Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Unable to SEND mail

Posted on 2005-05-12
20
Medium Priority
?
354 Views
Last Modified: 2008-02-26
Hi All

I am having some problem in SENDING mail to a specific email domain - i am able to send / receive email to everybody else.

Following is the failure message i am getting

 ABC@aumannusa.com' on 5/12/2005 10:28 AM
            You do not have permission to send to this recipient.  For assistance, contact your system administrator.
            <allantor02.allansonw2k.com #5.7.1 smtp;554 5.7.1 The server sending your mail [207.236.80.156] does not have a reverse DNS entry. Connection Rejected. Please contact your Dial-Up/DSL/Network ISP Provider. Default Reject!>


I have checked both sending [allanson.com] and receiving [aumannusa.com] domains have reverse MX entries configured.

I am also worried why my internal server name is appearing rather than the external DNS name of mail server ?

Will appreciate any ideas.

Thanks
Faheem



0
Comment
Question by:mfaheem074
  • 12
  • 8
20 Comments
 
LVL 24

Accepted Solution

by:
flyguybob earned 2000 total points
ID: 13987959
The IP address, 207.236.80.156, does not have a PTR record.
0
 
LVL 24

Expert Comment

by:flyguybob
ID: 13987989
The sending server has a .156 address and that is not assigned to an MX record (even one at, say, a cost of 100 (current cost of your MX is 5)).  The MX for allanson is .155.
http://www.dnsreport.com/tools/mail.ch?domain=allanson.com
http://www.dnsreport.com/tools/mail.ch?domain=aumannusa.com
0
 
LVL 24

Expert Comment

by:flyguybob
ID: 13988010
As for the server name, it writes it's server name in the header...the server name is not placed by the recieving server's DNS or reverse DNS (IP to Name).
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
LVL 24

Expert Comment

by:flyguybob
ID: 13988033
Your domain has a PTR for the last octect of .155, but not for the last octet of .156:
http://www.dnsstuff.com/tools/ptr.ch?ip=207.236.80.155
http://www.dnsstuff.com/tools/ptr.ch?ip=207.236.80.156

======================================================================
Reverse DNS for 207.236.80.155
Generated by www.DNSstuff.com
Location: Canada [City: East York, Ontario]

Preparation:
The  reverse DNS entry for an IP is found by reversing the IP, adding it to "in-addr.arpa", and looking up the PTR record.
So, the reverse DNS entry for 207.236.80.155 is found by looking up the PTR record for
 155.80.236.207.in-addr.arpa.
All DNS requests start by asking the root servers, and they let us know what to do next.
See How Reverse DNS Lookups Work for more information.

How I am searching:
Asking f.root-servers.net for 155.80.236.207.in-addr.arpa PTR record:  
       f.root-servers.net says to go to indigo.arin.net. (zone: 207.in-addr.arpa.)
Asking indigo.arin.net. for 155.80.236.207.in-addr.arpa PTR record:  
       indigo.arin.net [192.31.80.32] says to go to ns2.bellglobal.com. (zone: 236.207.in-addr.arpa.)
Asking ns2.bellglobal.com. for 155.80.236.207.in-addr.arpa PTR record:  
       ns2.bellglobal.com [198.235.216.2] says to go to ns3.bellglobal.com. (zone: 80.236.207.in-addr.arpa.)
Asking ns3.bellglobal.com. for 155.80.236.207.in-addr.arpa PTR record:  Got CNAME referral to ns3.bellglobal.com. (zone 155.152/29.80.236.207.in-addr.arpa.) [from 198.235.216.130]
Asking ns3.bellglobal.com. for 155.152/29.80.236.207.in-addr.arpa. PTR record:  Reports mail.allanson.com. [from 198.235.216.130]

Answer:
207.236.80.155 PTR record: mail.allanson.com. [TTL 19063s] [A=207.236.80.155]

To see the reverse DNS traversal, to make sure that all DNS servers are reporting the correct results, you can Click Here.


