Undelivereable - Bounced Mail- Dynamic IP, Smarthost Issues with Exchange 2003

I installed an Small Business Server 2003 at a location with a DSL connection that does not have a static IP, but a dynamic IP.  Our ISP is Windstream/Alltel.  Our web hosting company is SiteTurn.  We have Exchange working and use Outlook 2007 and or Outlook Web Access.  We can send and receive messages, BUT many messages go undelivered to such places as YAHOO, RoadRunner and a local ISP Modem Madness and others.  Currently we are trying to use the "Default SMTP Virtual Server" configured to use a "Smart host" of mail.domainname.com and as directed by our hosting company outbound port 587 not port 25.  (Not sure if the port matters)  We use DYNDNS to provide DNS for our Windows 2003 Small Business Server, so that we can easily get to the Outlook Web Acess when on the road.  Our Internet provider charges big $$ for a Static IP.

We use the POP3 connector in Exchange to download our mail to the Exchange server.
We try to use the Smart Host to route mail back to mail.domainname.com hosted on SiteTurn.
I believe the problem is that our web hosting company, SiteTurn holds our MX records and when we send mail our Exchange server cannot route the mail back to SiteTurn i.e. mail.domainname.com before going to the recipient thus it looks like SPAM to many recipients mail servers.  We checked SPAMHAUS and we are not on a Blacklist.  My mail/web hosting company is Infinology and I get the messages.
I don't believe I can  have the MX record moved to our sever as it has a dynamic IP, yet a static name thanks to DYNDNS.com  The message header on messages that ARE successfully sent indicates that our ISP is invloved in the sending of the message, yet there is no setting, that I am aware of, that uses our ISP.  I am caught between a seperate web hosting company that also holds our mail records, a different ISP for our location and the home of the Small Business Server, and our Exchange server.

I am willing to purchase a outbound mail service if needed.  DYNDNS sells such a service, but does not fully support Exchange so I am on my own to set this up and do not have enoungh experience with Exchange.

So my question is how can I resolve the undeliverable message problem in my scenario?

mikeldAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

antioedCommented:
Assuming the problem is due to "Reverse DNS Lookups" being performed on the connecting IP, you will need a PTR entry in DNS to be that of whatever the connecting MTA's IP is.  When the mail server connects to another mail server, if that site performs RDNS on your server <server.your.com> and there is not a DNS entry that resolves DNS for that name to the connecting IP the connection will be dropped.

To be honest, I would not suggest running Exchange on a dynamic IP, but for the most part, as long as you don't turn off your WAN device, you should retain the same IP...some ISP's force IP flushes for this reason.  This would mean a new DNS entry each time the IP changes and time for DNS to replicate around root servers.  Some hosting firms allow a way to add dns entries yourself, if yours does that, might not be such a big deal...still have to deal with some rejections until DNS updates.

Read the comments in this link:

http://www.webhostingtalk.com/showthread.php?t=493923

"What you need is RDNS for your base IP, or whatever IP address your MTA (exim, sendmail, etc) connects to. Even though you may have multiple ip addresses for your server, and your sites may have multiple ip addresses, your MTA will only send out mail from one ip address (usually the base ip)."
0
mikeldAuthor Commented:
Thanks for your response.  Does DYNDNS not help?  Do these records need a name, www.nameserver.com or an actual IP address, 24.22.98.44?  It was my understanding that if I could ship my mail back to our web hosting company's (SiteTurn) SMTP server and then it went out to the recipients from there that all would be well as the RDNS would be that of our web hosting company the same as it comes in on.  I thought this was the purpose of the smart host setting in Exchange.  I cannot get a STATIC IP at a resonable cost, and thought Exchange had provisions for this type of configuration.  I cannot do the DNS entries myself and that is the reason I subscribe to DYNDNS.com service.  What is the purpose of the smart host settings in Exchange?  What is the purpose of the SMTP Connector?  I appreciate the response, but your solution does not fully address my needs.
0
isaman07Commented:
Since you have a dynamic ip address, you cannot have a reverse dns entry. Some companies refuse mail from dynamic addresses. Your best choice will be, using your ISPs mail server as a smarthost, then all your emails will go out as they are coming from your ISP, who has a reverse entry for it's mail server and will be accepted by everyone. While incoming emails, will flow in directly to your server since you have DYNDNS service.
0
The Ultimate Tool Kit for Technolgy Solution Provi

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy for valuable how-to assets including sample agreements, checklists, flowcharts, and more!

mikeldAuthor Commented:
isaman07- Forgive my lack of full understanding of these issues, but if our mail is coming from our hosting company, SiteTurn and is brought in by the POP3 connector and then going out via our ISP company, Windstream/Alltel will that scenario not create the same problem?  -That of differing DNS as seen by the recipients anti-SPAM system?  I thought mail systems/anti-SPAM systems like to make sure that the DNS that the message is received from is the same as they would reply to.
Second if the scenario you propose is to work what will I have to ask my ISP for and how do I configure that in Exchange?  Do I need to authenticate on the outbound to make more SPAM systems happy?  Thanks.  
0
isaman07Commented:
Having a different reply to address is not a problem and obviously you don't have problems receiving emails, your problem is sending emails and as i stated, your server having a dynamic address and not being able to have a reverse DNS will cause problems.
Use the email server assigned to you by  your ISP Windstream/Altell as a smarthost, if you don't know, call your ISP to know what is the email server assigned to your account, then launch ESM (exchange system manager, expand servers, expand your servername, expand protocold, finaly expand smtp. Right click on your default smtp virtual server and choose properties, click the delivery tab then advanced, in the smarthost field enter the FQDN (smtp.myisp.com) smtp server address of your ISP.
By default all ISPs relay emails from their clients without authetication. All you need to do, is to know what is the address of your ISPs email server and enter it into exchange, onc done all your problems are solved.
0
isaman07Commented:
To further answer your question, most mail servers are configured to perform a reverse DNS lookup on the source mail server when they receive emails, meaning they will compare the ip adrress of the source server with the name registered with that server. If the name resolves to that ip they will accept it, if not they will reject. This is a good method to avoid lots of spams. Other companies have SPF filters (sender Policy Framework) which is something similar to reverse DNS, the difference is that it will check the source mail server name to make sure that is the right server for the source domain, and if you don't have a SPF record they will reject mail from your server. You can create an spf record for your mailserver, even if you don't have a static IP.In order to understand SPF follow the link
http://www.intermedia.net/support/kb/default.asp?id=1010
In your case you don't have neither Reverse DNS nor SPF, so the best and easiest solution for you is to relay through a known smarthost as your ISPs mail server.
Maybe now you are more confused, but i just wanted to let you know.
0
mikeldAuthor Commented:
isaman07- No not more confused, but need confirmation.  As long as the sending mail server in this case a smart host of smtp.windstream.net with an IP address of 166.102.165.125 will match we should not have any issues with sending e-mail?  The following scenario will not cause problems:  A mail server/Exchange server www.ourcompany-location.com has a dynamic IP address from Windstream with DNS provided by DYNDNS.com, our web site for our company www.ourcompany.com which is hosted by SiteTurn which we recieve messages from via the POP3 connector and a smart host from Windstream, our ISP will all work together?  Replying to messages will not be a problem as the message will come from SiteTurn/ pop3.ourcompany.com come in to Exchange and go out via Windstreams SMTP server as a smart host of smtp.windstream.net.  Again I thought that this would look suspcious to SPAM filters as the message was sent to us at SiteTurns IP address and the went back via another/Windstream.  If you think this scenario will work I will try it Monday.  Should it work instantly or will DNS around the web need to somehow propogate?
0
isaman07Commented:
This should work instantly. Just add your ISP as a smarthost. And to make it even better, try adding an SPF record in your domains DNS, where the MX servers for your domain areyour own exchage server and your ISPs mail server. This will confirm to the whole world that mails sent from your server and your ISPs server are valid for your domain.
0
mikeldAuthor Commented:
isaman07- SPF record, what is this acronynm stand for and what does it do?  Whatever that is you are saying that I should ask my web hosting company, SiteTurn, who also holds the MX records to do this?  What would said SPF record look like?  The guys at SiteTurn are very helpful, but I would like an example of what this should read like so I can provide that to them. Is there anything I need my ISP, Windstream to do?  Thanks for your help.  Again I will accomplish these things on Monday and get back to you.
0
isaman07Commented:
Your spf TXT record should look like this
v=spf1 mx ptr:your-ISP-mail-server-name.com mx:your-mail-server-name.com~all
This means that any email sent from your ISPs mail server or from your own mail server are legal emails coming from your domain.
Here are some usefull links
http://www.openspf.org/Introduction
http://old.openspf.org/wizard.html
0
mikeldAuthor Commented:
isaman07- I will ask SiteTurn to enter
v=spf1 mx ptr:smtp.windstream.net mx:ourexchangeserver.com~all  (this is the name we registered with DYNDNS)  Does that look correct?  Thanks so much for the links.  I will let you know if this works.  I know that our ISP requires authentication on the outbound SMTP.  Not sure how that will change things in Exchange smart host settings or any of the spf records.  Any suggestions?
0
isaman07Commented:
Your spf looks fine, as for the smarthost authentication do the following
ESM-->Servers-->yourservername-->protocols-->smtp-->right click default smtp virtual server-->properties-->delivery-->outbound security-->choose basic authentication-->enter your ISPs assigned username and password-->ok-->now choose advanced-->enter the smart host name
0
mikeldAuthor Commented:
isaman07- I found out today that Windstream SMTP server will not relay this type of traffic.
I think I also have a problem in that my Exchange server sends mail out as mydomain.com when mydomain.com is actualy at SiteTurn.  The Exchange server is actualy called mydomainname-location.com.  I am unsure if I need to change this in the server or if it matters.  Seems as if it would matter.  
I also tried to use DYNDNS MailHop Outbound service as the smart host outbound.mailhop.org and that did not work either.  I contacte dthe ISP about paying for a static IP and it will takes weeks to get configured.  We do not have this time.  We are open to all suggestions.  Are you for hire?
0
isaman07Commented:
What is that, how come? Do yo uabsolutely need exchange?
0
mikeldAuthor Commented:
Yes we need exchange.  Your advice has been very helpful and I will award the points.  We are going to get the Static IP address, which at this point seems to be the only sure way to get this working and keep it working.  The Outbound MailHop service is a SMTP server/service that is great in cases where you cannot get your outbound server DNS registered properly.  DYNDNS provides the service and ensures the reverse DNS works.  It would have solved my problem, but I cannot get it configured in Exchange for some reason.  DYNDNS will not assist with the Exchange configuration for their service.  They do provide instructions on their web site, but state they are unsure if they will work.
Thanks again for all of your help.
0
isaman07Commented:
I guess that was the best thing to do, now you can ask your ISP to create reverse lookup for you and you don't need a smarthost anymore. Once you have your static ip and reverse dns entry as well as your spf, you should be fine.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
mikeldAuthor Commented:
Buy ya beer if you were near.  Thanks so much for your help.  This project has sucked for me and will be glad when it is over.  You assitance helped- Thank you.
0
isaman07Commented:
Thanks buddy and good luck.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Email Protocols

From novice to tech pro — start learning today.