• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1423
  • Last Modified:

Can't email to comcast.net, new ISP 1 week ago

A customer of mine just got a new T1 connection, and everything works except for emailing comcast.net addresses. They have their own exchange 2003 box, running on SBS 2003. The error we get (after being delayed) is the following:

The following recipient(s) could not be reached:

odt@comcast.net on 1/23/2008 9:36 AM
Could not deliver the message in the time limit specified. Please retry or contact your administrator.
<tapestrymedical.com #4.4.7>


I've already checked the delivery FQDN (which is tapestrymedical.com). i tried changing it to mail.tapestrymedical.com (which resolves to the public IP of the router), but that didn't help. we also put in a new router at the same time, but i'm not sure what else would need to be opened in order for this to work properly.

any hints?
0
dniconsulting
Asked:
dniconsulting
  • 3
  • 2
1 Solution
 
tntmaxCommented:
Here's your problem:

Your 2 MX records are:

10 server512.appriver.com. [TTL=7200] IP=72.32.252.53 (No Glue) [TTL=17634] [US]
20 server513.appriver.com. [TTL=7200] IP=72.32.252.54 (No Glue) [TTL=17634] [US]

Your public IP for mail.tapestrymedical.com resolves to 71.6.2.106, which I'm assuming is your public IP for the exchange server?

You also don't have a reverse DNS entry setup, and there is no SPF record for your ISP.

Make your mx record to be mail.tapestrymedical.com, which should point to your Exchange server.
0
 
dniconsultingAuthor Commented:
Crap... we use "appriver" for spam filtering, inbound (obviously), but we don't smarthost for outbound. The ISP was supposed to set up a reverse DNS entry to mail.tapestrymedica.com... strange. and yes, the IP you list is the public IP of the exchange server.

if we smarthost through appriver, would that solve the problem? we cannot change the mx to mail.tapestrymedical.com or their spam filtering service would not work.
0
 
tntmaxCommented:
ahhh, okay. We actually do the same thing for all of Exchange customers, as we specialize in email filtering.

Here's what we do:

1. Setup a different MX record than mail.client.com. We typically use maxmail.client.com for our MX record, and point it to our mail server -> the name is arbitrary, as long as it points to the right IP.
2. setup mail.client.com to point to the clients Exchange server for all the other mail servers out there.
3. Setup reverse DNS record with the ISP to point mail.client.com to the public IP of the Exchange server.
4. Setup the Exchange server (or Firewall, usually firewall) to only allow port 25 traffic from our mail server to keep everyone else out, but allow us to push the email to the Exchange server.

Smarthosting would not solve the problem. Your biggest problem is with step one. Start there.
0
 
dniconsultingAuthor Commented:
1. Alright, we've got a few A records already set for the Exchange server (remote., exchange., mail.). You're saying add one of those (not mail.) as another MX record, but just not the primary?
2. mail. already points to the exchange server (71.6.2.106)
3. the RDNS entry with the ISP already points to mail., which points to 71.6.2.106.
4. the firewall is already set to block port 25 except from appriver for incoming mail, and blocks port 25 outbound except for the exchange server.

i guess i'm a little newer at this than i thought :)
0
 
tntmaxCommented:
Yeah, the A records are not a big deal, except for mail. Make an A record pointing to the host sitting in front of your spam filter provider, then make that the top MX record. I can see that your mail. A record and RDNS are all set now.

FYI, here's a few websites for your reading. If your DNS is in working order, then it could be something on Comcast's side. Can you send email to that user from another email account, ie, Yahoo or Hotmail?

- http://support.microsoft.com/kb/284204
- http://www.123together.com/Support/error_447_non_delivery_message.htm
- http://www.webservertalk.com/archive128-2004-7-329518.html

Can you check with your ISP about your SPF record? The DNS report from dnsstuff.com said that the SPF record was not setup correctly. Otherwise, the rest of your DNS appears to be okay.
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now