======================================================================

Reverse DNS for 207.236.80.156
Generated by www.DNSstuff.com
Location: Canada [City: East York, Ontario]

Preparation:
The  reverse DNS entry for an IP is found by reversing the IP, adding it to "in-addr.arpa", and looking up the PTR record.
So, the reverse DNS entry for 207.236.80.156 is found by looking up the PTR record for
 156.80.236.207.in-addr.arpa.
All DNS requests start by asking the root servers, and they let us know what to do next.
See How Reverse DNS Lookups Work for more information.

How I am searching:
Asking e.root-servers.net for 156.80.236.207.in-addr.arpa PTR record:  
       e.root-servers.net says to go to dill.arin.net. (zone: 207.in-addr.arpa.)
Asking dill.arin.net. for 156.80.236.207.in-addr.arpa PTR record:  
       dill.arin.net [192.35.51.32] says to go to ns2.bellglobal.com. (zone: 236.207.in-addr.arpa.)
Asking ns2.bellglobal.com. for 156.80.236.207.in-addr.arpa PTR record:  Got CNAME referral to ns3.bellglobal.com. (zone 156.152/29.80.236.207.in-addr.arpa.) [from 198.235.216.2]
Asking ns3.bellglobal.com. for 156.152/29.80.236.207.in-addr.arpa. PTR record:  
       ns3.bellglobal.com [198.235.216.130] says to go to ns6.bellnexxia.net. (zone: 152/29.80.236.207.in-addr.arpa.)
Asking ns6.bellnexxia.net. for 156.152/29.80.236.207.in-addr.arpa. PTR record:  Reports that no PTR records exist [from 209.226.175.237].

Answer:
No PTR records exist for 207.236.80.156. [Neg TTL=1200 seconds]

Details:
ns6.bellnexxia.net. (an authoritative nameserver for 152/29.80.236.207.in-addr.arpa., which is in charge of the reverse DNS for 207.236.80.156)
says that there are no PTR records for 207.236.80.156.

To get reverse DNS set up for 207.236.80.156, you need to speak to your Internet provider.  You could also
check with dns-admin@bellglobal.com., who is in charge of the 152/29.80.236.207.in-addr.arpa. zone.

Note that all Internet accessible hosts are expected to have a reverse DNS entry (per RFC1912 2.1),
and many mailservers (such as AOL) will likely block E-mail from mailservers with no reverse DNS entry.
To see the reverse DNS traversal, to make sure that all DNS servers are reporting the correct results, you can Click Here.

0
 
LVL 24

Expert Comment

by:flyguybob
ID: 13988043
Sooo...what that means is that you simply need to add PTR records for the sending IP.  I would suggest adding the sending IP as a secondary MX record, at a much higher cost (100, for example), even if other servers can't contact that IP.
0
 

Author Comment

by:mfaheem074
ID: 13988073
.155 is a Anti-Virus server and .156 is exchange server - mails are coming to Antivirus server and than forwarded to Exchange box.

thanks
Faheem
0
 
LVL 24

Expert Comment

by:flyguybob
ID: 13988870
It appears that all e-mails are going outbound directly from the Exchange server.  Is this the design that you desire?  If not, then you need to modify your Exchange server to relay the messages through the Anti-virus server and configure the anti-virus server to accept/relay messages from the Exchange server.
0
 

Author Comment

by:mfaheem074
ID: 13990006
Yes thats correct - mails are directly going from Exchange server - now i am going to configure connector to forward all the mail to smart host (Antivirus Server).

0
 
LVL 24

Expert Comment

by:flyguybob
ID: 13990550
The routing changes should fix it since 155 has the PTR.
0
 

Author Comment

by:mfaheem074
ID: 13992220
I have installed the SMTP services on my Windows 2003 AntiVirus server and a SMTP connector on Exchange 2003 which is configured to forward all mails to smart host (AV server)

Because all this was a default install, wondering if my AV server with SMTP services installed can be used as Open Relay?

