Solved

Remote Exchange Servers getting NDR's when trying to send to our Exchange 2000 Server

Posted on 2003-12-05
18
506 Views
Last Modified: 2010-03-05
We are experiencing more users contacting us telling us they are getting NDR's when trying to send us e-mails.

our configuration

W2K SP4
Exchange 2000 SP3, fully patched
Server is also a DNS and WINS server
AD with GC on this server also

No reverse DNS setup but did setup our PTR records correctly with Network Domain.  We did this when we where experiencing the same problem that is now being reported to us when we tried to send to the .GOV domain.

I want to say to the mailers that it is due to their configurations but want to pass it by the Experts first.


Here is my DNS Report

http://www.dnsreport.com/tools/dnsreport.ch?domain=jewishla.org
0
Comment
Question by:Dabowitt
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 6
  • 2
  • +2
18 Comments
 
LVL 10

Expert Comment

by:munichpostman
ID: 9887955
Hi,

can you please post a copy of the NDR's that the users are receiving.
0
 
LVL 3

Expert Comment

by:ydirie
ID: 9887963
Please provide more information.
Does the remote site is part of your exchange organization ?
 are they in different routing group ?

or you just referring external people trying to send an email to your organization ? more users ( their users or your users)

thanks
0
 

Author Comment

by:Dabowitt
ID: 9890040
The NDR is a reply to the sender from their E-Mail server that they are unable to deliver the message to our domain.  I can give you more detail Monday if necessary.

I'm referring to external people trying to send an e-mail to my organization.  My users can send to their organization but they can't reply or send new mail to us.

Hope this helps?
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 3

Expert Comment

by:ydirie
ID: 9890247
ok. can you receive any incoming emails from anyone ?
Is it just one or two clients that can not send to you or a lot of external people ?
If it is one client and you use some type of spam block, make sure they are not in the blacklist.
Do you have restrictions on your incoming emails as far as email size limits and so forth?

check these quetions while you get the NDR.

peace
0
 

Author Comment

by:Dabowitt
ID: 9890549
Yes, can receive e-mail from everyone
Two or three can't send to us.  
As noted, one resolved by fixing their PTR records with their ISP after I asked them to check this first. This after they upgraded to Exchange 2003 from 5.5. Getting more info on Monday regarding the other two.
Again, don't want to say it is just reverse DNS by fixing PTR records until I pass it by you all.
These people aren't on spam block list, first thing I checked
Restrictions on incoming mail, size
They are just trying to send basic text message to us.
Again, will provide NDR on Monday.

Happy Holdidays!
0
 

Author Comment

by:Dabowitt
ID: 9897344
NDR Report

from the sender who could not send us a e-mail

The following recipients(s) could not be reached:

'name@domain.org' on 12/3/2003 11:19
The recipient was unavailable to take delivery of the message
.... Host Unreachable

This sender was able to send to us after setting-up their records correctly with their ISP.

Here is the question.

We have setup our records with Network Solutions
We do not have the Reverse DNS checkbox checked on the SMTP connector
Senders who upgrade only can begin sending to us after 'correcting' their records with their ISP

Thus,

What is Exchange 2000 doing different when looking at an incoming e-mail to determine if it receives it than Exchange 5.5.  Again, we are not doing reverse DNS, or are we?

Thanks,

David
0
 
LVL 2

Accepted Solution

by:
EjayHire earned 250 total points
ID: 9897418
Hi.  It sounds like your exchange server is trying to do reverse lookups on incoming messages.  That's kind of odd because it isn't enabled by default.  Perhaps you have some "helpers".. :)  Anway Open exchange system manager -> Storage Group -> protocols -> Smtp -> Right Click the smtp Server.  (Mine is aptly named "Default Smtp Virtual server").  Click the delivery folder tab and then the advanced button.  Verify the "Perform reverse DNS lookup on incoming messages" button is unchecked. Ok->Apply->Ok->restart the SMTP Virtual server ...lather/rinse/repeat.  

Let me know if you are still having trouble.

