Most of the emails go out just fine, but some get rejected simialr to this.
Their MX record points to mail.clientdomain.com. However they do use a Barracuda Spam Filter, which has the name barracuda.clientdomain.com
Their DSL router forward the static IP, associated with the MX record, on port 25 to the Barracuda device, which has a private IP address 192.168.1.50. That then forwards to the Exchange server bearing IP address 192.168.1.200
Any ideas as to why they're getting blocked?
BTW their domain nor IP is on any SPAM Blacklist that I can see.
I did the mxtoolbox.com tests for Blacklisting and the IP was not blacklisted. The diagnostic gave me the results below (domain name and IP have been modified)
The results from IntoDNS is in the attached PDF.
RESULT: mail.clientdomain.com Banner: barracuda.clientdomain.com ESMTP (bd4cff2118125c8dfd1b57cfcff5f338) [375 ms] Connect Time: 2.047 seconds - Good Transaction Time: 2.672 seconds - Good Relay Check: OK - This server is not an open relay. Rev DNS Check: OK - 70.x.x.x resolves to mail.clientdomain.com GeoCode Info: Geocoding server is unavailable Session Transcript: HELO mxtoolbox.com - DIAGNOSTIC TEST - See http://www.mxtoolbox.com/Policy.aspx 504 Command parameter not implemented [47 ms] HELO mxtoolbox.com 250 barracuda.clientdomain.com Hello mxtb-pws1.mxtoolbox.com [64.20.227.131], pleased to meet you [62 ms] MAIL FROM: <test@mxtoolbox.com> 250 Ok [47 ms] RCPT TO: <test@mxtoolbox.com> 550 No such domain at this location (test@mxtoolbox.com) [47 ms] QUIT 221 Bye [47 ms]
Thanks Richard, I'll do so. I did notice in the MXToolbox diagnostic, right at the end of the report it says "550 No such domain found."
Is this something to be concerned about?
Also is it necessary to have a PTR for the Barracuda mail filter? Cause I am wondering if the reverse DNS verification is sent on port 25, the response is going to be from the Barracuda and not the Exchange server, and it will advertise itself as "barracuda.clientdomain.com" and not "mail.clientdomain.com"
>> it will advertise itself as "barracuda.clientdomain.com" and not "mail.clientdomain.com Sounds logical. Because it will reverse the external ip and wants to find mail.cliendomain.com but finds barracuda.clientdomain.com.
>> 550 No such domain found." I think this is also related to this reverse DNS on barracuda.cliendomain.com
Did this config worked before or is this a clean and new install?
You can't get more straight forward than that - I would wager that you are on a spam list, but not necessarily an open spam list.
Earthlink has you blacklisted for one of a handful of reasons; either they a) received a ton of spam from your IP, or range, b) you have a dynamic IP and your ISP sold you out (which we know isn't the case), c) your ip has been pegged as a zombie (virus) or d) you are horrendously misconfigured with the barracuda in there/
What domains can't you email? Earthlink, Gmail, AOL, etc? Got any other errors like the above?
Sorry for the delay. Telnet is not configured or allowed into the servers through the Firewall. But email comes into the Exchange just fine through the Barracuda.
I guess what I meant by the PTR is, that the exchange server is named mail.clientdomain.com and the barracuda is named barracuda.clientdomain.com
Our PTR is set for the IP MX record to resolve to mail.clientdomain.com
However if a verification request is sent by an Earthlink mail server to that ip address of our MX record, it will be forwarded to the Barracuda unit first, and I guess the Barracuda might respond saying that its name is barracuda.clientdomain.com and not mail.clientdomain.com
Could that be an issue?
In answer to the last posting, we have had some issues getting to Craigslist.org, but not all the time. Occassionally AOL too.
Though I do wonder in regards to what you said about gmail - the outgoing and receiving servers maybe different, but all of them may have PTR records right? In my case I only have the MX record PTR to mail.clientdomain.com and nothing for barracuda.clientdomain.com
For receiving, the server must be in the MX records - that is all, you don't need a PTR, you don't need a correct SMTP greeting - nothing - receiving is a right, not a priviledge
Sending is another matter altogether - you must have a PTR, you must have an A record that matches the pointer, you must identify yourself correct - you don't have to be in the MX records.
Send an email from your server to an external server, and post the headers here so we can see what is going on
Here's the header information (modified to hide the client's actual domain name). One thing to nice might be that the Windows domain (internal) is named clientdomain.local and not a .com name. But even the in-house DNS servers have a record that point the same IP to both mail.clientdomain.local and mail.clientdomain.com
Not sure if that matters.
From Hiran Thu May 15 16:39:06 2008 Return-Path: <hiran@clientdomain.com> Authentication-Results: mta174.mail.re3.yahoo.com from=clientdomain.com; domainkeys=neutral (no sig) Received: from 70.x.x.x (EHLO mail.clientdomain.com) (70.x.x.x) by mta174.mail.re3.yahoo.com with SMTP; Thu, 15 May 2008 16:46:22 -0700 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C8B6E4.DDA7F245" Content-class: urn:content-classes:message Subject: Test Date: Thu, 15 May 2008 16:39:06 -0700 Message-ID: <E92BB8100251374B96C8F5BC73FF4568057BA8@MAIL.clientdomain.local> Thread-Topic: Test Thread-Index: Aci25N2ZMlgPKtMRRtOuM+2JtV/1hQ== From: "Hiran" <hiran@clientdomain.com> Add sender to Contacts To: <hiran****@yahoo.com> Content-Length: 635
Yes if I do an nslookup for that 70.x.x.x IP I get mail.clientdomain.com (the correc domain) and if I an nslookup for mail.clientdomain.com I do get the same correct 70.x.x.x address.
Well then you don't have an obvious problem with your configuration.
So we are back to looking at bounces - that AOL bounce indicated you are on an AOL Block list, you may have subsequently been removed - got any other bounces for us? Anything recent?