Any suggestion please.

0
 

Author Comment

by:mfaheem074
ID: 13992378
I beleive i am missing some configuration on Smart Host server - i just did the default SMTP install and point my exchange server to smart host server but now getting following failure message.

There was a SMTP communication problem with the recipient's email server.  Please contact your system administrator.
            <allantor02.allansonw2k.com #5.5.0 smtp;550 Relaying denied

i havent configured any relay restrictions.

thanks
Faheem
0
 
LVL 24

Expert Comment

by:flyguybob
ID: 13996100
That's the problem...You need to configure your anti-virus server to allow you to send, from your exchange server, to the outside world.

Since you did not mention who makes your AV server (Ironport, McAfee, Symantec), I can't google the manual and give you the directions....and I am not somewhere that I can telnet in and figure out it.  Since I am not familiar with your server, but you should be able to call their tech support and get the information on how to configure it.  
0
 

Author Comment

by:mfaheem074
ID: 14006175
I have made some more progress & this time i am getting following NDR

"A configuration error in the e-mail system caused the message to bounce between two servers or to be forwarded between two recipients"

I am still trying to figureout why is this happening now - BTW i am using Trendmicro Viruswall, if you can provide me some information which is required to be done on AntiVirus software than i will start working on it. (i am assuming that i am bypassing AV software for outgoing mail)

So far i am working only on SMTP connector configure on Exchange 2003 and on SMPT server configuration on Win 2003 server which is also a Mail AntiVirus server.

Thanks
0
 
LVL 24

Expert Comment

by:flyguybob
ID: 14007062
Trend!  Great stuff.  As long as your licensing is current they have free tech support (or they did).  Give them a shout  and they can help you reconfigure the messate routing on scanmail.

You probably have the viruswall scanner setup to forward all e-mail to your server.  Rules would need to be setup so that it fowards the mail from your folks outbound and messages to your domain inbound.  They helped me ~5 years ago when I setup my Interscan Viruswall SMTP.  Great product and their overseas support (Phillipines and Japan) was actually quite good.
0
 

Author Comment

by:mfaheem074
ID: 14007478
Thanks - will check with them!!
0
 
LVL 24

Expert Comment

by:flyguybob
ID: 14022768
....any luck?
0
 

Author Comment

by:mfaheem074
ID: 14032343
No - couldnt find any support option from Trend & trying to find with guys who did the Viruswall install.

Thanks for followup.
0
 
LVL 24

Expert Comment

by:flyguybob
ID: 14039377
http://kb.trendmicro.com/solutions/includes2/ContactTechSupport.asp

This should get you going towards the support provided your license has not expired.  I had fits getting support until we could prove that our licensing was valid (it had been purchased in the name of a parent company and we were a wholly owned subsidiary).

Bob
0
 

Author Comment

by:mfaheem074
ID: 14114506
thanks bob - appreciate your contineous support, after having some difficulty to configure mail through AV server i changed the plan.

Now my exchange server is sending the mails directly (as it was) - and there is no mail rejection after creating PTR record for exchange server.

Best regards
Faheem
0
 
LVL 24

Expert Comment

by:flyguybob
ID: 14116088
Good deal.  
I just came across a weird one this weekend.  A Symantec firewall was proxying internal SMTP e-mail traffic and re-submitting it to Exchange (internally) with the external IP of the firewall.  It was odd, to say the least.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Steps to fix error: “Couldn’t mount the database that you specified. Specified database: HU-DB; Error code: An Active Manager operation fail”
There are literally thousands of Exchange recovery applications out there. So how do you end up picking one that’s ideal for your business & purpose? By carefully scouting the product’s features, the benefits it offers you, & reading ample reviews f…
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
Suggested Courses

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question