Can't email to, new ISP 1 week ago

A customer of mine just got a new T1 connection, and everything works except for emailing addresses. They have their own exchange 2003 box, running on SBS 2003. The error we get (after being delayed) is the following:

The following recipient(s) could not be reached: on 1/23/2008 9:36 AM
Could not deliver the message in the time limit specified. Please retry or contact your administrator.
< #4.4.7>

I've already checked the delivery FQDN (which is i tried changing it to (which resolves to the public IP of the router), but that didn't help. we also put in a new router at the same time, but i'm not sure what else would need to be opened in order for this to work properly.

any hints?
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Here's your problem:

Your 2 MX records are:

10 [TTL=7200] IP= (No Glue) [TTL=17634] [US]
20 [TTL=7200] IP= (No Glue) [TTL=17634] [US]

Your public IP for resolves to, which I'm assuming is your public IP for the exchange server?

You also don't have a reverse DNS entry setup, and there is no SPF record for your ISP.

Make your mx record to be, which should point to your Exchange server.
dniconsultingAuthor Commented:
Crap... we use "appriver" for spam filtering, inbound (obviously), but we don't smarthost for outbound. The ISP was supposed to set up a reverse DNS entry to strange. and yes, the IP you list is the public IP of the exchange server.

if we smarthost through appriver, would that solve the problem? we cannot change the mx to or their spam filtering service would not work.
ahhh, okay. We actually do the same thing for all of Exchange customers, as we specialize in email filtering.

Here's what we do:

1. Setup a different MX record than We typically use for our MX record, and point it to our mail server -> the name is arbitrary, as long as it points to the right IP.
2. setup to point to the clients Exchange server for all the other mail servers out there.
3. Setup reverse DNS record with the ISP to point to the public IP of the Exchange server.
4. Setup the Exchange server (or Firewall, usually firewall) to only allow port 25 traffic from our mail server to keep everyone else out, but allow us to push the email to the Exchange server.

Smarthosting would not solve the problem. Your biggest problem is with step one. Start there.
dniconsultingAuthor Commented:
1. Alright, we've got a few A records already set for the Exchange server (remote., exchange., mail.). You're saying add one of those (not mail.) as another MX record, but just not the primary?
2. mail. already points to the exchange server (
3. the RDNS entry with the ISP already points to mail., which points to
4. the firewall is already set to block port 25 except from appriver for incoming mail, and blocks port 25 outbound except for the exchange server.

i guess i'm a little newer at this than i thought :)
Yeah, the A records are not a big deal, except for mail. Make an A record pointing to the host sitting in front of your spam filter provider, then make that the top MX record. I can see that your mail. A record and RDNS are all set now.

FYI, here's a few websites for your reading. If your DNS is in working order, then it could be something on Comcast's side. Can you send email to that user from another email account, ie, Yahoo or Hotmail?


Can you check with your ISP about your SPF record? The DNS report from said that the SPF record was not setup correctly. Otherwise, the rest of your DNS appears to be okay.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.