?
Solved

Undelivereable - Bounced Mail- Dynamic IP, Smarthost Issues with Exchange 2003

Posted on 2008-01-26
18
Medium Priority
?
2,024 Views
Last Modified: 2013-11-30
I installed an Small Business Server 2003 at a location with a DSL connection that does not have a static IP, but a dynamic IP.  Our ISP is Windstream/Alltel.  Our web hosting company is SiteTurn.  We have Exchange working and use Outlook 2007 and or Outlook Web Access.  We can send and receive messages, BUT many messages go undelivered to such places as YAHOO, RoadRunner and a local ISP Modem Madness and others.  Currently we are trying to use the "Default SMTP Virtual Server" configured to use a "Smart host" of mail.domainname.com and as directed by our hosting company outbound port 587 not port 25.  (Not sure if the port matters)  We use DYNDNS to provide DNS for our Windows 2003 Small Business Server, so that we can easily get to the Outlook Web Acess when on the road.  Our Internet provider charges big $$ for a Static IP.

We use the POP3 connector in Exchange to download our mail to the Exchange server.
We try to use the Smart Host to route mail back to mail.domainname.com hosted on SiteTurn.
I believe the problem is that our web hosting company, SiteTurn holds our MX records and when we send mail our Exchange server cannot route the mail back to SiteTurn i.e. mail.domainname.com before going to the recipient thus it looks like SPAM to many recipients mail servers.  We checked SPAMHAUS and we are not on a Blacklist.  My mail/web hosting company is Infinology and I get the messages.
I don't believe I can  have the MX record moved to our sever as it has a dynamic IP, yet a static name thanks to DYNDNS.com  The message header on messages that ARE successfully sent indicates that our ISP is invloved in the sending of the message, yet there is no setting, that I am aware of, that uses our ISP.  I am caught between a seperate web hosting company that also holds our mail records, a different ISP for our location and the home of the Small Business Server, and our Exchange server.

I am willing to purchase a outbound mail service if needed.  DYNDNS sells such a service, but does not fully support Exchange so I am on my own to set this up and do not have enoungh experience with Exchange.

So my question is how can I resolve the undeliverable message problem in my scenario?

0
Comment
Question by:mikeld
  • 9
  • 8
18 Comments
 
LVL 4

Expert Comment

by:antioed
ID: 20752151
Assuming the problem is due to "Reverse DNS Lookups" being performed on the connecting IP, you will need a PTR entry in DNS to be that of whatever the connecting MTA's IP is.  When the mail server connects to another mail server, if that site performs RDNS on your server <server.your.com> and there is not a DNS entry that resolves DNS for that name to the connecting IP the connection will be dropped.

To be honest, I would not suggest running Exchange on a dynamic IP, but for the most part, as long as you don't turn off your WAN device, you should retain the same IP...some ISP's force IP flushes for this reason.  This would mean a new DNS entry each time the IP changes and time for DNS to replicate around root servers.  Some hosting firms allow a way to add dns entries yourself, if yours does that, might not be such a big deal...still have to deal with some rejections until DNS updates.

Read the comments in this link:

http://www.webhostingtalk.com/showthread.php?t=493923

"What you need is RDNS for your base IP, or whatever IP address your MTA (exim, sendmail, etc) connects to. Even though you may have multiple ip addresses for your server, and your sites may have multiple ip addresses, your MTA will only send out mail from one ip address (usually the base ip)."
0
 

Author Comment

by:mikeld
ID: 20752208
Thanks for your response.  Does DYNDNS not help?  Do these records need a name, www.nameserver.com or an actual IP address, 24.22.98.44?  It was my understanding that if I could ship my mail back to our web hosting company's (SiteTurn) SMTP server and then it went out to the recipients from there that all would be well as the RDNS would be that of our web hosting company the same as it comes in on.  I thought this was the purpose of the smart host setting in Exchange.  I cannot get a STATIC IP at a resonable cost, and thought Exchange had provisions for this type of configuration.  I cannot do the DNS entries myself and that is the reason I subscribe to DYNDNS.com service.  What is the purpose of the smart host settings in Exchange?  What is the purpose of the SMTP Connector?  I appreciate the response, but your solution does not fully address my needs.
0
 
LVL 14

Expert Comment

by:isaman07
ID: 20753253
Since you have a dynamic ip address, you cannot have a reverse dns entry. Some companies refuse mail from dynamic addresses. Your best choice will be, using your ISPs mail server as a smarthost, then all your emails will go out as they are coming from your ISP, who has a reverse entry for it's mail server and will be accepted by everyone. While incoming emails, will flow in directly to your server since you have DYNDNS service.
0
Easily manage email signatures in Office 365

Managing email signatures in Office 365 can be a challenging task if you don't have the right tool. CodeTwo Email Signatures for Office 365 will help you implement a unified email signature look, no matter what email client is used by users. Test it for free!

 

Author Comment

by:mikeld
ID: 20754127
isaman07- Forgive my lack of full understanding of these issues, but if our mail is coming from our hosting company, SiteTurn and is brought in by the POP3 connector and then going out via our ISP company, Windstream/Alltel will that scenario not create the same problem?  -That of differing DNS as seen by the recipients anti-SPAM system?  I thought mail systems/anti-SPAM systems like to make sure that the DNS that the message is received from is the same as they would reply to.
Second if the scenario you propose is to work what will I have to ask my ISP for and how do I configure that in Exchange?  Do I need to authenticate on the outbound to make more SPAM systems happy?  Thanks.  
0
 
LVL 14

Expert Comment

by:isaman07
ID: 20754270
Having a different reply to address is not a problem and obviously you don't have problems receiving emails, your problem is sending emails and as i stated, your server having a dynamic address and not being able to have a reverse DNS will cause problems.
Use the email server assigned to you by  your ISP Windstream/Altell as a smarthost, if you don't know, call your ISP to know what is the email server assigned to your account, then launch ESM (exchange system manager, expand servers, expand your servername, expand protocold, finaly expand smtp. Right click on your default smtp virtual server and choose properties, click the delivery tab then advanced, in the smarthost field enter the FQDN (smtp.myisp.com) smtp server address of your ISP.
By default all ISPs relay emails from their clients without authetication. All you need to do, is to know what is the address of your ISPs email server and enter it into exchange, onc done all your problems are solved.
0
 
LVL 14

Expert Comment

by:isaman07
ID: 20754340
To further answer your question, most mail servers are configured to perform a reverse DNS lookup on the source mail server when they receive emails, meaning they will compare the ip adrress of the source server with the name registered with that server. If the name resolves to that ip they will accept it, if not they will reject. This is a good method to avoid lots of spams. Other companies have SPF filters (sender Policy Framework) which is something similar to reverse DNS, the difference is that it will check the source mail server name to make sure that is the right server for the source domain, and if you don't have a SPF record they will reject mail from your server. You can create an spf record for your mailserver, even if you don't have a static IP.In order to understand SPF follow the link
http://www.intermedia.net/support/kb/default.asp?id=1010
In your case you don't have neither Reverse DNS nor SPF, so the best and easiest solution for you is to relay through a known smarthost as your ISPs mail server.
Maybe now you are more confused, but i just wanted to let you know.
0
 

Author Comment

by:mikeld
ID: 20754553
isaman07- No not more confused, but need confirmation.  As long as the sending mail server in this case a smart host of smtp.windstream.net with an IP address of 166.102.165.125 will match we should not have any issues with sending e-mail?  The following scenario will not cause problems:  A mail server/Exchange server www.ourcompany-location.com has a dynamic IP address from Windstream with DNS provided by DYNDNS.com, our web site for our company www.ourcompany.com which is hosted by SiteTurn which we recieve messages from via the POP3 connector and a smart host from Windstream, our ISP will all work together?  Replying to messages will not be a problem as the message will come from SiteTurn/ pop3.ourcompany.com come in to Exchange and go out via Windstreams SMTP server as a smart host of smtp.windstream.net.  Again I thought that this would look suspcious to SPAM filters as the message was sent to us at SiteTurns IP address and the went back via another/Windstream.  If you think this scenario will work I will try it Monday.  Should it work instantly or will DNS around the web need to somehow propogate?
0
 
LVL 14

Expert Comment

by:isaman07
ID: 20754774
This should work instantly. Just add your ISP as a smarthost. And to make it even better, try adding an SPF record in your domains DNS, where the MX servers for your domain areyour own exchage server and your ISPs mail server. This will confirm to the whole world that mails sent from your server and your ISPs server are valid for your domain.
0
 

Author Comment

by:mikeld
ID: 20756518
isaman07- SPF record, what is this acronynm stand for and what does it do?  Whatever that is you are saying that I should ask my web hosting company, SiteTurn, who also holds the MX records to do this?  What would said SPF record look like?  The guys at SiteTurn are very helpful, but I would like an example of what this should read like so I can provide that to them. Is there anything I need my ISP, Windstream to do?  Thanks for your help.  Again I will accomplish these things on Monday and get back to you.
0
 
LVL 14

Expert Comment

by:isaman07
ID: 20756879
Your spf TXT record should look like this
v=spf1 mx ptr:your-ISP-mail-server-name.com mx:your-mail-server-name.com~all
This means that any email sent from your ISPs mail server or from your own mail server are legal emails coming from your domain.
Here are some usefull links
http://www.openspf.org/Introduction
http://old.openspf.org/wizard.html
0
 

Author Comment

by:mikeld
ID: 20757144
isaman07- I will ask SiteTurn to enter
v=spf1 mx ptr:smtp.windstream.net mx:ourexchangeserver.com~all  (this is the name we registered with DYNDNS)  Does that look correct?  Thanks so much for the links.  I will let you know if this works.  I know that our ISP requires authentication on the outbound SMTP.  Not sure how that will change things in Exchange smart host settings or any of the spf records.  Any suggestions?
0
 
LVL 14

Expert Comment

by:isaman07
ID: 20758955
Your spf looks fine, as for the smarthost authentication do the following
ESM-->Servers-->yourservername-->protocols-->smtp-->right click default smtp virtual server-->properties-->delivery-->outbound security-->choose basic authentication-->enter your ISPs assigned username and password-->ok-->now choose advanced-->enter the smart host name
0
 

Author Comment

by:mikeld
ID: 20763312
isaman07- I found out today that Windstream SMTP server will not relay this type of traffic.
I think I also have a problem in that my Exchange server sends mail out as mydomain.com when mydomain.com is actualy at SiteTurn.  The Exchange server is actualy called mydomainname-location.com.  I am unsure if I need to change this in the server or if it matters.  Seems as if it would matter.  
I also tried to use DYNDNS MailHop Outbound service as the smart host outbound.mailhop.org and that did not work either.  I contacte dthe ISP about paying for a static IP and it will takes weeks to get configured.  We do not have this time.  We are open to all suggestions.  Are you for hire?
0
 
LVL 14

Expert Comment

by:isaman07
ID: 20764645
What is that, how come? Do yo uabsolutely need exchange?
0
 

Author Comment

by:mikeld
ID: 20769219
Yes we need exchange.  Your advice has been very helpful and I will award the points.  We are going to get the Static IP address, which at this point seems to be the only sure way to get this working and keep it working.  The Outbound MailHop service is a SMTP server/service that is great in cases where you cannot get your outbound server DNS registered properly.  DYNDNS provides the service and ensures the reverse DNS works.  It would have solved my problem, but I cannot get it configured in Exchange for some reason.  DYNDNS will not assist with the Exchange configuration for their service.  They do provide instructions on their web site, but state they are unsure if they will work.
Thanks again for all of your help.
0
 
LVL 14

Accepted Solution

by:
isaman07 earned 2000 total points
ID: 20771519
I guess that was the best thing to do, now you can ask your ISP to create reverse lookup for you and you don't need a smarthost anymore. Once you have your static ip and reverse dns entry as well as your spf, you should be fine.
0
 

Author Closing Comment

by:mikeld
ID: 31425332
Buy ya beer if you were near.  Thanks so much for your help.  This project has sucked for me and will be glad when it is over.  You assitance helped- Thank you.
0
 
LVL 14

Expert Comment

by:isaman07
ID: 20772541
Thanks buddy and good luck.
0

Featured Post

Free tool for managing users' photos in Office 365

Easily upload multiple users’ photos to Office 365. Manage them with an intuitive GUI and use handy built-in cropping and resizing options. Link photos with users based on Azure AD attributes. Free tool!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Among the most obnoxious of Exchange errors is error 1216 – Attached Database Mismatch error of the Jet Database Engine. When faced with this error, users may have to suffer from mailbox inaccessibility and in worst situations, permanent data loss.
Microsoft Jet database engine errors can crop up out of nowhere to disrupt the working of the Exchange server. Decoding why a particular error occurs goes a long way in determining the right solution for it.
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

601 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question