Solved

Remote Exchange Servers getting NDR's when trying to send to our Exchange 2000 Server

Posted on 2003-12-05
18
465 Views
Last Modified: 2010-03-05
We are experiencing more users contacting us telling us they are getting NDR's when trying to send us e-mails.

our configuration

W2K SP4
Exchange 2000 SP3, fully patched
Server is also a DNS and WINS server
AD with GC on this server also

No reverse DNS setup but did setup our PTR records correctly with Network Domain.  We did this when we where experiencing the same problem that is now being reported to us when we tried to send to the .GOV domain.

I want to say to the mailers that it is due to their configurations but want to pass it by the Experts first.


Here is my DNS Report

http://www.dnsreport.com/tools/dnsreport.ch?domain=jewishla.org
0
Comment
Question by:Dabowitt
  • 8
  • 6
  • 2
  • +2
18 Comments
 
LVL 10

Expert Comment

by:munichpostman
ID: 9887955
Hi,

can you please post a copy of the NDR's that the users are receiving.
0
 
LVL 3

Expert Comment

by:ydirie
ID: 9887963
Please provide more information.
Does the remote site is part of your exchange organization ?
 are they in different routing group ?

or you just referring external people trying to send an email to your organization ? more users ( their users or your users)

thanks
0
 

Author Comment

by:Dabowitt
ID: 9890040
The NDR is a reply to the sender from their E-Mail server that they are unable to deliver the message to our domain.  I can give you more detail Monday if necessary.

I'm referring to external people trying to send an e-mail to my organization.  My users can send to their organization but they can't reply or send new mail to us.

Hope this helps?
0
 
LVL 3

Expert Comment

by:ydirie
ID: 9890247
ok. can you receive any incoming emails from anyone ?
Is it just one or two clients that can not send to you or a lot of external people ?
If it is one client and you use some type of spam block, make sure they are not in the blacklist.
Do you have restrictions on your incoming emails as far as email size limits and so forth?

check these quetions while you get the NDR.

peace
0
 

Author Comment

by:Dabowitt
ID: 9890549
Yes, can receive e-mail from everyone
Two or three can't send to us.  
As noted, one resolved by fixing their PTR records with their ISP after I asked them to check this first. This after they upgraded to Exchange 2003 from 5.5. Getting more info on Monday regarding the other two.
Again, don't want to say it is just reverse DNS by fixing PTR records until I pass it by you all.
These people aren't on spam block list, first thing I checked
Restrictions on incoming mail, size
They are just trying to send basic text message to us.
Again, will provide NDR on Monday.

Happy Holdidays!
0
 

Author Comment

by:Dabowitt
ID: 9897344
NDR Report

from the sender who could not send us a e-mail

The following recipients(s) could not be reached:

'name@domain.org' on 12/3/2003 11:19
The recipient was unavailable to take delivery of the message
.... Host Unreachable

This sender was able to send to us after setting-up their records correctly with their ISP.

Here is the question.

We have setup our records with Network Solutions
We do not have the Reverse DNS checkbox checked on the SMTP connector
Senders who upgrade only can begin sending to us after 'correcting' their records with their ISP

Thus,

What is Exchange 2000 doing different when looking at an incoming e-mail to determine if it receives it than Exchange 5.5.  Again, we are not doing reverse DNS, or are we?

Thanks,

David
0
 
LVL 2

Accepted Solution

by:
EjayHire earned 250 total points
ID: 9897418
Hi.  It sounds like your exchange server is trying to do reverse lookups on incoming messages.  That's kind of odd because it isn't enabled by default.  Perhaps you have some "helpers".. :)  Anway Open exchange system manager -> Storage Group -> protocols -> Smtp -> Right Click the smtp Server.  (Mine is aptly named "Default Smtp Virtual server").  Click the delivery folder tab and then the advanced button.  Verify the "Perform reverse DNS lookup on incoming messages" button is unchecked. Ok->Apply->Ok->restart the SMTP Virtual server ...lather/rinse/repeat.  

Let me know if you are still having trouble.

