Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Remote Exchange Servers getting NDR's when trying to send to our Exchange 2000 Server

Posted on 2003-12-05
18
Medium Priority
?
516 Views
Last Modified: 2010-03-05
We are experiencing more users contacting us telling us they are getting NDR's when trying to send us e-mails.

our configuration

W2K SP4
Exchange 2000 SP3, fully patched
Server is also a DNS and WINS server
AD with GC on this server also

No reverse DNS setup but did setup our PTR records correctly with Network Domain.  We did this when we where experiencing the same problem that is now being reported to us when we tried to send to the .GOV domain.

I want to say to the mailers that it is due to their configurations but want to pass it by the Experts first.


Here is my DNS Report

http://www.dnsreport.com/tools/dnsreport.ch?domain=jewishla.org
0
Comment
Question by:Dabowitt
  • 8
  • 6
  • 2
  • +2
18 Comments
 
LVL 10

Expert Comment

by:munichpostman
ID: 9887955
Hi,

can you please post a copy of the NDR's that the users are receiving.
0
 
LVL 3

Expert Comment

by:ydirie
ID: 9887963
Please provide more information.
Does the remote site is part of your exchange organization ?
 are they in different routing group ?

or you just referring external people trying to send an email to your organization ? more users ( their users or your users)

thanks
0
 

Author Comment

by:Dabowitt
ID: 9890040
The NDR is a reply to the sender from their E-Mail server that they are unable to deliver the message to our domain.  I can give you more detail Monday if necessary.

I'm referring to external people trying to send an e-mail to my organization.  My users can send to their organization but they can't reply or send new mail to us.

Hope this helps?
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 3

Expert Comment

by:ydirie
ID: 9890247
ok. can you receive any incoming emails from anyone ?
Is it just one or two clients that can not send to you or a lot of external people ?
If it is one client and you use some type of spam block, make sure they are not in the blacklist.
Do you have restrictions on your incoming emails as far as email size limits and so forth?

check these quetions while you get the NDR.

peace
0
 

Author Comment

by:Dabowitt
ID: 9890549
Yes, can receive e-mail from everyone
Two or three can't send to us.  
As noted, one resolved by fixing their PTR records with their ISP after I asked them to check this first. This after they upgraded to Exchange 2003 from 5.5. Getting more info on Monday regarding the other two.
Again, don't want to say it is just reverse DNS by fixing PTR records until I pass it by you all.
These people aren't on spam block list, first thing I checked
Restrictions on incoming mail, size
They are just trying to send basic text message to us.
Again, will provide NDR on Monday.

Happy Holdidays!
0
 

Author Comment

by:Dabowitt
ID: 9897344
NDR Report

from the sender who could not send us a e-mail

The following recipients(s) could not be reached:

'name@domain.org' on 12/3/2003 11:19
The recipient was unavailable to take delivery of the message
.... Host Unreachable

This sender was able to send to us after setting-up their records correctly with their ISP.

Here is the question.

We have setup our records with Network Solutions
We do not have the Reverse DNS checkbox checked on the SMTP connector
Senders who upgrade only can begin sending to us after 'correcting' their records with their ISP

Thus,

What is Exchange 2000 doing different when looking at an incoming e-mail to determine if it receives it than Exchange 5.5.  Again, we are not doing reverse DNS, or are we?

Thanks,

David
0
 
LVL 2

Accepted Solution

by:
EjayHire earned 750 total points
ID: 9897418
Hi.  It sounds like your exchange server is trying to do reverse lookups on incoming messages.  That's kind of odd because it isn't enabled by default.  Perhaps you have some "helpers".. :)  Anway Open exchange system manager -> Storage Group -> protocols -> Smtp -> Right Click the smtp Server.  (Mine is aptly named "Default Smtp Virtual server").  Click the delivery folder tab and then the advanced button.  Verify the "Perform reverse DNS lookup on incoming messages" button is unchecked. Ok->Apply->Ok->restart the SMTP Virtual server ...lather/rinse/repeat.  

Let me know if you are still having trouble.

