Exchange and Pix 501 , some outgoing email not getting through

I recently setup a pix 501, and for some reason I cannot send to Comcast or yahoo mail, along with some other email address's . Mail was working fine before the PIx install, Most email is going out fine just some aren't>??
  I checked The Exchange mail Queue , nothing there, nothing on the spam filter??
  Any help would sure be appreciated.
   Even when i reply to a mail coming in .It still wont go out.
   Am I correct in thinking the PIX is fine, since it is either allowing or not as per the access list?
   At wits end
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Matthew MillersCommented:
You may need to disable SMTP fixup (on the cisco)

Or the destination domains may require that you have a reverse lookup configured (your ISP)
Drop your domain in here and tell us what it throws up ->

I agree with Matt, odds are it is SMTP fixup
mphil2007Author Commented:
 Thank you for your prompt reply

I added the no fixup smtp 25 line earlier today before i left work and tested, stil nothing
Would I need to do anything to the reverse lookup if all I did was add the pix 501?, everything was working fine prior to that
this is the exact notification I received from Comcast , on a reply about a work order..

 "there was a smtp communication problem with recipients email server"
 So its getting past the pix i guess?
 Could for some reason all these companies suddenly have me as spamming for some reason?

 I am completely confused why some outgoing mail is fine and some aren't
 static ip etc are all the same? nothing has changed except the addition of the pix
  I checked the queue , no spam there, i know Exchange server is not relaying,

Any help would be appreciated of course
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

>>So its getting past the pix i guess?

We don't think that the PIX is in the way, we think it is interfering
Matthew MillersCommented:
Are you actually getting that error from comcast or is your exchange server returning that error? I would have thought it to be your exchange server.

Can you telnet to any of the MX on port 25 from the mail server?

C:\>nslookup -type=mx

Non-authoritative answer:     MX preference = 20, mail exchanger =     MX preference = 20, mail exchanger =     MX preference = 5, mail exchanger = internet address = internet address = internet address =
mphil2007Author Commented:
Thanks for the reply kieran_b:

I checked DNS stuff , and .. it says In fact     FAIL      Open DNS servers  .. which is odd because 2 months ago I took over the exchange server, used dnsstuff ,, checked and fixed eveything, wow why would suddenly revert to opn dns server again, going to remote in and check dns server again
 I didnt even think to look since it was fixed not long ago,, when i took it over it was getting bombarded ,, as an open relay .. hmmm

in my config on the pix it says  no fixup protocol smtp 25 now, i just added a "no" before the command, im pretty sure that was right but, just thought i would check
 well , remoting in to try and figure out why my dns is failing hmm
Open DNS servers is not that much of a problem - it is not open relay

No other errors?
mphil2007Author Commented:
nope , a couple of warnings (yellow) , the dns server was the only error in red,
 should i post the config from pix? im really at a loss here.
 I am currently VPN'd in , at least i got the pix up and vpn running, now this.....
  people are freaking at my job, .. I gotta figure something out.. if anything i need to post let me know i am on the server now.
 Really appreciate the help!!!
Post your domain name, and we will check it out
mphil2007Author Commented:
i typed nslookup


dns request timed out
mphil2007Author Commented:
my bad,
i typed the nslookup wrong., it came back the same as yours
sorry my bad
mphil2007Author Commented:
liitle hesitant about typing that here, guess its safe ?
You have a bad SMTP Greeting, you need to change it to ->

That would explain it...
mphil2007Author Commented:
under fully qualified domain name,
it is already , i see from the link posted above it should say   ??

ok i have changed it to that, let me recheck DNS
Yes, it should be
mphil2007Author Commented:
 Do you know how long it would take for that to update?
   I am testing by sending mail from my office to an email at verizon that i am checking from home, and still not going though.
It has updated now.

But I have more bad news - you are listed on a stack of blacklists;

Run through this ->

The, run through each of these and request removal ->

That is going to take a few days, until then you can route all outbound mail via your ISPs mailserver ->

mphil2007Author Commented:
thanks for the links Kieran,
Looking like i have my work cut out for me,
guess i need to find out if i am still being blacklisted before correcting the problem
  So weird this happened same time i put that pix in.. hmmm co-incidence.
   Well, back in a  bit gonna get busy
  Thank you for your help
mphil2007Author Commented:
Hi Guys,
 Well, it turns out there was a bot on the network, someone disbaled their anti-virus ,
   removed anti-virus etc , cleaned all the machines , installed a server roll-out anti-virus,
   added a line to pix conifg only allowing smtp from the mail server out, denied the rest, unblocked all the blacklists , most of mail is back up.
  Thanks for your help , much appreciated.. thanks for the links, they came in handy for sure!
I do object in part, I mean the asker did solve it by themselves, but being identified as being on a blacklist (and how to remove himself) is something that would have to be followed regardless.  Of course, they are only points, and if the asker honestly feels none of our comments were of value, then I do not object.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
mphil2007Author Commented:
i submitted the points again and added a post ., it is not showing uo?
This question is closed out and we can all move on to other questions.
Thank you to all who participated.

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Email Protocols

From novice to tech pro — start learning today.