Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Using nslookup to troubleshoot an email problem.

Posted on 2006-06-26
10
Medium Priority
?
798 Views
Last Modified: 2008-03-04
Hello-

The company I work for started to upgrade from Exchange 5.5 to Exchange Server 2003.  I was not part of the upgrade process and the person who started the process is no longer employed here.  I'm an Exchange novice and I have been trying to address a few problems that have come up recently.  One of them is Event ID: 3018.  I'm not sure if it has something to do with open relay.  
In the Event ID 3018 message it mentions using nslookup to troubleshoot the problem.  I'm not clear on how to use nslookup to troubleshoot the problem and MS kbid 200525 on using nslookup isn't very clear to me.  Could someone shed a little light on using nslookup to troubleshoot my problem?

Thanks,

James
0
Comment
Question by:spectragases
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
10 Comments
 
LVL 35

Expert Comment

by:rakeshmiglani
ID: 16984476
What is the problem that you are facing?
0
 
LVL 31

Expert Comment

by:LeeDerbyshire
ID: 16984624
nslookup is a command-line utility found in Win2000 and higher (I don't think it was in NT4).  You start it from a CMD prompt; so first, open a command prompt box from your start menu, and type in the word nslookup .  It has a good help system that you can access by entering a question mark ? , and you terminate by typing exit .  It is generally used to troubleshoot DNS issues, but when you are interested specifically in email delivery, you confine its display to MX records.  A typical session consists of just two lines (ignoring the nslookup and exit lines):

nslookup
set type=mx
yourdomain.com
exit

0
 
LVL 18

Expert Comment

by:amaheshwari
ID: 16984885
Check this for event id 3018:

As per Microsoft: "This event is logged when a non-delivery report is generated because of a problem with DNS or an IP address. The numeric code is generally 5.4.0. This indicates that an "Authoritative Host was not found".

This usually indicates the recipient's DNS address couldn't be resolved; maybe the sender mistyped the address. Try nslookup on the domain part of “user@domain”. It's also possible a literal IP address was used, and the IP address was invalid.

0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
LVL 6

Expert Comment

by:msghaleb
ID: 16985269
To solve the outbound DNS issue please do the foolowing:

-Click Start->RUN->CMD
-Type nslookup
-press enter
-type-> www.google.com
-press enter.

check if you get the IPs of Google,

if yes

then you must check the DNSs configured in your SMTP protocol

-Open Exchange System manager
-go to: Servers->Your Server->Protocols->SMTP
-Right Click on Default SMTP Virtual Server (or whatever you name it)
-Properties
-Delivery->Advanced->Configure

Make sure the list is EMPTY

if no

Check the DNS which ur server is using in the local area connection, it must be a vaild DNS IP address and routable.

Please note if you are using a proxy browsing the Internet doesn't meen that you have a valid DNS IP configured.

Thank you.
0
 
LVL 104

Expert Comment

by:Sembee
ID: 16985572
Rather than trying to work around the suggested solutions, it would be better to look at the problem. We can probably tell you how to fix the issue rather than trying to work with the solution suggested elsewhere.

If you are getting error messages about non-delivery reports, then these are normal. Users will make mistakes.
If you are getting LOTS of error messages about non-delivery reports then that could indicate a problem.

Simon.
0
 

Author Comment

by:spectragases
ID: 16987783
OK, msghaleb.  You've explained it so that someone with little Exchange troubleshooting experience (like myself;) could understand quickly.  I was able to use nslookup as per your instructions.  Then I opened system manager and the field external DNS field was blank.

I left out the fact that this server is running GFI MailEssentials for Exchange/SMTP v11...not sure if that will help.

How do I check to see if a server is being used as an open relay?

I saw some messages suggesting to check my route and topology and to use WinRoute to ensure routes are properly replicated between servers and routing groups.  I ran WinRoute on the server and not sure how to interpret it...I know, I'm a mess!  Just picked up a MS Exchange Server 2003 reference over the weekend.  Can you explain WinRoute like you did nslookup?

0
 
LVL 6

Expert Comment

by:msghaleb
ID: 16990422
here what you want, but I would be really thankful if you can explain for me your problem in details.

1st of all how to check if your server has open relay?

-Open Exchange System manager
-go to: Servers->Your Server->Protocols->SMTP
-Right Click on Default SMTP Virtual Server (or whatever you name it)
-Properties
-Click on the Access tab
-Click Relay

make sure that "only the list below" is selected
the list is empty
"Allow all computers that succefully authinticate to relay..." is Selected.

2nd to check routing

-Click Start->Run->CMD
-Type in: tracert www.google.com
-Press Enter.

You should get something like the following: (you are ok in this case)

Tracing route to www.l.google.com [72.14.203.104]
over a maximum of 30 hops:

  1    <1 ms    <1 ms    <1 ms  10.26.27.1
  2    <1 ms    <1 ms    <1 ms  10.24.252.211
  3    <1 ms     1 ms     1 ms  62.6.89.141
  4     8 ms     8 ms     8 ms  62.239.56.1
  5     8 ms     7 ms     7 ms  10.24.5.145

IF you didn't get similar results, and you for example get something like the following:

Unable to resolve target system name www.google.com

Then you have 100% DNS problem.

Please make sure that your File System Antivirus is not securing port 25 or 110, e.g. if you have Symantec Corp. 9 or later disable the internet mail security on the Exchange server.

Thank you.
0
 

Author Comment

by:spectragases
ID: 16996705
My original problem was that some users were complaining of NDR's.  Here is one of the users NDR that was forwarded to me.  this happened to be one of the owners of the company so I was a little pressured..sorry for the lack of a better description.

From:       System Administrator  
Sent:      Saturday, June 24, 2006 9:48 PM
To:      'Ron Rattray'
Subject:      Undeliverable: Neriki Valve Purchasing

Your message did not reach some or all of the intended recipients.

      Subject:      Neriki Valve Purchasing
      Sent:      6/22/2006 9:52 AM

The following recipient(s) could not be reached:

      'Ron Rattray' on 6/24/2006 9:48 PM
            Could not deliver the message in the time limit specified.  Please retry or contact your administrator.
            <sgibb2k3mail1.spectra-gases.com #4.4.7>

Anyway, I ran a virus scan of the server from a Symantec AV console yesterday and it came cack with w32.beagle@mm!zip, trojan.tooso.R, and w32.netsky.D@mm!enc.  I deleted the viruses and have not had any complaints since.
I'm not sure if that resolved the problem yet but I will keep you posted.
One more thing.  I did follow your instructions to check to see if the server was setup to relay and it was not.  Is there a site that I can check to see if I have been black listed as an open relay server?
0
 
LVL 6

Expert Comment

by:msghaleb
ID: 16999119
There is no a specific web site which will tells you if you are black listed or not, as it's all organizations and it depends you are black listed with which one of them.

Example:
I'm an employee at xyz.com you send me e-mail, and my company is using ORDB for preventing e-mails from black listed domains (or companies), so if you are black listed at ORDB I wont see your mail, and if not I will receive it, even if you are black listed in other organizations.

The solution is, use your mail normally, and if you are black listed anywhere, you will get an NDR which states that you are black listed at Organization (e.g. ORDB), please close your relay and inform us.

What you have to do it, to take the organization name and go to there website, check ur mail server and if you find your self black listed, just send them an e-mail informing them that you closed your relay, they will check your server and then they will remove you from their list.


I highly recommend for you some things:

1 - Disable or Remove the Internet Mail option in Symantec Corp. from your Exchange server.
2 - Use Symantec Mail Security for Exchange to secure your Exchange server.
3 - Make sure that the Symantec Corp. is not scanning the Exchange folders, please follow this like:
http://service1.symantec.com/SUPPORT/ent-security.nsf/pfdocs/2000110108382448?OpenDocument&ExpandSection=2%2C1%2C5%2C3#_Section2

More Information:

When you have a virus on your file system, Symantec Corp will remove it, but if you have a virus in an attachment in a mail message, Symantec Corp will delete the Exchange log file which contain the virus, and Exchange will not start because of a missing log file, that's why Symantec Corp. should not scan your Exchange files, and Symantec Mail Security should be used instead.

ORDB is one of the open relay organizations, www.ordb.org.
0
 
LVL 6

Accepted Solution

by:
msghaleb earned 1000 total points
ID: 17168001
I hope that my answers was useful so far.

Thank you.
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A list of top three free exchange EDB viewers that helps the user to extract a mailbox from an unmounted .edb file and get a clear preview of all emails & other items with just a single click on mailboxes.
After hours on line I found a solution which pointed to the inherited Active Directory permissions . You have to give/allow permissions to the "Exchange trusted subsystem" for the user in the Active Directory...
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question