Solved

Yet another bug of the type: "That domain isn't in my list of allowed rcpthosts"

Posted on 2006-11-21
14
2,045 Views
Last Modified: 2008-01-09
Hi gurus,

Our client has an Exchange 2000 Server.
Recently - and this is probably due to more strictness from server admins around the world - a lot of their mails have started bouncing back with various error messages.

So I started fixing them one by one.  A recent one was caused by no Reverse DNS on the mail server.  I asked our ISP to create one and it seems to have fixed some bouncebacks.  Today we got this message:

The following recipient(s) could not be reached:

      'Thomas (xxxx@xxxxx.com)' on 11/21/2006 7:46 PM

            There was a SMTP communication problem with the recipient's email server.  Please contact your system administrator.

            <stable-mail.stable.com #5.5.0 smtp;553 sorry, that domain isn't in my list of allowed rcpthosts (#5.5.3 - chkuser)>

As you can see, our Exchange server advertises itself as "stable-mail.stable.com".
Unfortunately, that is an internal name.  This client does not own stable.com, and stable-mail.stable.com is non-existent and impossible to ping from the internet.
It's just a fake internal name.

Here's the full header when this client sends me an email.  User email replaced by user@domain.com, and myself replaced by myadmin@admin.com.
IP's have also been changed.  If you message me directly, I'll send you the full log:

Return-Path: <user@domain.com>
Delivered-To: myadmin@admin.com
Received: (qmail 16369 invoked by uid 90); 22 Nov 2006 00:47:03 -0000
Received: from user@domain.com by tektonik by uid 71 with qmail-scanner-1.22
 (f-prot: 3.12/. spamassassin: 2.63.  Clear:RC:0(64.15.65.212):SA:0(-4.6/6.0):.
 Processed in 6.110263 secs); 22 Nov 2006 00:47:03 -0000
Received: from 222.222.222.222 by smg with SMTP; 22 Nov 2006 00:46:57 -0000
Received: from stable-mail.stable.com (222.222.222.222)
  by 0 with SMTP; 22 Nov 2006 00:46:53 -0000
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative;
      boundary="----_=_NextPart_001_01C70DCF.B2EDEBF2"
Subject: FW: email problem
X-MimeOLE: Produced By Microsoft Exchange V6.0.6603.0
Date: Tue, 21 Nov 2006 19:46:51 -0500
Message-ID: <8CCE18BB076BDA44AAF75BD3FC225EDC7C9044@stable-mail.stable.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: email problem
Thread-Index: AccNyVRX3sYgdoJiQDiTUCfoW59xhgABL5EgAABfH/MAAAUmEA==
From: <user@domain.com>
To: <myadmin@admin.com>


My question is:

- why aren't we allowed tu use internal names like mail-stable.stable.com?
- there is a reverse DNS entry for the real IP address of that server, so why isn't the destination server using that instead of the stupid internal name we advertise?
- do you see any solution?

Regards,
Alain

0
Comment
Question by:melkiades
  • 7
  • 6
14 Comments
 
LVL 20

Expert Comment

by:ikm7176
Comment Utility
If you get back a bounced email with this error: "553 sorry, that domain isn't in my list of allowed rcpthosts (#5.5.3 - chkuser)", the chkuser part of the error message means that the email address you sent your email to does not exist.

I guess, Your exchange server is blocked from relaying to particular user. Did you tried sending mails to other destinations?

cheers!
0
 
LVL 104

Expert Comment

by:Sembee
Comment Utility
Exchange uses what name you tell it to when it connects to another server. By default this is the server's internal name, or the domain name.

The name is set on the SMTP Virtual Server. ESM, Servers, <your server>, Protocols, SMTP. Right click on the default SMTP VS and choose Properties. Click on the tab Delivery and then Advanced. In the box FQDN, change it to match the external name. If this is a single server environment then ignore the Check DNS button.

The reverse DNS needs to match the forward DNS and what the server announces itself as.

Simon.
0
 

Author Comment

by:melkiades
Comment Utility
Hi Simon,

I followed your procedure exactly, here's what happens, I now get this in the headers sent from this client:

Received: from stable-mail.stable.com (HELO stable-mail.stablecapital.com) (207.253.178.86)

The HELO part is now fixed, but not the "from".  The "from" is still wrong.

Do you have any idea how to change that one?

Regards,
Alain
0
 
LVL 104

Expert Comment

by:Sembee
Comment Utility
If you telnet to port 25 of your Exchange server, what does the header say?

telnet server.domain.com 25

220 mail.domain.net Microsoft ESMTP MAIL Service, Version: 6.0.3790.1830 ready at
  Wed, 22 Nov 2006 16:24:11 +0000

Simon.
0
 

Author Comment

by:melkiades
Comment Utility
Also, please see the Full Computer Name, that seems to be the name causing all the problems.
Even though I followed your procedure, I couldn't change the FCN:

www.tektonik.com/public/download/fcn.gif

Any idea how to change this without disturbing everything else in the network?