Ejay Hire at homail dot com
0
 

Author Comment

by:Dabowitt
ID: 9897447
Nope!  As indicated, we are not doing reverse DNS, this checkbox is not checked.
0
 
LVL 2

Expert Comment

by:EjayHire
ID: 9897472
Sorry, missed that.  If fixing the PTR  (reverse dns) records of the seding mail server fixed the problem then something has to be doing reverse lookups.  Cuirous.  Do you have any anti-spam software running on the server?

-Ejay
0
 
LVL 3

Expert Comment

by:ydirie
ID: 9897627
I dont see any problem on your side. these people might of had some DNS issues within their network. If you receiving emails from the rest of everyone else, then the culprit is on their end.

0
 

Author Comment

by:Dabowitt
ID: 9897655
No anti-spam software running.

Ydirie, you are probably right but what we are trying to figure out here is if we are not doing reverse DNS and the remote organizations can send on Exchange 5.5 to us when they upgrade to Exchange 2000/2003 then they can't send e-mail to us, what is really going on?  If by them setting-up reverse DNS on their side resolves the issue then aren't we thus doing reverse DNS on our side in some form or fashion?  As an example, my CIO says ok these people are fixing this by doing reverse DNS then our server must be doing reverse DNS or it would let the mail in regardless of what e-mail server is being used.

Does this make sense?

Thanks,

David
0
 
LVL 3

Expert Comment

by:ydirie
ID: 9898974
I don't know about you but it dont make sense to me  :)-
Remember, they should be able to send you an email regardless of what type of email system they are using. It is recomended that reverse DNS is used but not necessary. I agree with your CIO that you dont wanna let anyone send you an email. All RDNS does is compare the domain and the IP, and if the two dont match, it blocks it. I have mine set to check RDNS, this way I block a lot of **** coming through.

        Again, whether they can send email or not, let them worry their issue. Just take care that issue and forget these people. Don't let them sweat you :)-
0
 

Author Comment

by:Dabowitt
ID: 9899033
Ydirie,

the problem is these are either clients or donars of ours.  In fact, the most recent issue is a donar who gives us 1/2 million a year.  Not one to ignore I would say.  

so far I'm not seeing anything I don't know yet.  Hopefully some more comments will help flesh this out.

David
0
 
LVL 3

Expert Comment

by:ydirie
ID: 9899184
Are they still having this issue ? both your clients or the donor ?

Have you spoke to their IT techies to see if you can help them in anyway. I know they are donors but remember you are not their techies. :)-
0
 
LVL 3

Expert Comment

by:ydirie
ID: 9899185
Are they still having this issue ? both your clients or the donor ?

Have you spoke to their IT techies to see if you can help them in anyway. I know they are donors but remember you are not their techies. :)-
0
 
LVL 26

Expert Comment

by:Vahik
ID: 9902014
Dabowit this NDR that u talk about is it created by ur mailserver or what?These emails do they hit ur smtp server at all if not  then it is not ur problem.Reverse dns only affects incoming messages on any exchange server.U must have copies of NDR created by ur email server check it out and see if any are craeted to those outside users.
0
 

Author Comment

by:Dabowitt
ID: 9905542
Hi gang,

think we found the problem, running test today and will provide solution if we are correct.  Thanks!
0
 

Author Comment

by:Dabowitt
ID: 9906344
Found the problem!

Our Help Desk guy filtering some domains by their domain name, we found out that Exchange 2000 WILL FORCE REVERSE DNS LOOKUP ON ALL (!!!) CONNECTION ATTEMPS!!! Exchange has to do that in order to be able to filter the domains I entered as Spammers. Domains that don’t have a reverse DNS set up –will be rejected as well –as Exchange can’t verify that they are not on my black list. –All that, while we left the check box “Force reverse DNS lookup” unchecked.  

Interesting because in basic reading about this no where does it say that blocking by domain forces Exchange to start doing reverse DNS on all connections.


David
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The core idea of this article is to make you acquainted with the best way in which you can export Exchange mailbox to PST format.
Stellar Exchange Toolkit: this 5 in 1 toolkit comes loaded with mega-software tool. Here’s an introduction to tools’ usage and advantages:
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
Suggested Courses

783 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question