Solved

Exchange2003/wins2003/https/ 2 confirmed eml addys are being rejected

Posted on 2006-07-19
27
271 Views
Last Modified: 2010-03-06
Eml is functional and working with hundreds of emails per day.  I have 2 outside addresses that are both confirmed via hotmail that I rec. the following error on:
a non-delivery report with a status code of 5.4.0 was generated for recipient X
Causes: ....msg. indicates a dns problem or an ip address configuration problem.
solution: check the dns using nslookup or dnsq.....
---
if i nslookup the domain name my server is able to resolve it back to an ip address.  This is only happening to 2 recipient addresses and they are both confirmed.
Any ideas?
0
Comment
Question by:bingboo
  • 17
  • 8
  • 2
27 Comments
 
LVL 37

Expert Comment

by:Jamie McKillop
ID: 17140457
From your Exchange server, did you use nslookup to query the MX records for that domain? You should then try to telenet to port 25 of the returned records.

JJ
0
 

Author Comment

by:bingboo
ID: 17140563
k -- the domain in question that can't send mail to is:
mail.servicebrands.com

if i nslookup i can resolve it to addy from my exchange server. I did zonedit to find their mx record which points to mail.servicebrands.com which resolves back to the same addy.  looks like they are block 25 from telnet access.
0
 
LVL 37

Expert Comment

by:Jamie McKillop
ID: 17140618
If I do an nslookup, there are no MX records for mail.servicebrands.com. There is an MX for servicebrands.com so it looks like the e-mail address you have for these recipients is wrong. Try removing "mail" from their addresses.

JJ
0
 

Author Comment

by:bingboo
ID: 17140641
interesting --- if i go to dnsreport.com and use their mx test:
Host      Preference      IP(s) [Country]      
mail.servicebrands.com      0      152.160.68.126 [US]

if i ping mail.servicebrands.com i rec. addy of:  64.20.37.22 from within my lan.  If i drop out of LAN i rec. the same address that dnsreports has.



0
 
LVL 37

Expert Comment

by:Jamie McKillop
ID: 17140697
mail.servicebrands.com is the DNS name of their mail server. When I try your test at dnsreport.com, I get this:

Getting MX record for mail.servicebrands.com (from local DNS server, may be cached)...   There is no MX record for mail.servicebrands.com!  That's bad.
Checking for an A record... Got it!

Notice it doesn't find an MX, just an A record... like it says, that's bad.

JJ
0
 

Author Comment

by:bingboo
ID: 17140788
but even with just an A record it should still resolve out...
and they receive email from outside of our domain.  Plus it looks like the problem appears to be 2 ip addresses associated with the same record.
when i ping:
lan: 64.20.37.22
charter backbone (and dnsreport):152.160.68.126
so the problem looks to be when someone sends mail through our exchange server it looks at 64.20.37.22 to send the mail which is incorrect, then get a failure error.

I am beginning to think that this might have something to do with my ISP having the wrong info in their DNS servers (which feeds ours).  Or is there something on my end that I need to check?

0
 
LVL 37

Expert Comment

by:Jamie McKillop
ID: 17140824
If you are getting the 64 address when pinging mail.servicebrands.com then you definately have a DNS problem.

JJ
0
 

Author Comment

by:bingboo
ID: 17140950
Oh yeah this just became a lot more odd --- I am only having this problem with 2 email addresses my clients are trying to send mail to:
The crazy part is, I just ran all of the same tests against their mail server and received a diff ip addy then when WAN, BUT when I am LAN'd and I ping their mail servers, BOTH RESOLVE TO  64.20.37.22

WHICH IS OWNED BY:

OrgName:    Interserver, Inc
OrgID:      INTER-83
Address:    PO Box 244
City:       Fort Lee
StateProv:  NJ
PostalCode: 07024
Country:    US

ReferralServer: rwhois://rwhois.trouble-free.net:4321

NetRange:   64.20.32.0 - 64.20.63.255
CIDR:       64.20.32.0/19
NetName:    NJIIX
NetHandle:  NET-64-20-32-0-1
Parent:     NET-64-0-0-0-0
NetType:    Direct Allocation
NameServer: DNS.TROULBE-FREE.NET
NameServer: DNS2.TROUBLE-FREE.NET
Comment:    Please use abuse@trouble-free.net for all abuse reports.
RegDate:    2005-04-07
Updated:    2006-02-24

OrgTechHandle: NOC1390-ARIN
OrgTechName:   Network Operations Center
OrgTechPhone:  +1-201-643-0134
OrgTechEmail:  network@njiix.net

# ARIN WHOIS database, last updated 2006-07-18 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
0
 

Author Comment

by:bingboo
ID: 17140962
sorry just read that again and it might be confusing.
That is to say, when I ping or nslookup LAN side, both mail.servicebrands.com AND mail.XXX.com resolve to  64.20.37.22
0
 
LVL 37

Accepted Solution

by:
Jamie McKillop earned 250 total points
ID: 17141011
You definately have a DNS issue. Try an NSlookup against your ISP's DNS server and see if you are getting the same strange results. This will tell if if the problem is with their DNS or your DNS.

JJ
0
 

Author Comment

by:bingboo
ID: 17141162
Ok, it is most def. my Server and not providers DNS.
0
 
LVL 37

Expert Comment

by:Jamie McKillop
ID: 17141198
I've seen this before. Are you using Windows DNS? If so, check your root hints to make sure there aren't any strange entries. There is some type of malware out there that I've seen add incorrect entries.

JJ
0
 

Author Comment

by:bingboo
ID: 17141272
I inherited this network and there a lot of root hints going all the way from

m.root-servers.net
....all the way down to.....
a.root-servers.net

and corresponding 13 different addresses associated with each server name.  We only have the one DNS server on our network and 2 that we use from our ISP.

0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 

Author Comment

by:bingboo
ID: 17141322
can i safely delete all of them? this is our domain controller, nothing gets installed on here. hack?
0
 
LVL 37

Expert Comment

by:Jamie McKillop
ID: 17141327
Those are correct. Do any of the IPs start with something other than 192, 198, of 128? Some will be listed as "unknown", which is normal.

JJ
0
 

Author Comment

by:bingboo
ID: 17141440
full list:
m.root-servers.net = 202.12.27.33
l.root-servers.net   =198.32.64.12
k.root-servers.net   =193.0.14.129
j.root-servers.net    =198.41.0.10
i.root-servers.net    =192.36.148.17
h.root-servers.net   =128.63..2.53
g.root-servers.net   =192.112.36.4
f.root-servers.net    =192.5.5.241
e.root-servers.net   =192.203.230.10
d.root-servers.net   =128.8.10.90
c.root-servers.net   =192.33.4.12
b.root-servers.net   =128.9.0.107
a.root-servers.net   =198.41.0.4

none of these addys point to anything in my subnet.....so to answer your question looks like --- m and k are not one of the three options...
0
 

Author Comment

by:bingboo
ID: 17141445
by the way--- very very much appreciate your help.
0
 

Author Comment

by:bingboo
ID: 17141565
I did a net-ipinfo look up on all of those and they seem to be legit.
0
 
LVL 104

Expert Comment

by:Sembee
ID: 17141588
If you suspect that your root hints are wrong, then simply configure forwarders in the DNS server and use your ISPs Servers. That will avoid the root hints totally.

Simon.
0
 

Author Comment

by:bingboo
ID: 17141688
I have no idea if they are wrong, I didn't even know i had an issue until i started dealing with these two email addresses... the only thing that has changed in our set up is that we have just recently brought our email in house and running exchange2003 with no problems except nobody can send email to these two people (outside email addresses) - worst part is both of their mail servers resolve to the same ip addy when LAN'd.
0
 

Author Comment

by:bingboo
ID: 17141804
are there any draw back to configuring forwarders to my isp dns?
0
 
LVL 104

Expert Comment

by:Sembee
ID: 17141931
I make the change to use ISP DNS as a standard practise when setting up a new domain.

Simon.
0
 

Author Comment

by:bingboo
ID: 17142120
in my dns.log --- i have entries saying the dns server encountered an invlaid domain name in a packet from 64.20.37.22.....???
0
 
LVL 37

Expert Comment

by:Jamie McKillop
ID: 17145318
Is there anything currently setup on your forwarders tab?

JJ
0
 

Author Comment

by:bingboo
ID: 17145593
nothing in forwarders.
0
 

Author Comment

by:bingboo
ID: 17145643
k - i just added both of isp dns as forwarders --- i have not removed root-hints.... updated server data files...still having issue.
0
 

Author Comment

by:bingboo
ID: 17145919
I opened a dns ticket in networking :
http://www.experts-exchange.com/Networking/Q_21925860.html

thx again for your help in narrowing this down.
0

Featured Post

The curse of the end user strikes again      

You’ve updated all your end user’s email signatures. Hooray! But guess what? They’re playing around with the HTML, adding stupid taglines and ruining the imagery. Find out how you can save your signatures from end users today.

Join & Write a Comment

Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now