Ejay Hire at homail dot com
0
 

Author Comment

by:Dabowitt
ID: 9897447
Nope!  As indicated, we are not doing reverse DNS, this checkbox is not checked.
0
 
LVL 2

Expert Comment

by:EjayHire
ID: 9897472
Sorry, missed that.  If fixing the PTR  (reverse dns) records of the seding mail server fixed the problem then something has to be doing reverse lookups.  Cuirous.  Do you have any anti-spam software running on the server?

-Ejay
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 
LVL 3

Expert Comment

by:ydirie
ID: 9897627
I dont see any problem on your side. these people might of had some DNS issues within their network. If you receiving emails from the rest of everyone else, then the culprit is on their end.

0
 

Author Comment

by:Dabowitt
ID: 9897655
No anti-spam software running.

Ydirie, you are probably right but what we are trying to figure out here is if we are not doing reverse DNS and the remote organizations can send on Exchange 5.5 to us when they upgrade to Exchange 2000/2003 then they can't send e-mail to us, what is really going on?  If by them setting-up reverse DNS on their side resolves the issue then aren't we thus doing reverse DNS on our side in some form or fashion?  As an example, my CIO says ok these people are fixing this by doing reverse DNS then our server must be doing reverse DNS or it would let the mail in regardless of what e-mail server is being used.

Does this make sense?

Thanks,

David
0
 
LVL 3

Expert Comment

by:ydirie
ID: 9898974
I don't know about you but it dont make sense to me  :)-
Remember, they should be able to send you an email regardless of what type of email system they are using. It is recomended that reverse DNS is used but not necessary. I agree with your CIO that you dont wanna let anyone send you an email. All RDNS does is compare the domain and the IP, and if the two dont match, it blocks it. I have mine set to check RDNS, this way I block a lot of **** coming through.

        Again, whether they can send email or not, let them worry their issue. Just take care that issue and forget these people. Don't let them sweat you :)-
0
 

Author Comment

by:Dabowitt
ID: 9899033
Ydirie,

the problem is these are either clients or donars of ours.  In fact, the most recent issue is a donar who gives us 1/2 million a year.  Not one to ignore I would say.  

so far I'm not seeing anything I don't know yet.  Hopefully some more comments will help flesh this out.

David
0
 
LVL 3

Expert Comment

by:ydirie
ID: 9899184
Are they still having this issue ? both your clients or the donor ?

Have you spoke to their IT techies to see if you can help them in anyway. I know they are donors but remember you are not their techies. :)-
0
 
LVL 3

Expert Comment

by:ydirie
ID: 9899185
Are they still having this issue ? both your clients or the donor ?

Have you spoke to their IT techies to see if you can help them in anyway. I know they are donors but remember you are not their techies. :)-
0
 
LVL 26

Expert Comment

by:Vahik
ID: 9902014
Dabowit this NDR that u talk about is it created by ur mailserver or what?These emails do they hit ur smtp server at all if not  then it is not ur problem.Reverse dns only affects incoming messages on any exchange server.U must have copies of NDR created by ur email server check it out and see if any are craeted to those outside users.
0
 

Author Comment

by:Dabowitt
ID: 9905542
Hi gang,

think we found the problem, running test today and will provide solution if we are correct.  Thanks!
0
 

Author Comment

by:Dabowitt
ID: 9906344
Found the problem!

Our Help Desk guy filtering some domains by their domain name, we found out that Exchange 2000 WILL FORCE REVERSE DNS LOOKUP ON ALL (!!!) CONNECTION ATTEMPS!!! Exchange has to do that in order to be able to filter the domains I entered as Spammers. Domains that don’t have a reverse DNS set up –will be rejected as well –as Exchange can’t verify that they are not on my black list. –All that, while we left the check box “Force reverse DNS lookup” unchecked.  

Interesting because in basic reading about this no where does it say that blocking by domain forces Exchange to start doing reverse DNS on all connections.


David
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
Local Continuous Replication is a cost effective and quick way of backing up Exchange server data. The following article describes the steps required to configure Local Continuous Replication. Also, the article tells you how to restore from a backup…
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now