Ejay Hire at homail dot com
0
 

Author Comment

by:Dabowitt
ID: 9897447
Nope!  As indicated, we are not doing reverse DNS, this checkbox is not checked.
0
 
LVL 2

Expert Comment

by:EjayHire
ID: 9897472
Sorry, missed that.  If fixing the PTR  (reverse dns) records of the seding mail server fixed the problem then something has to be doing reverse lookups.  Cuirous.  Do you have any anti-spam software running on the server?

-Ejay
0
 
LVL 3

Expert Comment

by:ydirie
ID: 9897627
I dont see any problem on your side. these people might of had some DNS issues within their network. If you receiving emails from the rest of everyone else, then the culprit is on their end.

0
 

Author Comment

by:Dabowitt
ID: 9897655
No anti-spam software running.

Ydirie, you are probably right but what we are trying to figure out here is if we are not doing reverse DNS and the remote organizations can send on Exchange 5.5 to us when they upgrade to Exchange 2000/2003 then they can't send e-mail to us, what is really going on?  If by them setting-up reverse DNS on their side resolves the issue then aren't we thus doing reverse DNS on our side in some form or fashion?  As an example, my CIO says ok these people are fixing this by doing reverse DNS then our server must be doing reverse DNS or it would let the mail in regardless of what e-mail server is being used.

Does this make sense?

Thanks,

David
0
 
LVL 3

Expert Comment

by:ydirie
ID: 9898974
I don't know about you but it dont make sense to me  :)-
Remember, they should be able to send you an email regardless of what type of email system they are using. It is recomended that reverse DNS is used but not necessary. I agree with your CIO that you dont wanna let anyone send you an email. All RDNS does is compare the domain and the IP, and if the two dont match, it blocks it. I have mine set to check RDNS, this way I block a lot of **** coming through.

        Again, whether they can send email or not, let them worry their issue. Just take care that issue and forget these people. Don't let them sweat you :)-
0
 

Author Comment

by:Dabowitt
ID: 9899033
Ydirie,

the problem is these are either clients or donars of ours.  In fact, the most recent issue is a donar who gives us 1/2 million a year.  Not one to ignore I would say.  

so far I'm not seeing anything I don't know yet.  Hopefully some more comments will help flesh this out.

David
0
 
LVL 3

Expert Comment

by:ydirie
ID: 9899184
Are they still having this issue ? both your clients or the donor ?

Have you spoke to their IT techies to see if you can help them in anyway. I know they are donors but remember you are not their techies. :)-
0
 
LVL 3

Expert Comment

by:ydirie
ID: 9899185
Are they still having this issue ? both your clients or the donor ?

Have you spoke to their IT techies to see if you can help them in anyway. I know they are donors but remember you are not their techies. :)-
0
 
LVL 26

Expert Comment

by:Vahik
ID: 9902014
Dabowit this NDR that u talk about is it created by ur mailserver or what?These emails do they hit ur smtp server at all if not  then it is not ur problem.Reverse dns only affects incoming messages on any exchange server.U must have copies of NDR created by ur email server check it out and see if any are craeted to those outside users.
0
 

Author Comment

by:Dabowitt
ID: 9905542
Hi gang,

think we found the problem, running test today and will provide solution if we are correct.  Thanks!
0
 

Author Comment

by:Dabowitt
ID: 9906344
Found the problem!

Our Help Desk guy filtering some domains by their domain name, we found out that Exchange 2000 WILL FORCE REVERSE DNS LOOKUP ON ALL (!!!) CONNECTION ATTEMPS!!! Exchange has to do that in order to be able to filter the domains I entered as Spammers. Domains that don’t have a reverse DNS set up –will be rejected as well –as Exchange can’t verify that they are not on my black list. –All that, while we left the check box “Force reverse DNS lookup” unchecked.  

Interesting because in basic reading about this no where does it say that blocking by domain forces Exchange to start doing reverse DNS on all connections.


David
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
Check out this step-by-step guide for using the newly updated Experts Exchange mobile app—released on May 30.
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Suggested Courses

635 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question