Solved

Email coming in but not going out

Posted on 2008-10-03
14
792 Views
Last Modified: 2011-10-19
exchange 2003 sp2.
we can get email but not send. Queues get filled up.
im guessing DNS

activated logging and dont see much. but then again dont know what to look for.


2008-10-03 18:59:56 74.208.5.3 OutboundConnectionCommand SMTPSVC1 BDS-EXCH2K3 - 25 HELO - bds-exch2k3.BDS.local 0 0 4 0 266 SMTP - - - -

2008-10-03 18:59:56 74.208.5.4 OutboundConnectionResponse SMTPSVC1 BDS-EXCH2K3 - 25 - - 220+mx01.perfora.net+(mxus7)+Welcome+to+Nemesis+ESMTP+server 0 0 60 0 109 SMTP - - - -

2008-10-03 18:59:56 74.208.5.4 OutboundConnectionCommand SMTPSVC1 BDS-EXCH2K3 - 25 EHLO - bds-exch2k3.BDS.local 0 0 4 0 109 SMTP - - - -

2008-10-03 18:59:56 74.208.5.4 OutboundConnectionResponse SMTPSVC1 BDS-EXCH2K3 - 25 - - 550+RBL+rejection:+http://www.spamhaus.org/query/bl?ip=66.134.31.19 0 0 67 0 219 SMTP - - - -

2008-10-03 18

Open in new window

0
Comment
Question by:icarainc
  • 6
  • 5
  • 2
  • +1
14 Comments
 
LVL 11

Expert Comment

by:Bertling
ID: 22636955
you are on a RBL spam list: 550+RBL+rejection:+http://www.spamhaus.org/query/bl?ip=66.134.31.19

you need to check your RDNS records are correct, that your not an open relay, and that the FQDN of the smtp virtual server is the external mail server name in your DNS.
0
 
LVL 5

Expert Comment

by:marques_salazar
ID: 22636956
Have you gone to spamhaus.org and made sure you're not on their list?
0
 
LVL 11

Expert Comment

by:Bertling
ID: 22637005
is this your internal exchange dns name: bds-exch2k3.BDS.local? it needs to be the external address.

read this article as you also need to check rdns http://www.amset.info/exchange/dnsconfig.asp

also check the mx records at http://www.mxtoolbox.com/ and check and check for RDNS and open relay

0
 
LVL 2

Expert Comment

by:daviddriv
ID: 22637182
One other thing to watch out for is Phishing scams.  Lately we have been getting phishing scams where the email claims the company is going through an email account cleanup exercise and to respond to the email with your user name and password to prevent having you account disabled.  When the user responds, a bot takes over their account and uses it to blast SPAM via OWA.  We ended up on a few RBLs because of this.  Typically we have seen these coming from African ISPs.  Check your OWA logs for access from IP addresses where the first octet is either 41, 80, 196, 84, 92, 200, or 202 (41.x.x.x, etc).  Since not all of the ranges are actually Class A ranges, this may provide false positives, but it may help.
0
 

Author Comment

by:icarainc
ID: 22637281
i see it listed with spamhaus but would htat cause it to stay in the queue?

how do i check rdns? mxtoolbox?
0
 

Author Comment

by:icarainc
ID: 22637320
here is the log file after changing the external fqdn to bds.org

extend1.log
0
 
LVL 2

Expert Comment

by:daviddriv
ID: 22637465
I don't think Spamhaus blocks based on misconfigured SMTP servers.  Though some companies will discard your email if the DNS configuration for your SMTP servers are not correct (my company being one), I do not believe it is enough to get you on the Spamhaus list.  It seems that Spamhaus considers you a confirmed spammer, so you probably should look more towards that.
0
Do email signature updates give you a headache?

Do you feel like you are constantly making changes to email signatures? Are the images not formatting how you want them to? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today.

 

Author Comment

by:icarainc
ID: 22638018
but just becuase it is blocked at spamhaus would not cause any mail at all not to go out.
0
 
LVL 2

Accepted Solution

by:
daviddriv earned 125 total points
ID: 22638148
Is any mail going out at all?  There aren't any RBLs that will stop ALL mail from leaving your servers.  I was assuming you are seeing lots of additional SMTP queues that are backing up, but some mail was going out.  if nothing is going out, you should probably test SMTP outbound from your SMTP server.  You can do this by searchng for an MX record (nslookup <enter> set querytype=mx <enter> yahoo.com <enter>).  Then take that IP address and use telnet to connect to port 25 (telnet 68.142.202.247 25).  Then try sending a message to a valid yahoo.com account using SMTP commands via the telnet session.  Here is an article that shows you how to do that:

http://www.yuki-onna.co.uk/email/smtp.html

You may want to try a couple mail domains (yahoo, gmail, msn, etc) in case you are blacklisted on their site.  If you don't even connect, then you ought to look at outbound firewall rules for your SMTP servers.
0
 

Author Comment

by:icarainc
ID: 22638272
no mails are going out at all. they are sitting in the queues. I think the black list is a separate issue.

0
 
LVL 2

Expert Comment

by:daviddriv
ID: 22638292
Can you connect to remote SMTP servers from your Exchange SMTP servers using the telnet method from above?  If not, then your problem is more than likely network related.
0
 

Author Comment

by:icarainc
ID: 22638449
icarainc

when doing the telnet test i get a 550 unable to relay for xxxx@ccc.com
but when i do the same for an internal address it works fine
0
 
LVL 2

Expert Comment

by:daviddriv
ID: 22638531
Not quite following your most recent post.  However, when you telnet to a remote SMTP server (yahoo.com) the only address you can send a message to is an @yahoo.com address.  If you were able to telnet to one of yahoo's SMTP servers and send a message to an @somewhereelse.com address, that would be the definition of an open relay.  You are able to do this on your local SMTP servers because they should be configured to allow relays for your local IP range.  I should have mentioned it, but you should setup test accounts on the sites you are testing (yahoo, gmail, etc) and send a test message using the telnet method just to see if you get your test message.

 By the way, you don't have an MX record for bds.org...  I see you have an "a" record for bds.org pointing to your SMTP server, but it really ought to have an MX record.  You would want to get that fixed with DynDNS.
0
 

Author Comment

by:icarainc
ID: 22638814
i telneted into the bds server from another remote server and sent an internal message to another bds user. when i attemtpted to send to outside of the bds server i got the relay error.

should i test the telnet from the bds server to another server (yahoo, gmail)?

0

Featured Post

Want to promote your upcoming event?

Attending an event? Speaking at a conference? Or exhibiting at a tradeshow? Easily inform your contacts by using a promotional banner in your email signature. This will ensure your organization’s most important contacts are in the know.

Join & Write a Comment

Local Continuous Replication is a cost effective and quick way of backing up Exchange server data. The following article describes the steps required to configure Local Continuous Replication. Also, the article tells you how to restore from a backup…
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now