Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Mail delivery to outside world sometimes fails

Posted on 2004-08-16
Last Modified: 2012-05-05
I am running Exchange 2003. The DNS server on this machine points to our internal DNS servers, running Windows 2000. The DNS servers have our ISP's DNS servers listed under the forwarders tab, and the 'do not allow recursion' box is not checked.

The problem I am having is that email message destined for an outside domain are smetimes being bounced the to senders. The message they receive is:
Subject: Underliverable: <original subject line>

Your message did not reach some or all of the intended recipients.
 Subject:  <subject>
 Sent:  <Date time sent>

The following recipenat(s) could not be reached:
  name@domain.com on <datetime>
    You do not have permission to send to this recipient. For assistance, contact your system administrator.
 <mail.peachtreedata.com #5.7.1 smtp; 550 5.7.1 Unable to relay for <name@domain.com>

I do not know is this is a DNS issue looking up the domain name to send the message to, or if for some reason the recipient domain mail server is rejecting our mail message. I do have reverse DNS pointer records for mail.peachtreedata.com setup.

If we resend the same message again, or maybe two or hree times, the message eventually goes through with no changes being made to to system setup.

Can anyone please help with this issue? It only happens on maybe 1 out of 100 messages being sent, but it is still a problem.

Question by:richard_west
  • 5
  • 2
LVL 17

Expert Comment

ID: 11818729
went to www.dnsstuff.com and www.dnsreport.com and these were my findings... hope this will help you to troubleshoot.

Getting MX record for mail.peachtreedata.com...   There is no MX record for mail.peachtreedata.com!  That's bad.
Checking for an A record... Got it!

Host Preference IP(s) [Country] mail.peachtreedata.com 0 [US] --------------------------------------------------------------------------------

Step 1:  Try connecting to the following mailserver:
         mail.peachtreedata.com -

Step 2:  If still unsuccessful, queue the E-mail for later delivery.

Note: if you enter an entire E-mail address (such as postmaster@mail.peachtreedata.com), we will try to connect
to each mailserver to ensure that they are live and accept mail to the mail.peachtreedata.com domain.

The  reverse DNS entry for an IP is found by reversing the IP, adding it to "in-addr.arpa", and looking up the PTR record.
So, the reverse DNS entry for is found by looking up the PTR record for
All DNS requests start by asking the root servers, and they let us know what to do next.
See How Reverse DNS Lookups Work for more information.

How I am searching:
Asking a.root-servers.net for PTR record:  
       a.root-servers.net says to go to indigo.arin.net. (zone: 69.in-addr.arpa.)
Asking indigo.arin.net. for PTR record:  
       indigo.arin.net says to go to BEYOND.CBEYOND.NET. (zone: 72.15.69.in-addr.arpa.)
Asking BEYOND.CBEYOND.NET. for PTR record:  Reports mail.peachtreedata.com.

Answer: PTR record: mail.peachtreedata.com. [TTL 3600s] [A=] PTR record: peachtreedata.com. [TTL 3600s] [A=] *ERROR* A record does not point back to original IP.

You have more than one PTR record for  This is legal, but most programs will only use the first PTR record listed (which may vary).
LVL 17

Expert Comment

ID: 11818732
I cannot telnet to your ip address on port 25

Author Comment

ID: 11822225
All mail for us is first routed through an outsie company that preforms spma/virus scans. These records have priority in our DNS MX records. They are:
  peachtreedata.com. MX IN 10 usp1.mailhostsxode.net. [Preference = 30]
  peachtreedata.com. MX IN 10 use1.mailhostsxode.net. [Preference = 20]
  peachtreedata.com. MX IN 10 av-1.peachtreedata.com. [Preference = 60]

Then, on my firewall I block anyone execpt this 3rd party (mailhotsxode.net) from connecting to av-1.peachtreedata.com, thus preventing any mail entering my site without first being scanned. This is why you can not telnet to port 25 - my firewall is bocking it.

Now I do an A record for mail.peachtreedata.com, however it is not returning the same Ip address that the outgoing address is being NATed to. Could that be the problem? I can certainly change it.

Also, would a mail server I'm connecting to send outgoing mail to need port 25 access back to my mail server during a different connection? If so that might be a problem.

The strange thing is that we can resend a bounced message once or twice and it eventutally goes through.
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

LVL 17

Expert Comment

ID: 11825874
I was doing the firewall blocking on one site and I got the same problem, I have gone for GFI mail esentials for my spam needs, I do not believe that the mail server tries to connet on port 25... I know that it does a reverse DNS lookup to see that the mail is coming from an authorised source. it may try you rdns record and fail but the 3rd time may get through... it is due to the rdns record being validated on the 3rd attempt.......maybe someone will correct me.

not sure what you should change, but if you get an error from the dnsstuff.com then you know that mail servers with rdns lookup will also have the same problem.

I only have one site using rdns so my knowledge is a little limited to the specifics of this one site..

I think if you can chnage the ip so that the same going in to going out is recognised by a server then you are good to go.

... but as i say... I may be corrected.

Author Comment

ID: 11855042
I still need some help from someone to help get this issue resolved.

I can go to dnsstuff.com and see the is in the reverse DNS system, and does return mail.peachtreedata.com

However, I am still getting these errors in my SMTP log thorugh Exchange:
... Relaying denied. IP name lookup failed []

This only occurs with some email domains (I'm assuming that not everyone is doing RDNS, or that RDNS might be working to some servers, like dnsstuff.com!)

Can anyone advise on what to try next?
LVL 17

Expert Comment

ID: 11921614
you could try and add a smart host just for this domain and see if it helps http://support.microsoft.com/default.aspx?kbid=297988&product=exch2k
LVL 17

Accepted Solution

Microtech earned 500 total points
ID: 14273651
Smarthost should have worked..

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question