eulogy1211
asked on
Company cannot receive NDRs - filtered through Postini
Hello all -
Working on a weird issue I haven't seen before.
I currently have a client with a 2003 SBS Server running Exchange SP2. They smarthost through their ISP for outgoing mail, and incoming is filtered by Postini (it was their decision).
I re-configured their PIX firewall about 6 months ago when they cut over to Postini - I set it up to ONLY allow 25 traffic from Postini's mail servers. Has been working fine ever since. However - a few days ago the client contacted me and mentioned they no longer seem to be getting NDRs - sure enough - I hop in, start sending mail to bogus domains, invalid recipients at my domain, etc. - NO NDRs come back. Ever
I log into my gmail account - try the same test bogus e-mails, and I'm flooded with returned NDRs.
What the HECK could be causing this? I immediately told him verify with Postini and check to make sure all is well on their end. Their ISP/Smarthost pretty much said the same thing.
Anyone think of anything locally on the server, configuration wise I should be looking for? Or anyone can clarify anything? Aren't NDRs treated just like normal mail? Sending server of the NDR looks up MX Record, Goes to Positini, Postini sends it to client's public IP/mail server?
Any help would be much appreciated.
Working on a weird issue I haven't seen before.
I currently have a client with a 2003 SBS Server running Exchange SP2. They smarthost through their ISP for outgoing mail, and incoming is filtered by Postini (it was their decision).
I re-configured their PIX firewall about 6 months ago when they cut over to Postini - I set it up to ONLY allow 25 traffic from Postini's mail servers. Has been working fine ever since. However - a few days ago the client contacted me and mentioned they no longer seem to be getting NDRs - sure enough - I hop in, start sending mail to bogus domains, invalid recipients at my domain, etc. - NO NDRs come back. Ever
I log into my gmail account - try the same test bogus e-mails, and I'm flooded with returned NDRs.
What the HECK could be causing this? I immediately told him verify with Postini and check to make sure all is well on their end. Their ISP/Smarthost pretty much said the same thing.
Anyone think of anything locally on the server, configuration wise I should be looking for? Or anyone can clarify anything? Aren't NDRs treated just like normal mail? Sending server of the NDR looks up MX Record, Goes to Positini, Postini sends it to client's public IP/mail server?
Any help would be much appreciated.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
A little more information.
I did open port 25 incoming from any host on the PIX, so if the ISP was trying to send mail back to the source IP - I would assume that this would resolve it?
Honestly - I don't know why they smarthost for outgoing mail, they have a T1 and I know outbound port 25 isn't blocked - if I just remove the smarthost settings, and just send 25 out from there - would that have any positive affect on allowing these NDRs to come in?
I did open port 25 incoming from any host on the PIX, so if the ISP was trying to send mail back to the source IP - I would assume that this would resolve it?
Honestly - I don't know why they smarthost for outgoing mail, they have a T1 and I know outbound port 25 isn't blocked - if I just remove the smarthost settings, and just send 25 out from there - would that have any positive affect on allowing these NDRs to come in?
Most filtering companies suggest restrictions on the SMTP virtual server as well.
Smarthost is usually done when someone cannot get their DNS configured correctly. You need a DNS, reverse DNS and SMTP banner ideally matching but they all must resolve. So you could create a DNS record of outbound.domain.com - get a reverse DNS record set as that and set the FQDN field on the SMTP virtual server to outbound.domain.com and most email should send. NDRs will then be seen.
Simon.
Smarthost is usually done when someone cannot get their DNS configured correctly. You need a DNS, reverse DNS and SMTP banner ideally matching but they all must resolve. So you could create a DNS record of outbound.domain.com - get a reverse DNS record set as that and set the FQDN field on the SMTP virtual server to outbound.domain.com and most email should send. NDRs will then be seen.
Simon.
ASKER
Apologize for the late delay - crazy holidays.
After much troubleshooting and trial and errors, here's what I came up with.
We took postini out of the equation - created a new MX record with lower priority, sent all mail to our server from there. Same deal
Long story short - i removed the smarthost through our ISP, and just send mail using DNS from our exchange server, no problem, all is well.
Apparently they had a dynamic IP at one point (hence the smarthost setup) so they wouldn't get rejected on reverse DNS lookups.
They now have a full T1 - sending mail is no problem. Thanks for your help
After much troubleshooting and trial and errors, here's what I came up with.
We took postini out of the equation - created a new MX record with lower priority, sent all mail to our server from there. Same deal
Long story short - i removed the smarthost through our ISP, and just send mail using DNS from our exchange server, no problem, all is well.
Apparently they had a dynamic IP at one point (hence the smarthost setup) so they wouldn't get rejected on reverse DNS lookups.
They now have a full T1 - sending mail is no problem. Thanks for your help
ASKER