We help IT Professionals succeed at work.
Get Started

AT&T blocking e-mails, Exchange 2007, PTR records and Certificates

andersenks asked
Last Modified: 2008-09-29
This is a long one to explain
We are getting 550 and 553 undeliverables from  AT&T and SBC Global e-mail accounts the past few days. I tried submitting an unblock request to : http://att.net/blocks and I get the following e-mail from AT&T
"Thank you for contacting the AT&T Postmaster.

Please contact your hosting provider and inform them of your experience.  The resources at AT&T only block IPs based on the merit of the traffic received.  This underlying issue can only be resolved by the hosting provider administrating this IP.  You are welcome to forward this message to them.

HOSTING PROVIDER: This IP has been blocked as a direct result of the traffic into AT&T resources.  Please check your server logs for anomalies, violations of your acceptable-use policy, and/or compromised servers prior to requesting removal.  Failure to correct these issues will delay the removal of your servers from our blocklist, as well as diminishing the credibility of your network security and the availability of AT&T internet resources."

So after some research I figured it was my PTR record. Now I need to explain how the Exchange server is setup.

-Exchange 2007 SP1
-Windows 2003 x64 server
-Single Exchange server
-No Edge server
-Static IP
-MX record points to "mail.global.frontbridge.com" (Which is a SPAM filtering service that forwards the mail to my Exchange box).
When I implemented Exch 07 I also was doing a domain migration so I had to give the new domain a different name so it went from "domain.com" to "domainInc.com" but external DNS still needed to use "domain.com".
-The NETBIOS name of the Exch box is "mailsvr.domaininc.com".
I figured out that I could add new "Accepted Domain" under the Hub Transport using "%m@domain.com" and set it as the default Reply under the E-mail address Policy. Created my certs, setup webmail and RPC/HTTPS. Everything worked great... Till now, AT&T has *&%ed  my world.

So this is what I have tried so far&

-I had my IP provider create a PTR record on their end to "mail.domain.com" checked it and it comes out correctly  X.X.81.64.in-addr.arpa PTR mail.domain.com
Still not working&
-Changed the FQDN for the send connector to "mail.domain.com"
Started getting Ev ID: 12014 in MS Exch Transport which points to the receive connector FQDN and Send connector FQDN not matching as well as the Cert not having that FQDN.
-Disabled the Default Receive Connector and created a new one with the FQDN of mail.domain.com
-Created a new cert request  using what is described here.. http://technet.microsoft.com/en-us/library/aa998840(EXCHG.80).aspx

Get-ExchangeCertificate (Thumbprints Removed)
Services     Subject
----------      --------   -------
.....             CN=mail.domain.com, O=company, C=us
IP..S           C=US, S=CA, L=City, O=domain.com, OU=domaininc.com, CN=mail.domain.com
IP.W.        CN=mail.domain.com, OU=domaininc.com, O=domain.com, L=City, S=CA, C=US
.....            CN=owamail.domain.com, OU=domaininc.com, O=domain.com, L=City, S=CA, C=US
.....            CN=owamail, OU=domaininc.com, O=domain.com, L=City, S=CA, C=US
.....            CN=mailsvr.DOMAININC.COM, OU=domaininc.com, O=domaininc.com, L=City, S=CA, C=US
.....           CN=owamail.domain.com
.....           CN=mailsvr, OU=domaininc.com, O=domaininc.com, L=City, S=CA, C=US
.....          CN=mailsvr.domaininc.com, OU=domaininc.com, O=domaininc.com, L=City, S=CA, C=US
.....          CN=domain.domaininc.com, OU=CAS, O=domaininc, L=City, S=CA, C=US
.....          CN=domain-cert, DC=domaininc, DC=com
....S         CN=mailsvr
....S         CN=mailsvr

The first line in that Cert request is what was just added CN=mail.domain.com, O=company, C=us

Still no luck. I've restarted transport services or completely rebooted after each of these steps. The problem I believe lies with the NETBIOS name of the server. When I do send mail to my personal account the header looks like this...

Return-Path: <me@domain.com>
Received: from noehlo.host ([])
      by mx-dipper.atl.sa.earthlink.net (EarthLink SMTP Server) with SMTP id 1kG34O53M3Nl36u0; Wed, 17 Sep 2008 15:52:38 -0400 (EDT)
Received: from mail.domain.com ([64.81.x.x])
      by mx-dipper.atl.sa.earthlink.net (EarthLink SMTP Server) with ESMTP id 1kG34D2V63Nl36u0
      for <personal@earthlink.net>; Wed, 17 Sep 2008 15:52:28 -0400 (EDT)
Received: from mailsvr.domaininc.com ([]) by
 mailsvr.domaininc.com ([]) with mapi; Wed, 17 Sep 2008
 12:51:42 -0700
Content-Type: multipart/mixed;
From: me <me@domain.com>
To: personal personal@earthlink.net

Part of it shows the correct PTR "mail.domain.com" other parts still show the server name "mailsvr.domaininc.com"

Have I painted myself into a corner? I am at a point to where I suppose I can rename the domain back to its original name since it is no longer attached to the old forest. Is this as complicated as I'm making it or is there a simpler solution? I think with a MX record pointing to "mail.global.frontbridge.com" and internal and external names being different AT&T's changes have created a mess for me as well as myself.

Any assistance is much appreciated

Watch Question
This problem has been solved!
Unlock 1 Answer and 5 Comments.
See Answer
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE