type: Knowledgebase
  • Date changed: 10 months ago
Solution #00006735

Spam Firewall, All firmware versions.


Go to the following website http://dyn.com/support/why-am-i-not-receiving-email/  and look for the heading "Email Security Gateway users:" 

It is imperative you setup the trusted forwarder configuration on the BASIC => IP Configuration TAB of the Email Security Gateway to include the servers IP Configuration from Dyn.com as recommended. See Note Below. 

Taken From Dyn.com at the time of this writing. IP Address / Netmask: / 
Backup and Gateway 
* If you are not receiving Email, you should first make sure your server is reachable on port 25; you can telnet test using: telnet domain.com 25 
* If not reachable, check your firewall to make sure you are not blocking our servers. The IP address blocks to whitelist are: 

IP Address / Netmask: 


* Check that your router is forwarding port 25; you can find information about Port Forwarding here<http://portforward.com/>. 
* Make sure your server is accepting email for the user and domain you are sending to; your server logs will tell you if it is rejecting the mail we are trying to deliver, and why. 
* Make sure your destination server field for Dyn Email Gateway is pointing to the correct hostname, which should resolve to the IP of your Email server. 
* If you are using our Anti-Spam filtering, make sure you have not set your Discard score too low or you may lose mail flagged as spam by mistake. 

Email Security Gateway users: Please ensure that you add the following IP addresses under the Trusted Forwarder IP section for your device. This allows your Barracuda to continue scanning message content while ensuring our servers are not accidentally blacklisted. 

If you need to contact Dyn for support with your email, please send us the To and From addresses, along with the time and timezone that an email was sent to you for one of the emails you didn't receive. That will enable us to look through logs for you. 

Also, if you are going to restrict access to your email server based on hostnames or IP addresses of our Dyn servers, you will want to subscribe to the Dyn RSS Status feed, available at dynstatus.com. Dyn will periodically change addresses where our servers reside, but will announce changes as they are made so that you can make changes to your filters/firewall. 

I'm getting a lot of spam. Can I block more of it with Dyn Email Backup MX? 

Dyn Email Backup MX does not perform any spam scanning or virus elimination. You can enable additional DNSBLs to block spam from known bad senders, or you can use Dyn Email Gateway instead (which features a variety of anti-spam options). 

You can also change your MX records to a primary-secondary-primary configuration. Many spammers automatically target the lowest-priority MX record by default to bypass the anti-spam filters on the primary mail server. To help prevent this, adding the primary MX again as your lowest-priority record will thwart this tactic: 







10 mail.domain.com 




20 mx2.mailhop.org 




30 mail.domain.com 

Please Note: If you use the primary-secondary-primary configuration our MX checker is going to state that the settings are wrong, because the setting isn't following the MX rule of the checker. 


Mail delivery problems can often be difficult to troubleshoot, as there are many points along the way where a message could be delayed, rejected, or even silently dropped without the sender ever knowing a problem occurred. Please check the following entries to see if they describe your problem; if not, you can contact our support team for further help. 

When contacting support, please send the full headers of any delayed or rejected emails (including timestamps and Received: entries) where available, and describe the time-frame of the problem to the nearest hour with timezone. Please make sure you contact support using an email address outside of the problem domain to make sure we can contact you! 

Mail is delayed for hours, then arrives all at once. 

This is a symptom of greylisting, where a mail server will temporarily reject mail (4xx error) to deter spammers. If your mail provider is greylisting Dyn Email Forward, you should contact them to let them know that the mail destined for your addresses is legitimate, and contact support to let us know of the problem. (Make sure to include the full headers of delayed messages so we can properly diagnose the issue.) 

My mail is being rejected with a 550 User Unknown error. 

Unless Dyn Email Forward explicitly receives a 5xx Permanent Failure error from the destination server, we will not reject email with this form of error. There are many potential causes of this problem, but one of the most common is blacklisting. Many email providers use blacklists or automated spam controls that block senders after too many "bad" messages. You will need to contact your provider and ask them to allow your mail to be delivered, then support to let us know of the problem. (Make sure to include the full headers of any rejected mail so we can properly diagnose the problem.) 

I receive a lot of mail. What are the queue size and message size limits? 

Dyn Email Forward does not limit the total volume of individual messages it can store or redeliver. Dyn Email Forward has a per-message size limit of 50MB; individual messages larger than 50MB (after encoding) will be returned to sender with a useful error message. 

I'm getting a lot of spam. Can I block more of it with Dyn Email Forward? 

Dyn Email Forward includes a variety of anti-spam options. By utilizing these features, you can drastically reduce the amount of spam delivered to your server via Dyn Email Forward. Simply lowering the Tag Limit and Discard Limit of your service by a few points each can result in a significant drop in spam. 

I want to use an anti-spam service like Postini as well as Dyn Email Forward. 

Unfortunately, you cannot use Dyn Email Forward and a third-party anti-spam service simultaneously. 

Some of my aliases automatically have spam scanning enabled. Why? 

Some mail hosting providers are more sensitive to mail delivery than others. In an effort to ensure smooth, consistent mail delivery to certain providers, some aliases will have spam scanning and virus elimination automatically enabled when they are created. 

We currently force filtering for the following recipient domains: aol.com, att.net, bigpond.net.au, comcast.net, insightbb.com, mac.com, mchsi.com, videotron.ca, worldnet.att.net, optonline.net, verizon.net, hotmail.com, yahoo.com, sbcglobal.net, pacbell.com 

Can I create Wildcard aliases? 

Due to dictionary attacks and collateral spam problems, it is no longer possible to create a "default" or "catch-all" Wildcard alias in Dyn Email Forward. 

Dyn Email Services and Postini 

A customer wishes to use Postini for spam scanning, but their ISP blocks port 25. The answer would seem simple: list Postini's mail servers in the MX records for the domain, and use the Dyn Email Gateway server as the destination mail server in Postini. Logically, mail would be received by Postini, scanned, redelivered to Gateway, and finally redelivered to their server on the alternate port. 

However, Dyn Email Gateway is designed to forward mail to the highest-priority mail server listed in a domain's MX records (if Dyn Email Gateway is not the primary). Furthermore, Dyn Email Gateway and Postini both use a feature known as a call-ahead to verify the existence of an email address before it will accept the full message. Due to this unique combination of behaviors, the following loop occurs: 
* A sending mail server connects to Postini. 
* Postini receives the connection, reviews the address, and looks up the destination server, Dyn Email Gateway. 
* Postini performs a call-ahead to Dyn Email Gateway to see if the address exists. 
* Dyn Email Gateway receives the connection, reviews the address, and looks up the MX records for the domain. Dyn Email Gateway sees Postini as the highest-priority mail server. 
* Dyn Email Gateway performs a call-ahead to Postini to see if the address exists. 
* Postini receives the connection, reviews the address, and looks up the destination server, Dyn Email Gateway. 
* Postini performs a call-ahead... 

This permanent loop of call-aheads is not detected by either side, as each one is considered to be a new connection, and the mail is never delivered. 

Dyn Email Gateway includes spam scanning services provided by SpamAssassin

Unfortunately, due to the way Dyn Email services and Postini operate, you will need to choose one service or the other. The two cannot be used in conjunction at this time. 

Link To This Page: