Biziteks
asked on
Problem sending to cfl.rr.com domain
I am running Windows 2003 SBS w/ Exchange 2003
Heres the deal.
About 3 weeks ago my users started complaining about getting kickbacks whenver they tried to email any @cfl.rr.com addresses. They were receiving the "Relaying Delayed" message and then eventually a NDR failure report.
I looked into the issue and noticed they did not have a valid reverse PTR so I set that up, I called up RR and told them I had fixed they problem and they informed me that my IP has never been on any blocklist of theres and I should be having no problems emailing them.
Researching further into the problem I realized that due to NAT'ng my exchange server is actually sending out on a diffrent IP than I setup the PTR for, so I attempted to set up a PTR for the correct IP, yet still continue to recieve errors and RR still denies that I am on any blocklist.
I have been bashing my head against the wall trying to figure this out and am getting nowhere. Here is the information I have
the IP which I RDC into the server is 72.17.255.130 (mail.rclawpa.com)
the IP which all the mail appears to be coming from is 72.17.255.61 (this is also what shows up when I go to www.whatsmyip.com)
This is the original kickback
This is an automatically generated Delivery Status Notification.
THIS IS A WARNING MESSAGE ONLY.
YOU DO NOT NEED TO RESEND YOUR MESSAGE.
Delivery to the following recipients has been delayed.
admin@cfl.rr.com
Which is followed up about a day later by this kickback
Your message did not reach some or all of the intended recipients.
Subject: test
Sent: 3/23/2006 3:41 PM
The following recipient(s) could not be reached:
admin@cfl.rr.com on 3/25/2006 3:42 PM
Could not deliver the message in the time limit specified. Please retry or contact your administrator.
<rcserv1.rclawpa.local #4.4.7>
This is what I get when I try to telnet to clmboh-01.mgw.rr.com (cfls mail server)
220-clmboh-mx-02.mgw.rr.co m ESMTP
220 Welcome to Road Runner. NO UCE *** FOR AUTHORIZED USE ONLY! *** Please Fix
your Reverse DNS ***
Here is the correspondence between me and the RR security tech
Message came from IP address 72.17.254.61, James:
> Received: from rcserv1.rclawpa.local (72-17-254-61.orl.fdn.com
> [72.17.254.61] (may be forged))
> by security.rr.com (8.12.9/8.12.6) with ESMTP id k2NKdOND017647
> for <therr@security.rr.com>; Thu, 23 Mar 2006 15:39:28 -0500 (EST)
Not blocked here, and never has been in our internal block list, so
far as I can tell:
http://security.rr.com/cgi-bin/block-lookup?72.17.254.61
However, per our rate limiting policy, this IP would be limited to 10
recipients per hour, as it resolves to a name that not only does not
resolve back to the IP, the name doesn't resolve at all:
# host 72.17.254.61
61.254.17.72.in-addr.arpa domain name pointer 72-17-254-61.orl.fdn.com.
$ host 72-17-254-61.orl.fdn.com
Host 72-17-254-61.orl.fdn.com not found: 3(NXDOMAIN)
http://security.rr.com/spam.htm#ratelimit
Get your ISP to create a DNS 'A' record for 72-17-254-61.orl.fdn.com,
resolving to 72.17.254.61, and you should be in better shape.
On Thu, 23 Mar 2006, at 15:39, Administrator wrote:
> Hey Todd,
> Here is an email from the affected server.
>
> Thanks for your help.
>
> -James
>
> __________________________ ______
>
> From: James Hart [mailto:jhart@biziteks.com ]
> Sent: Thu 3/23/2006 3:33 PM
> To: Administrator
> Subject: FW: [BLOCKINFO] Email being blocked
>
>
>
>
>
> -----Original Message-----
> From: Todd Herr [mailto:therr@security.rr. com]
> Sent: Thursday, March 23, 2006 10:44 AM
> To: James Hart
> Subject: Re: [BLOCKINFO] Email being blocked
>
> Hello, James.
>
> I can't see any issues with IP address 72.17.255.130; it's not now,
> nor has it ever been, in a block list the content for which is under
> Road Runner's control:
>
> http://security.rr.com/cgi-bin/block-lookup?72.17.255.130
>
> The error message below "Please Fix your Reverse DNS" is one that
> our servers would generate if the reverse DNS record for the IP
> connecting to them resolved to a name ending in 'in-addr.arpa'; this
> IP doesn't seem to be so afflicted:
>
> # host 72.17.255.130
> 130.255.17.72.in-addr.arpa domain name pointer mail.rclawpa.com.
>
> Have you taken steps to get this IP's PTR record updated between
> the time you sent the message below and now? If not, can you please
> send me a message from the server having issues? My mailbox refuses
> mail from no one, regardless of the block status or PTR record of
> the server.
>
> On Thu, 23 Mar 2006, at 09:19, James Hart wrote:
>
> > Our company is experiencing kickbacks whenever we try to email a
> > @cfl.rr.com address. I noticed that we did not have a reverse DNS
> setup
> > and got that all fixed. However, We still are receiving the kickbacks.
> > Here is the information I gleaned from telnetting to your mail
> servers.
> >
> >
> >
> > 220-orngca-mx-10.mgw.rr.co m ESMTP
> >
> > 220 Welcome to Road Runner. NO UCE *** FOR AUTHORIZED USE ONLY! ***
> > Please Fix
> >
> > your Reverse DNS ***
> >
> >
> >
> > The IP I am trying to connect from is 72.17.255.130 and the domain is
> > mail.rclawpa.com
> >
> >
> >
> > Please let me know if there is any problem remaining that we need to
> > take care of.
> >
> > James Hart
Sorry this post is so long but I wanted to inclue all information I have gleaned from this problem so far, Any help is much appreciated
Heres the deal.
About 3 weeks ago my users started complaining about getting kickbacks whenver they tried to email any @cfl.rr.com addresses. They were receiving the "Relaying Delayed" message and then eventually a NDR failure report.
I looked into the issue and noticed they did not have a valid reverse PTR so I set that up, I called up RR and told them I had fixed they problem and they informed me that my IP has never been on any blocklist of theres and I should be having no problems emailing them.
Researching further into the problem I realized that due to NAT'ng my exchange server is actually sending out on a diffrent IP than I setup the PTR for, so I attempted to set up a PTR for the correct IP, yet still continue to recieve errors and RR still denies that I am on any blocklist.
I have been bashing my head against the wall trying to figure this out and am getting nowhere. Here is the information I have
the IP which I RDC into the server is 72.17.255.130 (mail.rclawpa.com)
the IP which all the mail appears to be coming from is 72.17.255.61 (this is also what shows up when I go to www.whatsmyip.com)
This is the original kickback
This is an automatically generated Delivery Status Notification.
THIS IS A WARNING MESSAGE ONLY.
YOU DO NOT NEED TO RESEND YOUR MESSAGE.
Delivery to the following recipients has been delayed.
admin@cfl.rr.com
Which is followed up about a day later by this kickback
Your message did not reach some or all of the intended recipients.
Subject: test
Sent: 3/23/2006 3:41 PM
The following recipient(s) could not be reached:
admin@cfl.rr.com on 3/25/2006 3:42 PM
Could not deliver the message in the time limit specified. Please retry or contact your administrator.
<rcserv1.rclawpa.local #4.4.7>
This is what I get when I try to telnet to clmboh-01.mgw.rr.com (cfls mail server)
220-clmboh-mx-02.mgw.rr.co
220 Welcome to Road Runner. NO UCE *** FOR AUTHORIZED USE ONLY! *** Please Fix
your Reverse DNS ***
Here is the correspondence between me and the RR security tech
Message came from IP address 72.17.254.61, James:
> Received: from rcserv1.rclawpa.local (72-17-254-61.orl.fdn.com
> [72.17.254.61] (may be forged))
> by security.rr.com (8.12.9/8.12.6) with ESMTP id k2NKdOND017647
> for <therr@security.rr.com>; Thu, 23 Mar 2006 15:39:28 -0500 (EST)
Not blocked here, and never has been in our internal block list, so
far as I can tell:
http://security.rr.com/cgi-bin/block-lookup?72.17.254.61
However, per our rate limiting policy, this IP would be limited to 10
recipients per hour, as it resolves to a name that not only does not
resolve back to the IP, the name doesn't resolve at all:
# host 72.17.254.61
61.254.17.72.in-addr.arpa domain name pointer 72-17-254-61.orl.fdn.com.
$ host 72-17-254-61.orl.fdn.com
Host 72-17-254-61.orl.fdn.com not found: 3(NXDOMAIN)
http://security.rr.com/spam.htm#ratelimit
Get your ISP to create a DNS 'A' record for 72-17-254-61.orl.fdn.com,
resolving to 72.17.254.61, and you should be in better shape.
On Thu, 23 Mar 2006, at 15:39, Administrator wrote:
> Hey Todd,
> Here is an email from the affected server.
>
> Thanks for your help.
>
> -James
>
> __________________________
>
> From: James Hart [mailto:jhart@biziteks.com
> Sent: Thu 3/23/2006 3:33 PM
> To: Administrator
> Subject: FW: [BLOCKINFO] Email being blocked
>
>
>
>
>
> -----Original Message-----
> From: Todd Herr [mailto:therr@security.rr.
> Sent: Thursday, March 23, 2006 10:44 AM
> To: James Hart
> Subject: Re: [BLOCKINFO] Email being blocked
>
> Hello, James.
>
> I can't see any issues with IP address 72.17.255.130; it's not now,
> nor has it ever been, in a block list the content for which is under
> Road Runner's control:
>
> http://security.rr.com/cgi-bin/block-lookup?72.17.255.130
>
> The error message below "Please Fix your Reverse DNS" is one that
> our servers would generate if the reverse DNS record for the IP
> connecting to them resolved to a name ending in 'in-addr.arpa'; this
> IP doesn't seem to be so afflicted:
>
> # host 72.17.255.130
> 130.255.17.72.in-addr.arpa
>
> Have you taken steps to get this IP's PTR record updated between
> the time you sent the message below and now? If not, can you please
> send me a message from the server having issues? My mailbox refuses
> mail from no one, regardless of the block status or PTR record of
> the server.
>
> On Thu, 23 Mar 2006, at 09:19, James Hart wrote:
>
> > Our company is experiencing kickbacks whenever we try to email a
> > @cfl.rr.com address. I noticed that we did not have a reverse DNS
> setup
> > and got that all fixed. However, We still are receiving the kickbacks.
> > Here is the information I gleaned from telnetting to your mail
> servers.
> >
> >
> >
> > 220-orngca-mx-10.mgw.rr.co
> >
> > 220 Welcome to Road Runner. NO UCE *** FOR AUTHORIZED USE ONLY! ***
> > Please Fix
> >
> > your Reverse DNS ***
> >
> >
> >
> > The IP I am trying to connect from is 72.17.255.130 and the domain is
> > mail.rclawpa.com
> >
> >
> >
> > Please let me know if there is any problem remaining that we need to
> > take care of.
> >
> > James Hart
Sorry this post is so long but I wanted to inclue all information I have gleaned from this problem so far, Any help is much appreciated
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER