dniconsulting
asked on
Can't email to comcast.net, new ISP 1 week ago
A customer of mine just got a new T1 connection, and everything works except for emailing comcast.net addresses. They have their own exchange 2003 box, running on SBS 2003. The error we get (after being delayed) is the following:
The following recipient(s) could not be reached:
odt@comcast.net on 1/23/2008 9:36 AM
Could not deliver the message in the time limit specified. Please retry or contact your administrator.
<tapestrymedical.com #4.4.7>
I've already checked the delivery FQDN (which is tapestrymedical.com). i tried changing it to mail.tapestrymedical.com (which resolves to the public IP of the router), but that didn't help. we also put in a new router at the same time, but i'm not sure what else would need to be opened in order for this to work properly.
any hints?
The following recipient(s) could not be reached:
odt@comcast.net on 1/23/2008 9:36 AM
Could not deliver the message in the time limit specified. Please retry or contact your administrator.
<tapestrymedical.com #4.4.7>
I've already checked the delivery FQDN (which is tapestrymedical.com). i tried changing it to mail.tapestrymedical.com (which resolves to the public IP of the router), but that didn't help. we also put in a new router at the same time, but i'm not sure what else would need to be opened in order for this to work properly.
any hints?
ASKER
Crap... we use "appriver" for spam filtering, inbound (obviously), but we don't smarthost for outbound. The ISP was supposed to set up a reverse DNS entry to mail.tapestrymedica.com...
if we smarthost through appriver, would that solve the problem? we cannot change the mx to mail.tapestrymedical.com or their spam filtering service would not work.
if we smarthost through appriver, would that solve the problem? we cannot change the mx to mail.tapestrymedical.com or their spam filtering service would not work.
ahhh, okay. We actually do the same thing for all of Exchange customers, as we specialize in email filtering.
Here's what we do:
1. Setup a different MX record than mail.client.com. We typically use maxmail.client.com for our MX record, and point it to our mail server -> the name is arbitrary, as long as it points to the right IP.
2. setup mail.client.com to point to the clients Exchange server for all the other mail servers out there.
3. Setup reverse DNS record with the ISP to point mail.client.com to the public IP of the Exchange server.
4. Setup the Exchange server (or Firewall, usually firewall) to only allow port 25 traffic from our mail server to keep everyone else out, but allow us to push the email to the Exchange server.
Smarthosting would not solve the problem. Your biggest problem is with step one. Start there.
Here's what we do:
1. Setup a different MX record than mail.client.com. We typically use maxmail.client.com for our MX record, and point it to our mail server -> the name is arbitrary, as long as it points to the right IP.
2. setup mail.client.com to point to the clients Exchange server for all the other mail servers out there.
3. Setup reverse DNS record with the ISP to point mail.client.com to the public IP of the Exchange server.
4. Setup the Exchange server (or Firewall, usually firewall) to only allow port 25 traffic from our mail server to keep everyone else out, but allow us to push the email to the Exchange server.
Smarthosting would not solve the problem. Your biggest problem is with step one. Start there.
ASKER
1. Alright, we've got a few A records already set for the Exchange server (remote., exchange., mail.). You're saying add one of those (not mail.) as another MX record, but just not the primary?
2. mail. already points to the exchange server (71.6.2.106)
3. the RDNS entry with the ISP already points to mail., which points to 71.6.2.106.
4. the firewall is already set to block port 25 except from appriver for incoming mail, and blocks port 25 outbound except for the exchange server.
i guess i'm a little newer at this than i thought :)
2. mail. already points to the exchange server (71.6.2.106)
3. the RDNS entry with the ISP already points to mail., which points to 71.6.2.106.
4. the firewall is already set to block port 25 except from appriver for incoming mail, and blocks port 25 outbound except for the exchange server.
i guess i'm a little newer at this than i thought :)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Your 2 MX records are:
10 server512.appriver.com. [TTL=7200] IP=72.32.252.53 (No Glue) [TTL=17634] [US]
20 server513.appriver.com. [TTL=7200] IP=72.32.252.54 (No Glue) [TTL=17634] [US]
Your public IP for mail.tapestrymedical.com resolves to 71.6.2.106, which I'm assuming is your public IP for the exchange server?
You also don't have a reverse DNS entry setup, and there is no SPF record for your ISP.
Make your mx record to be mail.tapestrymedical.com, which should point to your Exchange server.