Thank you,
Alain
0
 

Author Comment

by:melkiades
Comment Utility

> it now shows as stable-mail.stablecapital.com but that doesn't change the fact that in the email headers, I still see "received from stable-mail.stable.com".  I just can't believe that remote servers are now stupid enough to force us to use real internet names when naming servers.  Has everybody gone completely nuts and lost their ability to think because of spam?

f you telnet to port 25 of your Exchange server, what does the header say?
telnet server.domain.com 25
220 mail.domain.net Microsoft ESMTP MAIL Service, Version: 6.0.3790.1830 ready at
  Wed, 22 Nov 2006 16:24:11 +0000
0
 
LVL 104

Expert Comment

by:Sembee
Comment Utility
You didn't follow my instructions.
Where did I say to change the server's name? That screenshot is the server's real name.
The FQDN on the SMTP server is different.

The rest of the internet wants your server to announce itself as as a valid name. I could set a server to announce itself as mickeymouse.donaldduck.dom if I wanted to. Wouldn't do any good as that isn't valid on the internet.

Put your domain in to dnsreport.com - that will tell you what the internet sees.

Simon.

0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Author Comment

by:melkiades
Comment Utility
Simon,

I *did* follow your instructions.  I went to the exact place you showed me in your procedure and changed the FQDN to the proper name, which is stable-mail.stablecapital.com.  And it had an effect.

The name you see in that screenshot is a different name, it's the Full Computer Name, and what I'm saying is that the headers I'm receiving from this client now show *both* names, as I posted here:

Received: from stable-mail.stable.com (HELO stable-mail.stablecapital.com) (207.253.178.86)

See the difference: it says "received from stable-mail.stable.com" which is the FCN and is an internal name, but the HELO is right, it shows stable-mail.stablecapital.com.

I would like to fix the first part also - well, I'm assuming that it's the reason why emails are still rejected.

Regards,
Alain
0
 
LVL 104

Expert Comment

by:Sembee
Comment Utility
Is there something in between the server and the Internet?

When I ehlo it, I don't get the response I was expecting.


220 stable-mail.stablecapital.com Microsoft ESMTP MAIL Service, Version: 5.0.219
5.6713 ready at  Wed, 22 Nov 2006 12:07:33 -0500
ehlo
250-stable-mail.stablecapital.com Hello [192.168.100.1]
250-TURN
250-ATRN
250-SIZE
250-ETRN
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-8bitmime
250-BINARYMIME
250-CHUNKING
250-VRFY
250-X-EXPS GSSAPI NTLM LOGIN
250-X-EXPS=LOGIN
250-AUTH GSSAPI NTLM LOGIN
250-AUTH=LOGIN
250-X-LINK2STATE
250-XEXCH50
250 OK

It is giving me an internal IP address, rather than my IP address.

Simon.
0
 

Author Comment

by:melkiades
Comment Utility

Hi Simon,

Firstly, I'd like to say thank you for your help.

Secondly, yes, there is a Linux box (our router / vpn) between the server and the internet.

Maybe I didn't mention it, but we're only having a problem with this one recipient.
Their domain is cgcm.com.  I just contacted their admin about this by email - hoping to get a response soon.

Also, I think that one of the solutions would be to simply let our ISP handle the sending of emails instead of doing it ourselves in Exchange.  
Should I post another message asking how to achieve this?  I'm not too experimented in the points system on experts-exchange.  

Regards,
Alain
0
 
LVL 104

Accepted Solution

by:
Sembee earned 125 total points
Comment Utility
That is probably the cause of the problem then. The Linux server is stamping the messages first.
You can use an SMTP Connector to route email out via another server.
http://www.amset.info/exchange/smtp-connector.asp

Simon.
0
 

Author Comment

by:melkiades
Comment Utility

I just got this message from the admin of the destination server:

======
Hi Alain,
Stablecapital.com was blacklisted as spam by mistake but has been rectified this morning.  I am clueless how it can happen again.  Let me check with my IT guys and I will revert soonest.
Apologies for the inconvenience caused.
======

I can't believe this!  All along the problem was a blacklisting?

The info you have provided taught me new things so I am awarding you the points.

Best Regards,
Alain
0
 

Author Comment

by:melkiades
Comment Utility
I realize that I closed the topic, but I may have done so too early.
Their removal from the blacklist has not fixed the problem.
Amazing as it is, we are still being rejected by that server.

I'll post an update if we find a solution.
I tend to think that the Full Computer Name is the problem here.
About the stamping of the mail by the Linux server: do you see any particular stamping in the header I pasted above?

Cheers,
Alain
0
 
LVL 104

Expert Comment

by:Sembee
Comment Utility
Depending on their setup it may take some time for the blacklist change to fully replicate. I wouldn't expect things to change immediately.

As for the Linux comment, the header above doesn't look right.
This is what an Exchange server puts in its headers:

Received: from mail.domain.co.uk ([195.200.200.200]) by mail.domain.net with Microsoft SMTPSVC(6.0.3790.1830); Wed, 22 Nov 2006 16:54:28 +0000

The ehlo information just looks wrong.

Simon.
0

Featured Post

Free book by J.Peter Bruzzese, Microsoft MVP

Are you using Office 365? Trying to set up email signatures but you’re struggling with transport rules and connectors? Let renowned Microsoft MVP J.Peter Bruzzese show you how in this exclusive e-book on Office 365 email signatures. Better yet, it’s free!

Join & Write a Comment

Resolve Outlook connectivity issues after moving mailbox to new Exchange 2016 server
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now