Solved

Using nslookup to troubleshoot an email problem.

Posted on 2006-06-26
10
795 Views
Last Modified: 2008-03-04
Hello-

The company I work for started to upgrade from Exchange 5.5 to Exchange Server 2003.  I was not part of the upgrade process and the person who started the process is no longer employed here.  I'm an Exchange novice and I have been trying to address a few problems that have come up recently.  One of them is Event ID: 3018.  I'm not sure if it has something to do with open relay.  
In the Event ID 3018 message it mentions using nslookup to troubleshoot the problem.  I'm not clear on how to use nslookup to troubleshoot the problem and MS kbid 200525 on using nslookup isn't very clear to me.  Could someone shed a little light on using nslookup to troubleshoot my problem?

Thanks,

James
0
Comment
Question by:spectragases
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
10 Comments
 
LVL 35

Expert Comment

by:rakeshmiglani
ID: 16984476
What is the problem that you are facing?
0
 
LVL 31

Expert Comment

by:LeeDerbyshire
ID: 16984624
nslookup is a command-line utility found in Win2000 and higher (I don't think it was in NT4).  You start it from a CMD prompt; so first, open a command prompt box from your start menu, and type in the word nslookup .  It has a good help system that you can access by entering a question mark ? , and you terminate by typing exit .  It is generally used to troubleshoot DNS issues, but when you are interested specifically in email delivery, you confine its display to MX records.  A typical session consists of just two lines (ignoring the nslookup and exit lines):

nslookup
set type=mx
yourdomain.com
exit

0
 
LVL 18

Expert Comment

by:amaheshwari
ID: 16984885
Check this for event id 3018:

As per Microsoft: "This event is logged when a non-delivery report is generated because of a problem with DNS or an IP address. The numeric code is generally 5.4.0. This indicates that an "Authoritative Host was not found".

This usually indicates the recipient's DNS address couldn't be resolved; maybe the sender mistyped the address. Try nslookup on the domain part of “user@domain”. It's also possible a literal IP address was used, and the IP address was invalid.

0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 6

Expert Comment

by:msghaleb
ID: 16985269
To solve the outbound DNS issue please do the foolowing:

-Click Start->RUN->CMD
-Type nslookup
-press enter
-type-> www.google.com
-press enter.

check if you get the IPs of Google,

if yes

then you must check the DNSs configured in your SMTP protocol

-Open Exchange System manager
-go to: Servers->Your Server->Protocols->SMTP
-Right Click on Default SMTP Virtual Server (or whatever you name it)
-Properties
-Delivery->Advanced->Configure

Make sure the list is EMPTY

if no

Check the DNS which ur server is using in the local area connection, it must be a vaild DNS IP address and routable.

Please note if you are using a proxy browsing the Internet doesn't meen that you have a valid DNS IP configured.

Thank you.
0
 
LVL 104

Expert Comment

by:Sembee
ID: 16985572
Rather than trying to work around the suggested solutions, it would be better to look at the problem. We can probably tell you how to fix the issue rather than trying to work with the solution suggested elsewhere.

If you are getting error messages about non-delivery reports, then these are normal. Users will make mistakes.
If you are getting LOTS of error messages about non-delivery reports then that could indicate a problem.

Simon.
0
 

Author Comment

by:spectragases
ID: 16987783
OK, msghaleb.  You've explained it so that someone with little Exchange troubleshooting experience (like myself;) could understand quickly.  I was able to use nslookup as per your instructions.  Then I opened system manager and the field external DNS field was blank.

I left out the fact that this server is running GFI MailEssentials for Exchange/SMTP v11...not sure if that will help.

How do I check to see if a server is being used as an open relay?

I saw some messages suggesting to check my route and topology and to use WinRoute to ensure routes are properly replicated between servers and routing groups.  I ran WinRoute on the server and not sure how to interpret it...I know, I'm a mess!  Just picked up a MS Exchange Server 2003 reference over the weekend.  Can you explain WinRoute like you did nslookup?

0
 
LVL 6

Expert Comment

by:msghaleb
ID: 16990422
here what you want, but I would be really thankful if you can explain for me your problem in details.

1st of all how to check if your server has open relay?

-Open Exchange System manager
-go to: Servers->Your Server->Protocols->SMTP
-Right Click on Default SMTP Virtual Server (or whatever you name it)
-Properties
-Click on the Access tab
-Click Relay

make sure that "only the list below" is selected
the list is empty
"Allow all computers that succefully authinticate to relay..." is Selected.

2nd to check routing

-Click Start->Run->CMD
-Type in: tracert www.google.com
-Press Enter.

You should get something like the following: (you are ok in this case)

Tracing route to www.l.google.com [72.14.203.104]
over a maximum of 30 hops:

  1    <1 ms    <1 ms    <1 ms  10.26.27.1
  2    <1 ms    <1 ms    <1 ms  10.24.252.211
  3    <1 ms     1 ms     1 ms  62.6.89.141
  4     8 ms     8 ms     8 ms  62.239.56.1
  5     8 ms     7 ms     7 ms  10.24.5.145

IF you didn't get similar results, and you for example get something like the following:

Unable to resolve target system name www.google.com

Then you have 100% DNS problem.

Please make sure that your File System Antivirus is not securing port 25 or 110, e.g. if you have Symantec Corp. 9 or later disable the internet mail security on the Exchange server.

Thank you.
0
 

Author Comment

by:spectragases
ID: 16996705
My original problem was that some users were complaining of NDR's.  Here is one of the users NDR that was forwarded to me.  this happened to be one of the owners of the company so I was a little pressured..sorry for the lack of a better description.

From:       System Administrator  
Sent:      Saturday, June 24, 2006 9:48 PM
To:      'Ron Rattray'
Subject:      Undeliverable: Neriki Valve Purchasing

Your message did not reach some or all of the intended recipients.

      Subject:      Neriki Valve Purchasing
      Sent:      6/22/2006 9:52 AM

The following recipient(s) could not be reached:

      'Ron Rattray' on 6/24/2006 9:48 PM
            Could not deliver the message in the time limit specified.  Please retry or contact your administrator.
            <sgibb2k3mail1.spectra-gases.com #4.4.7>

Anyway, I ran a virus scan of the server from a Symantec AV console yesterday and it came cack with w32.beagle@mm!zip, trojan.tooso.R, and w32.netsky.D@mm!enc.  I deleted the viruses and have not had any complaints since.
I'm not sure if that resolved the problem yet but I will keep you posted.
One more thing.  I did follow your instructions to check to see if the server was setup to relay and it was not.  Is there a site that I can check to see if I have been black listed as an open relay server?
0
 
LVL 6

Expert Comment

by:msghaleb
ID: 16999119
There is no a specific web site which will tells you if you are black listed or not, as it's all organizations and it depends you are black listed with which one of them.

Example:
I'm an employee at xyz.com you send me e-mail, and my company is using ORDB for preventing e-mails from black listed domains (or companies), so if you are black listed at ORDB I wont see your mail, and if not I will receive it, even if you are black listed in other organizations.

The solution is, use your mail normally, and if you are black listed anywhere, you will get an NDR which states that you are black listed at Organization (e.g. ORDB), please close your relay and inform us.

What you have to do it, to take the organization name and go to there website, check ur mail server and if you find your self black listed, just send them an e-mail informing them that you closed your relay, they will check your server and then they will remove you from their list.


I highly recommend for you some things:

1 - Disable or Remove the Internet Mail option in Symantec Corp. from your Exchange server.
2 - Use Symantec Mail Security for Exchange to secure your Exchange server.
3 - Make sure that the Symantec Corp. is not scanning the Exchange folders, please follow this like:
http://service1.symantec.com/SUPPORT/ent-security.nsf/pfdocs/2000110108382448?OpenDocument&ExpandSection=2%2C1%2C5%2C3#_Section2

More Information:

When you have a virus on your file system, Symantec Corp will remove it, but if you have a virus in an attachment in a mail message, Symantec Corp will delete the Exchange log file which contain the virus, and Exchange will not start because of a missing log file, that's why Symantec Corp. should not scan your Exchange files, and Symantec Mail Security should be used instead.

ORDB is one of the open relay organizations, www.ordb.org.
0
 
LVL 6

Accepted Solution

by:
msghaleb earned 250 total points
ID: 17168001
I hope that my answers was useful so far.

Thank you.
0

Featured Post

PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
After hours on line I found a solution which pointed to the inherited Active Directory permissions . You have to give/allow permissions to the "Exchange trusted subsystem" for the user in the Active Directory...
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses
Course of the Month4 days, 11 hours left to enroll

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question