Remote Exchange Servers getting NDR's when trying to send to our Exchange 2000 Server

We are experiencing more users contacting us telling us they are getting NDR's when trying to send us e-mails.

our configuration

W2K SP4
Exchange 2000 SP3, fully patched
Server is also a DNS and WINS server
AD with GC on this server also

No reverse DNS setup but did setup our PTR records correctly with Network Domain.  We did this when we where experiencing the same problem that is now being reported to us when we tried to send to the .GOV domain.

I want to say to the mailers that it is due to their configurations but want to pass it by the Experts first.


Here is my DNS Report

http://www.dnsreport.com/tools/dnsreport.ch?domain=jewishla.org
DabowittAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Member_2_1821405Commented:
Hi,

can you please post a copy of the NDR's that the users are receiving.
0
ydirieCommented:
Please provide more information.
Does the remote site is part of your exchange organization ?
 are they in different routing group ?

or you just referring external people trying to send an email to your organization ? more users ( their users or your users)

thanks
0
DabowittAuthor Commented:
The NDR is a reply to the sender from their E-Mail server that they are unable to deliver the message to our domain.  I can give you more detail Monday if necessary.

I'm referring to external people trying to send an e-mail to my organization.  My users can send to their organization but they can't reply or send new mail to us.

Hope this helps?
0
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

ydirieCommented:
ok. can you receive any incoming emails from anyone ?
Is it just one or two clients that can not send to you or a lot of external people ?
If it is one client and you use some type of spam block, make sure they are not in the blacklist.
Do you have restrictions on your incoming emails as far as email size limits and so forth?

check these quetions while you get the NDR.

peace
0
DabowittAuthor Commented:
Yes, can receive e-mail from everyone
Two or three can't send to us.  
As noted, one resolved by fixing their PTR records with their ISP after I asked them to check this first. This after they upgraded to Exchange 2003 from 5.5. Getting more info on Monday regarding the other two.
Again, don't want to say it is just reverse DNS by fixing PTR records until I pass it by you all.
These people aren't on spam block list, first thing I checked
Restrictions on incoming mail, size
They are just trying to send basic text message to us.
Again, will provide NDR on Monday.

Happy Holdidays!
0
DabowittAuthor Commented:
NDR Report

from the sender who could not send us a e-mail

The following recipients(s) could not be reached:

'name@domain.org' on 12/3/2003 11:19
The recipient was unavailable to take delivery of the message
.... Host Unreachable

This sender was able to send to us after setting-up their records correctly with their ISP.

Here is the question.

We have setup our records with Network Solutions
We do not have the Reverse DNS checkbox checked on the SMTP connector
Senders who upgrade only can begin sending to us after 'correcting' their records with their ISP

Thus,

What is Exchange 2000 doing different when looking at an incoming e-mail to determine if it receives it than Exchange 5.5.  Again, we are not doing reverse DNS, or are we?

Thanks,

David
0
EjayHireCommented:
Hi.  It sounds like your exchange server is trying to do reverse lookups on incoming messages.  That's kind of odd because it isn't enabled by default.  Perhaps you have some "helpers".. :)  Anway Open exchange system manager -> Storage Group -> protocols -> Smtp -> Right Click the smtp Server.  (Mine is aptly named "Default Smtp Virtual server").  Click the delivery folder tab and then the advanced button.  Verify the "Perform reverse DNS lookup on incoming messages" button is unchecked. Ok->Apply->Ok->restart the SMTP Virtual server ...lather/rinse/repeat.  

Let me know if you are still having trouble.

Ejay Hire at homail dot com
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
DabowittAuthor Commented:
Nope!  As indicated, we are not doing reverse DNS, this checkbox is not checked.
0
EjayHireCommented:
Sorry, missed that.  If fixing the PTR  (reverse dns) records of the seding mail server fixed the problem then something has to be doing reverse lookups.  Cuirous.  Do you have any anti-spam software running on the server?

-Ejay
0
ydirieCommented:
I dont see any problem on your side. these people might of had some DNS issues within their network. If you receiving emails from the rest of everyone else, then the culprit is on their end.

0
DabowittAuthor Commented:
No anti-spam software running.

Ydirie, you are probably right but what we are trying to figure out here is if we are not doing reverse DNS and the remote organizations can send on Exchange 5.5 to us when they upgrade to Exchange 2000/2003 then they can't send e-mail to us, what is really going on?  If by them setting-up reverse DNS on their side resolves the issue then aren't we thus doing reverse DNS on our side in some form or fashion?  As an example, my CIO says ok these people are fixing this by doing reverse DNS then our server must be doing reverse DNS or it would let the mail in regardless of what e-mail server is being used.

Does this make sense?

Thanks,

David
0
ydirieCommented:
I don't know about you but it dont make sense to me  :)-
Remember, they should be able to send you an email regardless of what type of email system they are using. It is recomended that reverse DNS is used but not necessary. I agree with your CIO that you dont wanna let anyone send you an email. All RDNS does is compare the domain and the IP, and if the two dont match, it blocks it. I have mine set to check RDNS, this way I block a lot of **** coming through.

        Again, whether they can send email or not, let them worry their issue. Just take care that issue and forget these people. Don't let them sweat you :)-
0
DabowittAuthor Commented:
Ydirie,

the problem is these are either clients or donars of ours.  In fact, the most recent issue is a donar who gives us 1/2 million a year.  Not one to ignore I would say.  

so far I'm not seeing anything I don't know yet.  Hopefully some more comments will help flesh this out.

David
0
ydirieCommented:
Are they still having this issue ? both your clients or the donor ?

Have you spoke to their IT techies to see if you can help them in anyway. I know they are donors but remember you are not their techies. :)-
0
ydirieCommented:
Are they still having this issue ? both your clients or the donor ?

Have you spoke to their IT techies to see if you can help them in anyway. I know they are donors but remember you are not their techies. :)-
0
VahikCommented:
Dabowit this NDR that u talk about is it created by ur mailserver or what?These emails do they hit ur smtp server at all if not  then it is not ur problem.Reverse dns only affects incoming messages on any exchange server.U must have copies of NDR created by ur email server check it out and see if any are craeted to those outside users.
0
DabowittAuthor Commented:
Hi gang,

think we found the problem, running test today and will provide solution if we are correct.  Thanks!
0
DabowittAuthor Commented:
Found the problem!

Our Help Desk guy filtering some domains by their domain name, we found out that Exchange 2000 WILL FORCE REVERSE DNS LOOKUP ON ALL (!!!) CONNECTION ATTEMPS!!! Exchange has to do that in order to be able to filter the domains I entered as Spammers. Domains that don’t have a reverse DNS set up –will be rejected as well –as Exchange can’t verify that they are not on my black list. –All that, while we left the check box “Force reverse DNS lookup” unchecked.  

Interesting because in basic reading about this no where does it say that blocking by domain forces Exchange to start doing reverse DNS on all connections.


David
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.