I am running Windows 2003 SBS w/ Exchange 2003
Heres the deal.
About 3 weeks ago my users started complaining about getting kickbacks whenver they tried to email any @cfl.rr.com addresses. They were receiving the "Relaying Delayed" message and then eventually a NDR failure report.
I looked into the issue and noticed they did not have a valid reverse PTR so I set that up, I called up RR and told them I had fixed they problem and they informed me that my IP has never been on any blocklist of theres and I should be having no problems emailing them.
Researching further into the problem I realized that due to NAT'ng my exchange server is actually sending out on a diffrent IP than I setup the PTR for, so I attempted to set up a PTR for the correct IP, yet still continue to recieve errors and RR still denies that I am on any blocklist.
I have been bashing my head against the wall trying to figure this out and am getting nowhere. Here is the information I have
the IP which I RDC into the server is 220.127.116.11 (mail.rclawpa.com)
the IP which all the mail appears to be coming from is 18.104.22.168 (this is also what shows up when I go to www.whatsmyip.com
This is the original kickback
This is an automatically generated Delivery Status Notification.
THIS IS A WARNING MESSAGE ONLY.
YOU DO NOT NEED TO RESEND YOUR MESSAGE.
Delivery to the following recipients has been delayed.
Which is followed up about a day later by this kickback
Your message did not reach some or all of the intended recipients.
Sent: 3/23/2006 3:41 PM
The following recipient(s) could not be reached:
email@example.com on 3/25/2006 3:42 PM
Could not deliver the message in the time limit specified. Please retry or contact your administrator.
This is what I get when I try to telnet to clmboh-01.mgw.rr.com (cfls mail server)
220 Welcome to Road Runner. NO UCE *** FOR AUTHORIZED USE ONLY! *** Please Fix
your Reverse DNS ***
Here is the correspondence between me and the RR security tech
Message came from IP address 22.214.171.124, James:
> Received: from rcserv1.rclawpa.local (72-17-254-61.orl.fdn.com
> [126.96.36.199] (may be forged))
> by security.rr.com (8.12.9/8.12.6) with ESMTP id k2NKdOND017647
> for <firstname.lastname@example.org>; Thu, 23 Mar 2006 15:39:28 -0500 (EST)
Not blocked here, and never has been in our internal block list, so
far as I can tell:
However, per our rate limiting policy, this IP would be limited to 10
recipients per hour, as it resolves to a name that not only does not
resolve back to the IP, the name doesn't resolve at all:
# host 188.8.131.52
184.108.40.206.in-addr.arpa domain name pointer 72-17-254-61.orl.fdn.com.
$ host 72-17-254-61.orl.fdn.com
Host 72-17-254-61.orl.fdn.com not found: 3(NXDOMAIN)
Get your ISP to create a DNS 'A' record for 72-17-254-61.orl.fdn.com,
resolving to 220.127.116.11, and you should be in better shape.
On Thu, 23 Mar 2006, at 15:39, Administrator wrote:
> Hey Todd,
> Here is an email from the affected server.
> Thanks for your help.
> From: James Hart [mailto:email@example.com
> Sent: Thu 3/23/2006 3:33 PM
> To: Administrator
> Subject: FW: [BLOCKINFO] Email being blocked
> -----Original Message-----
> From: Todd Herr [mailto:firstname.lastname@example.org.
> Sent: Thursday, March 23, 2006 10:44 AM
> To: James Hart
> Subject: Re: [BLOCKINFO] Email being blocked
> Hello, James.
> I can't see any issues with IP address 18.104.22.168; it's not now,
> nor has it ever been, in a block list the content for which is under
> Road Runner's control:
> The error message below "Please Fix your Reverse DNS" is one that
> our servers would generate if the reverse DNS record for the IP
> connecting to them resolved to a name ending in 'in-addr.arpa'; this
> IP doesn't seem to be so afflicted:
> # host 22.214.171.124
domain name pointer mail.rclawpa.com.
> Have you taken steps to get this IP's PTR record updated between
> the time you sent the message below and now? If not, can you please
> send me a message from the server having issues? My mailbox refuses
> mail from no one, regardless of the block status or PTR record of
> the server.
> On Thu, 23 Mar 2006, at 09:19, James Hart wrote:
> > Our company is experiencing kickbacks whenever we try to email a
> > @cfl.rr.com address. I noticed that we did not have a reverse DNS
> > and got that all fixed. However, We still are receiving the kickbacks.
> > Here is the information I gleaned from telnetting to your mail
> > 220-orngca-mx-10.mgw.rr.co
> > 220 Welcome to Road Runner. NO UCE *** FOR AUTHORIZED USE ONLY! ***
> > Please Fix
> > your Reverse DNS ***
> > The IP I am trying to connect from is 126.96.36.199 and the domain is
> > mail.rclawpa.com
> > Please let me know if there is any problem remaining that we need to
> > take care of.
> > James Hart
Sorry this post is so long but I wanted to inclue all information I have gleaned from this problem so far, Any help is much appreciated