Exchange can't email 2 domains listed on Spam Cannibal.

First of all the user gets this message:

-----------------------------------
This is an automatically generated Delivery Status Notification.

THIS IS A WARNING MESSAGE ONLY.

YOU DO NOT NEED TO RESEND YOUR MESSAGE.

Delivery to the following recipients has been delayed.

       *recipient*@*domain*.co.uk

---------------------

Obviously I removed the domain and intended recipient from the message.

Then days later the user gets:
-------------------------------------
Your message did not reach some or all of the intended recipients.

      Subject:      
      Sent:      11/04/2008 12:13

The following recipient(s) could not be reached:

      *recipient*@*domain*.co.uk on 13/04/2008 12:23
            Could not deliver the message in the time limit specified.  Please retry or contact your administrator.
            <*our domain*.co.uk #4.4.7>
------------------------------------------------

What logs can I check for further details?

Im afraid there are not many logs you can check here, your best bet is to contact your ISP and ask them to check their logs, since it's on their side I believe it's stuck.

I will contact them soon. Do you think the spam filter could be the issue or is it impossible to work that way around. IE, if the recipient domain is black listed we can't sent to it but it can send to us?

I thought about that at first, checking of this Spam Cannibal was a form of reverse listing, meaning they protected sites from unsolicited emails.

It turns out they do not, they blacklist "spammers", so if you found a spammer in there it should block so they cannot SEND mails, not block their receiving.

Also reading on this Spam Cannibal website, it seems they work purely on spam server threading, not on individual mail basis, so I cannot imagine this is the cause.

My thoughts are that either there is something wrong with their sides configuration or that due to their spam, your ISP may have some filter or limiter on them.

In either case, it seems unlikely the problem is located with you, unless you have a local inhouse filter that simply blocks in and outgoing mails

Perhaps Demon are filtering email to them due to them being spam listed?

Anyway, I will contact Demon soon and see what they have to say about it.

We don't have any filtering in house, just Anti-Virus, Hardware Firewall and Software Firewall. All of which I do not believe are affecting email in this way.

I agree, neither firewall nor anti-virus should do this, and if any of them was blocking you should get an error back right away stating it was blocked and the reason for it.

Good luck contacting Demon UK and sorry I could not help further

I have been in touch with Demon and they asked me to send them an email with the internet headers for the emails in.

They said it is unlikely the problem is at our end or Demon and as we can receive email from the destination OK it is likely to be a problem with their server.

Hopefully after they have analysed the headers we will know what is happening.

I will update when I know more.

Only thing I can add is, that spam companies rarely accept inbound emails, simply because it would overload their servers in moments with all the returned emails and similar, not to mention space usage.

But I assume you have a reason to contact this company, which means they should have some form of inbound accept

It is a reputable company. A local small company that are certainly not a SPAM company. They are a Pre-School Nursery so that can't possibly be the problem. There email will be out sourced no doubt and a setting there must be causing this. Could be a day or so before I get word back from Demon.

The reason I assumed they were related to spam was because of their entry in this Spam Cannibal thing, but that could easily be caused by virus/malware using an email addr on the server they are hosted at to spam.

Anyway good luck with it :)

I got a reply from Demon but don't fully understand it as I didn't think you could change a client outgoing SMTP address if it is connected to exchange. For example we use Outlook 2003 and 2007 connected to Exchange locally. Therefore there are no options to specify an alternative SMTP server...

This is the ISP response:

-------------------------------
We have investigated the mail headers you have sent us.
The bounced back messages is sent from your exchange server.

Thread-Topic: Delivery Status Notification (Failure)+AFs-Scanned+AF0-

From: <postmaster@*ourdomain*.co.uk>

To: *user*@*ourdomain*.co.uk

Please check for the outgoing SMTP address on all the client systems.  You can try changing the SMTP address to post.demon.co.uk instead of your Exchange servers address/IP.
--------------------------------------

Any ideas on how I can do this? Like I said I don't think I can do this on a client basis for an Exchange connected Outlook but perhaps I can do this on a global scale? Obviously I am going to test this with a different email account manually set up in outlook but we only ever use an Exchange connection, never pop3 or IMAP which would let us change the outgoing SMTP address.

This sounds very very peculiar, that you own server should be sending the NDR's, because that would mean it's your own server that claims it cannot deliver to this domain, unless I misunderstood.
As for the SMTP im afraid I have no idea, I know very little about how Exchange works, but at least with a manual test client and manual SMTP setup, you should be able to identify if the problem really is local.

Sorry I cannot assist more here, you would need one of the Exchange sharks I fear.

oh and I forgot... Our exchange server was always set up to use post.demon.co.uk as the Smart-Host. So surely this means all email is routed through the demon servers anyway, just email to these domains are not going through it OR there is a problem outside of our exchange server but is not being reported correctly.

It really is strange. I hate problems like this where it works for 99% but there is just 1% not working causing all the problems.

I just can't for the life of me understand how our exchange server would be preventing email being sent to just two domains.

If I remove the Smart-Host from the SMTP Virtual Server would it send the email direct from our Exchange server and would that determine if there is a problem with post.demon.co.uk? If I remove the smart host entry do I need to make any other changes to send mail direct from our server?

I have tried pinging mx1.maildefender.net (mxtoolbox.com says this is their 1st MX record.)

I pinged it from our server but it resolves a completely different IP address to what MXtoolbox.com does.

I tried this for some other mx records, hotmail and another and these show the same IP address on mxtoolbox as when the name resolves from the ping from our server. Although I was suspicious of this at first, thinking that perhaps our DNS server is not resolving the address correctly, I tried to ping the 1st gmail MX and it also showed a different IP address, so all in all I don;t think this matters as I never have problems emailing gmail. I only tried pinging the 1st MX though.

...the plot thickens. Another domain we can't email also seems to use mail defender when I looked up their MX records. I sent a test email that domain this morning and got the following message about forged IP name back:

Your message did not reach some or all of the intended recipients.

      Subject:      RE: MARCH TELEPHONE INVOICE[Scanned]
      Sent:      16/04/2008 09:01

The following recipient(s) could not be reached:

      *destination*@*domain*.co.uk on 16/04/2008 09:01
            You do not have permission to send to this recipient.  For assistance, contact your system administrator.
            <*ourdomain*.co.uk #5.7.1 smtp;550 5.7.1 <*destination*@*domain*.co.uk>... Relaying denied. IP name possibly forged [80.176.***.***]>


-----

Again I have edited IP addresses and email addresses for security. Another thing I noticed is that our domain name in exchange has two upper case letters that shouldn't be there really. Could this cause problems?

This is getting seriously strange to say the least.

The return msg, did that come from your local server or from their server ??, it sounds like there is something misconfigured or maybe something that has been tampered with or abused, possibly even your domain name.

It looks to have come from our server as it came from the postmaster at our domain.

I was reading this: http://www.experts-exchange.com/Networking/Email_Groupware/Exchange_Server/Q_21608637.html

And looks like it fixed their problem. Now my FQDN is set to be just our domain name. No subdomain of mail or anything. just "domain.co.uk"

Also this GQDM has two upper case letters. Apparent thing does not matter but I changed them to lower case anyway.

It also mentions having reverse DNS set up on the domain. I don't this is set up as we use demon as our smart host and I don't think it is done by default.

So am I right in thinking that our server is telling other servers it is called "ourdomainname.co.uk" instead of "mail.ourdomainname.co.uk" which it should be. In which case I would need a DNS record adding to point mail.ourdomainname.co.uk to our server IP address.?

I don't fully understand forward and reverse DNS but I guess because we use NAT and have static IP addresses alll our static IP addresses go through one IP address onto the net so we send from 1 IP address but when servers look back they see the gateway address of the ISP rather than the IP address of the server. I figure this is where reverse DNS comes in?

At the same time though shouldn't the error messages be coming from the destination server or because of this problem the emails are not getting there so our server is kicking up the fuss and doesnt know when it can't deliver the mail?

Perhaps mail defender protected domains are strict about what servers connect to them and because our FQDN is not the name of our server on the domain and because we don't have reverse dnd set up it is cutting our the mails without giving a reason?

From reading what you say and from my very limited exchange knowledge, it seems the mails are not even leaving you.

Either it is as you say a DNS entry, possibly related to Mail Defender or some other, that is preventing these mails from even getting out, or it's something else entirely and im lost.

I would suggest following the advice in the above thread at least as far as you can see the reason behind it, and possibly have a deeper look into the DNS setup, or ask Demon how they are doing the dns records and forwarding, since you are using them as the host.

What I don't get is this, if this is a problem such as dns or similar, why are there only a few affected and not all, which would make more sense if it was related to something serious.
Im beginning to think that the enduser you are trying to send to are not related to this problem, except maybe that somewhere along the line, something don't recognise them or wont send to them because it does not know the delivery address