?
Solved

smtp 550-"The recipient cannot be verified Error

Posted on 2006-03-24
30
Medium Priority
?
1,694 Views
Last Modified: 2012-06-27
Hello,

    We are receiving this, (smtp;550-"The recipient cannot be verified) error on only certain people trying to send mail to our domain.  Can someone please tell me why this might be happening and how to solve it?

Thanks,
0
Comment
Question by:krik0011
  • 14
  • 8
  • 7
29 Comments
 

Author Comment

by:krik0011
ID: 16282518
BTW this is the domain, custombuildingsystems.net
0
 
LVL 104

Expert Comment

by:Sembee
ID: 16284044
You have a PIX.
Turn off the Fixup SMTP option.

http://support.microsoft.com/default.aspx?kbid=320027

Can't see any further to see if there is anything else.

However I am almost positive that error isn't an Exchange error, so the question has to be, what else do you have that is scanning email? Any other settings on the firewall? Antispam or antivirus products?

Simon.
0
 

Author Comment

by:krik0011
ID: 16284104
We have 2 domains, our other domain that is hosted on the exchange server can receive email from the un-receivable hosts fine....

We have GFI Mail Essentials and Symantec Coporate 10.0.3.  We have no software firewall enabled on the Exchange machine only a Cisco Pix 515 between the Exchange Server and the net.

We just had that domain transferred and a new mx record created.  I am thinking that could be the issue however, we can receive other mail perfectly fine.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 104

Expert Comment

by:Sembee
ID: 16284125
How long ago was the domain moved? It might be domain propagation taking affect.

I would still recommend removing the fixup SMTP. It will cause you problems as it stops the server announcing itself correctly which will trip some antispam filters.

Simon.
0
 

Author Comment

by:krik0011
ID: 16284188
I will remove that...

Anyway it was changed March 22nd....I thought as well the changes didnt propogate but when I saw the bounce messge 550 The recipient cannot be verified, that made me think different.  It also changed my mind when the company that cannot send mail helo 'ed fine to our domain......
0
 
LVL 104

Expert Comment

by:Sembee
ID: 16285520
Domain changes take up to 48 hours to fully propagate, and then you can get stale or cached entries.

I would also look at the configuration of GFI Mail Essentials to see whether any of its recipient filtering has been enabled. The message isn't an Exchange message, so something else is generating it.

Simon.
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 16286720
The problem may be due to the fact that your mailserver is spewing out an invalid hostname:  http://www.dnsreport.com/tools/dnsreport.ch?domain=custombuildingsystems.net

Many mailservers may balk at this output.  Be sure to set it correctly in your DNS at the ISP.

Also, it would be a good idea for you to create an SPF record.  Info on that is towards the bottom of that link.

Jeff
TechSoEasy
0
 

Author Comment

by:krik0011
ID: 16289069
I am not sure what you are asking me to check at our DNS hosting provider...

The message I see from DNSreport speaks of our SMTP helo announce, I checked the properties of that and it is set as the FQDN of the exchange server.

Is there something else I need to enable to announce the server name properly?

I will definately create an SPF record, thanks.

GFI also is normal and no configuration has changed in about 3 months.
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 16289207
Well, both actually... the hostname of your Exchange server needs to match the A record in your DNS Zone file at your hosting provider.

The problem is that your reverse IP lookup for  216.144.168.194  gives www.norrychristian.net.  Assuming you are not related to this organization, and not sharing an Exchange server with them, you need to get this fixed ASAP.

The SPF record will help as well.

Jeff
TechSoEasy
0
 
LVL 104

Expert Comment

by:Sembee
ID: 16289259
The helo announcement is currently the ****************. That isn't your server doing that, but the PIX. It is how I know that you have a Cisco PIX. You need to disable the Fixup SMTP so that the true SMTP banner is shown, not the one generated by the PIX.

Simon.
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 16289501
Simon's the man!

(I don't play well with PIX's so I'm usually not allowed to get near them).

But lemme at that DNS Zone file!

:-)

Hope all of that helps.

Jeff
TechSoEasy
0
 

Author Comment

by:krik0011
ID: 16289555
Thanks guys for all your help will do the things listed and give approtiate points....
0
 

Author Comment

by:krik0011
ID: 16300106
The change to the PIX has been made and it is announcing the hostname.

However, since the hostname does not contain that domain name it still gives a warning, will this still be ok?

This still did not fix the issue however the reverse IP is still not changed.  The hosting provider has been contacted to correct this.
0
 
LVL 104

Expert Comment

by:Sembee
ID: 16300700
You need to change what the server announces itself as. The invalid name is as bad as what you had before because it doesn't resolve correctly.

ESM, Servers, <your server>, SMTP. Right click on the default SMTP VS and choose Properties. Click on the tab Delivery and then Advanced. Change the Fully Qualified Domain Name to mail.custombuildingsystems.net. Apply/OK out.

However if you are still getting the error even though the PIX is no longer interfering, then it has to be something else.

Has recipient filtering been enabled on this machine?
What else is on the machine? AV, Antispam etc?

Simon.
0
 

Author Comment

by:krik0011
ID: 16300806
This is the second domain we have hosted on this exchange box.  So wouldnt changing the host name for one domain affect the other?  How is this resolved?

We have recipient filtering enabled but it has always been enabled.

Symantec Corporate 10.0.3

GFI Mail Essentials 11.0

With Exchange those are the only 2 things installed on the box.

This issue was not happening before the DNS change, but that was done March 22nd.  By now wouldnt everything have propogated correctly?

I think our next step is disabling GFI for a moment and having the person send a test message with it disabled and see what that brings.

0
 

Author Comment

by:krik0011
ID: 16301128
Update:
Just disabled GFI and Symantec Auto-Protect and sent a test message, still nothing.

I am almost certain now it has to be a DNS/MX record issue.

Like I said other domain's email is hosted on this exchange server and they can all receive mail from the problem receipients fine.

I just wanted to thank you guys for all your ongoing help as well, I very much appreciate you sharing your knowledge!
0
 
LVL 104

Accepted Solution

by:
Sembee earned 1000 total points
ID: 16301683
How much control is possible over the other end?
Can they look at the logs to see what server it is connecting to?
Can they do an nslookup on the mail server itself and see what results come back?

It could be stale DNS records somewhere.

How much did you change?
Just the IP address?
The host as well?

(post.isp.net to mail.domain.com, or mail.domain.com pointing at 123.123.123.123 and now pointing at 456.456.456.456 for example).

Simon.
0
 

Author Comment

by:krik0011
ID: 16301940
On the other end we have been doing telnet commands to see in which step it fails and have found this:

All the commands run fine EXCEPT when the VRFY command is run.  This is the result:

Cannot verify user but will accept message for use @ custombuildingsystems.net

So it seems that it cant verify the user and just generates an NDR.



DNS was moved to a new host and the MX record stayed the same however was recreated and the A record has been changed.

Mail: stayed 216......

Website or A: changed from a 216 to 67....
0
 

Author Comment

by:krik0011
ID: 16302133
It seems now that is normal for the VRFY command to return that....since one can run that command and find a valid address.

Anyway, we did get an email through from using the telnet commands.  Their mailserver is also Exchange 2003.

That adds something to the mix.....

Thanks again for your help.
0
 
LVL 104

Expert Comment

by:Sembee
ID: 16302238
VRFY not working is by design: http://support.microsoft.com/?kbid=289521

If the sending site requires that, then they need to review their setup.

Simon.
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 16308885
Y'know... I have a feeling that this is somewhat due to your DNS change and the recent updating of your PTR (reverse record).

There are still a number of inconsistencies showing for your domain throughout the Internet.  

A DNS Slueth search still shows no reverse record:
http://atrey.karlin.mff.cuni.cz/~mj/sleuth/?domain=custombuildingsystems.net&verbose=ON&server=&serverip=&action=Submit&.cgifields=verbose

DNS Stuff's reverse check DOES show the right reverse record:
http://www.dnsstuff.com/tools/ptr.ch?ip=216.144.168.194

But their PTR check shows nothing:
http://www.dnsstuff.com/tools/lookup.ch?name=mail.custombuildingsystems.net&type=PTR

While MXToolBox does show the correct reverse record but shows a problem with transaction time:
http://www.mxtoolbox.com/diagnostic.aspx?HOST=mail.custombuildingsystems.net

My guess is that if you just recently asked PTD.net to update the PTR record for custombuildingsystems.net it may not have gotten around to all root servers yet.  However, if it doesn't start resolving within the next couple of days, I'd contact them again to make sure it was done correctly.

