Solved

Verify DNS records for owa and mail A records - email not being delivered

Posted on 2007-03-28
14
1,814 Views
Last Modified: 2012-05-05
I have been contacted by an admin from a local company saying that they are not able to send mail to our domain.com email addresses.  They receive an NDR eventually that says the following:

The following recipient(s) could not be reached:

      user@domain.com on 3/24/2007 11:13 AM
            The e-mail system was unable to deliver the message, but did not report a specific reason.  Check the address and try again.  If it still fails, contact your system administrator.

            < s001.OTHERDOMAIN.COM #4.0.0 X-Postfix; lost connection with    mail.domain.com [123.123.123.115] while performing the initial protocol    handshake>

The admin says that their Sophos mail server shows logs that the mail is trying to be delivered to owa.domain.com instead of mail.domain.com.  He thinks that my DNS settings for domain.com are not setup correctly and thinks I need to fix it.  I have not heard of any other complaints from other companies not able to contact us via email.  

I am trying to determine if my DNS settings are correct for my setup or if I need to change them.  Since I have the same IP set for owa.domain.com and mail.domain.com the admin believes I need to obtain another IP address from my ISP and set owa.domain.com to it.  Is that necessary?  Let me know if you need any more information.

I have a setup as follows:

Public IP: 123.123.123.115
domain: domain.com

-Small office with SBS 2003, using Exchange for domain emails - domain.com.  The Exchange server is setup for OWA from the external network so that users can access their mail by going to https://owa.domain.com/exchange.  
-Windows 2003 Server with ISA Server 2006 as firewall connected directly to internet connection.  Port 25 is opened and forwarded to SBS server for mail delivery.  Traffic for owa is also forwarded to SBS server.

-------DNS Records---------
Subdomain: .
Type:  NS
Value:  ns1.s422.sureserver.com
TTL:  25920

Subdomain: .
Type:  NS
Value:  ns2.s422.sureserver.com
TTL:  25920

Subdomain: owa
Type:  A
Value:  123.123.123.115
TTL:  14400

Subdomain: .
Type:  A
Value:  234.234.234.142
TTL:  14400

Subdomain: *
Type:  A
Value:  234.234.234.142
TTL:  14400
 
Subdomain: mail
Type:  A
Value:  123.123.123.115
TTL:  14400

Subdomain: .
Type:  MX
Value:  mail.domain.com
TTL:  14400

0
Comment
Question by:jsvor
  • 7
  • 4
  • 2
  • +1
14 Comments
 
LVL 38

Expert Comment

by:Hypercat (Deb)
Comment Utility
The other admin is somewhat correct in that you have two host (A) records pointing to the same public IP.  However, your MX record is correct, so it really shouldn't be a problem.  What I would do, however, would be to make the owa.mydomain.com record an alias (CNAME) record rather than a host (A) record.  This might alleviate the problem.
0
 
LVL 104

Expert Comment

by:Sembee
Comment Utility
That looks like a firewall or other SMTP Communication issue rather than DNS.
Is the ISA getting involved with SMTP delivery, or does it just do OWA?

Does your firewall have any SMTP Scanning features on it? If so, turn them off.

Simon.
0
 
LVL 8

Author Comment

by:jsvor
Comment Utility
Could the problem be that his mail server may be doing a reverse DNS lookup and is getting the owa name from the 123.123.123.115 address?  I believe I have it setup so that the ISA server will not accept anything other than mail being delivered to mail.domain.com.

If I change the DNS record for owa to a CNAME record would that help with the reverse DNS lookup?
0
 
LVL 104

Expert Comment

by:Sembee
Comment Utility
Reverse DNS lookups are only used when receiving email, not sending email.
Are you doing reverse DNS lookups?

Simon.
0
 
LVL 8

Author Comment

by:jsvor
Comment Utility
The ISA server is not doing any scanning on the SMTP mail being delivered that I know of.  I did not set it up to filter anything, just to forward it onto the Exchange server.  The ISA server does the authentication for the OWA connection.
0
 
LVL 8

Author Comment

by:jsvor
Comment Utility
Simon, no we are not doing reverse DNS lookups when receiving mail.
0
 
LVL 104

Expert Comment

by:Sembee
Comment Utility
As I wrote above, I don't think this has anything to do with DNS - it looks like some kind of interference with the SMTP traffic.

Simon.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 8

Author Comment

by:jsvor
Comment Utility
Thanks for the responses.  I'll see if I can find anything in the ISA server logs and also the exchange logs.  Where is the best place to look at the logs for Exchange? Event viewer?
0
 
LVL 8

Author Comment

by:jsvor
Comment Utility
I've looked in the logs and have found some error events - see below:

Event Type: Error
Event Source: MSExchangeTransport
Event Category: SMTP Protocol
Event ID: 7004

Date: 3/28/2007
Time: 5:23:43 PM
User: N/A
Computer: COMPUTERNAME
Description: This is an SMTP protocol error log for virtual server ID 1, connection #2229. The remote host "s001.domain.com", responded to the SMTP command "xexch50" with "504 Need to authenticate first ". The full command sent was "XEXCH50 2336 3 ". This will probably cause the connection to fail.

I changed the loggin on the ExchangeTransport to Medium and will have the admin try sending mail again tomorrow and see what else the logs may say.
0
 
LVL 38

Accepted Solution

by:
Hypercat (Deb) earned 250 total points
Comment Utility
The 7004 event error is common on Exchange 2000 and 2003 servers and usually does not cause a problem.  The only time you need to worry about that error is if it occurs between two internal Exchange servers.  There's a regedit that is supposed to prevent those errors, but in my experience it hasn't worked very well.  You could try it, however, if you're concerned, or just ignore the errors.  Here's a link to an EventID.net page that has some good info on this error:

http://www.eventid.net/display.asp?eventid=7004&eventno=3510&source=MSExchangeTransport&phase=1

Do you have message tracking and SMTP logging turned on in Exchange?  These tools would help you see what is happening at the SMTP gateway and, if the message even gets to Exchange what is happening to it there.
0
 
LVL 8

Author Comment

by:jsvor
Comment Utility
I think I have the logging on that I need but not sure.  Where do I enable message tracking and SMTP logging?
0
 
LVL 104

Assisted Solution

by:Sembee
Sembee earned 250 total points
Comment Utility
Message Tracking is enabled on the first tab of the Properties of the Exchange server in ESM, Servers. You then use Message Tracking Center to track the messages.
SMTP Logging is enabled on the first tab of the default SMTP virtual server in ESM, Servers, <your server>, Protocols, SMTP.

Simon.
0
 
LVL 8

Author Comment

by:jsvor
Comment Utility
Sorry I didn't get back to this earlier.  I was able to fix the issue with the help from you guys.  Since you both thought it wasn't a DNS issue I stopped looking at DNS being the culprit.  What I ended up doing was disabling standard SMTP filter on the ISA server and we were then able to receive mail from the one company.  Since the local company was the only one having issues I have a hard time believing that this was something I had to fix on my end.  I hate not having the simple SMTP filter on eventhough it doesn't do too much.  Thanks for all your help.  I'll split the points between the two of you.
0
 

Expert Comment

by:Beulin
Comment Utility
We had the same problem with a remote vendor who was unable to send email to our site.  We utilize ISA firewalls as well, and you actually need to make a configuration change to the SMTP Filter for ISA.  Here are two articles that speak of the configuration changes:  

http://forums.isaserver.org/m_230066200/tm.htm
http://www.securityfocus.com/infocus/1654

Basically follow these configs on the ISA Server:

Open ISA Management.
Expand Local Server then Configuration, and click on Add-Ins
Double Click the SMTP Filer to bring up the properties
Click on the SMTP Commands tab
Click on NOOP and then click edit
Change the Maximum length from the default (6) to 38 bytes
Apply the changes and then it should work.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Suggested Solutions

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
In this video we show how to create a User Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Mailb…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now