Jeff
TechSoEasy
0
 

Author Comment

by:krik0011
ID: 16310051
Since we are hosting multiple domains is there anyway to have more than 1 PTR record?

One of our other domains is pbsmodular.com, which is going to be eventually rehosted as well.  However, all mail comes through fine to that domain from the hosts that cannot send to custombuildingsystems.net.....and there is no PTR record for pbsmodular.com.

Thanks for your help Jeff and Simon.
0
 

Author Comment

by:krik0011
ID: 16310193
This is killing me and my users are about to tar and feather me!
0
 
LVL 74

Assisted Solution

by:Jeffrey Kane - TechSoEasy
Jeffrey Kane - TechSoEasy earned 1000 total points
ID: 16317564
It's not necessary to have a PTR record that matches your domain, it's just necessary to HAVE ONE.  On one of my web servers, for instance, there are over 150 domains which all use email services of that server.

In fact, PBSMODULAR.COM's PTR record is now mail.custombuildingsystems.net which is technically no problem at all.

I think you've actually solved MOST of the problems... but the one that's still causing an issue as far as I can see is the TTL setting for mail.pbsmodular.com which is set at 86400 while mail.custombuildingsystems.net is set at 14400 (you'll note that I use even a shorter TTL because of the amount of domains that have to pass through sometimes).

Probably the best way for you to see what's going on here is to review these three reports from DNSReport -- I've included mine so that you can see how it SHOULD be reacting to your configuration:

custombuildingsystems.net
http://dnsreport.com/tools/dnsreport.ch?domain=custombuildingsystems.net

PBSModular.com
http://dnsreport.com/tools/dnsreport.ch?domain=PBSMODULAR.COM

TechSoEasy.com
http://dnsreport.com/tools/dnsreport.ch?domain=techsoeasy.com

So, what's happening is that an email gets sent to custombuildingsystmes.net which has to refer it to mail.custombuildingsystems.net which then has to be referred to mail.pbsmodular.com before it can finally arrive at host pbsmail.pbsmodular.com.  The problem is that it times out at mail.pbsmodular.com depending on the sending server's configuration.

Check out these two screens:
http://mxtoolbox.com/diagnostic.aspx?HOST=mail.custombuildingsystems.net
http://mxtoolbox.com/diagnostic.aspx?HOST=mail.pbsmodular.com

So... you need to change the TTL settings in pbsmodular.com's DNS zone file to 14400.  (Or have your ISP do this if they manage these records).

Then you should see vast improvements.

Jeff
TechSoEasy
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 16317577
P. S.  Set up the free monitoring at mxtoolbox.com and you will be able to see a report of 24-hour cumulative data for both connection and response times.

Jeff
TechSoEasy
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 16503826
I'm interested... what happened?

Jeff
TechSoEasy
0
 

Author Comment

by:krik0011
ID: 16506520
Sorry for not closing this kind of forgot about it. :)

Anyway, it seemed to by a dns issue as the companies that could not send us mail, one-by-one could start getting mail through.  It just took about 3-4 days.

So I would like to give both of you points, how is this done?
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 16506702
Glad it all worked out for you.

To close this out, click the "split points" button at the bottom of the question.

Jeff
TechSoEasy
0
 

Author Comment

by:krik0011
ID: 16506731
THANKS AGAIN GUYS...
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The main intent of this article is to make you aware of ‘Exchange fail to mount’ error, its effects, causes, and solution.
There can be many situations demanding the conversion of Outlook OST files to PST format and as such, there is no shortage of automated tools to perform this conversion. However, what makes Stellar OST to PST converter stand above the rest? Let us e…
how to add IIS SMTP to handle application/Scanner relays into office 365.
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…
Suggested Courses

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question