Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 378
  • Last Modified:

Help with outgoing mail stuck in SBS 2003 R2 Exchange que

THe last few days, users on our SBS 2003 R2 box have been having problems sending emails to some domains (msn.com, yahoo.com and hotmail.com specifically).

When I go into server management, wind my way into the ques of exchange, I see entries for each of these domains, the number of messages for these 3 domains is not zero, the state is retry.

When I click on the line, the status line at the bottom says :

The remote server did not respond to a connection attempt.

I restarted the server and that didn't help.  things were working great for months / years till this happened over the last few days.

any advice?

  • 2
2 Solutions
Do you have an SPF record in your external DNS zone file?

Read http://www.zytrax.com/books/dns/ch9/spf.html for more information or if you want to get completely confused.

To test to see if your domain has a correctly-formed SPF record, go to http://www.kitterman.com/spf/validate.html

Let us know if these help.

binaryhexAuthor Commented:
Using that SPF test, I get this result:
Input accepted, querying now...
SPF records are primarily published in DNS as TXT records. The TXT records found for your domain are:
v=spf1" "mx" "~all
SPF records should also be published in DNS as type SPF records. This is new and most implementations do not support it yet.
No type SPF records found.

Checking to see if there is a valid SPF record.

No valid SPF record found of either type TXT or type SPF.

So I do or don't have an SPF? : )  Doesn't it say I do have a TXT at the start of that?  And then I don't?

And using DNSstuff.com, I get this:
You have an SPF record. This is very good, as it will help prevent spammers from abusing your domain. Your SPF record (I don't check to see if it is well designed!) is:
"v=spf1" "mx" "~all" [TTL=43200]

An SPF record shouldn't be a hard failure, because too many people do not have one. It isn't the magic fix that everyone thinks it is.

I would start by simple connectivity checks. Use online tools to ensure that the servers are actually alive and not failing for everyone. Then attempt to connect using telnet to port 25 of the servers in the MX records.

telnet host.example.com 25

If the cursor just sits there it could be that the remote site is rejecting our connection, but they should return something.

Have you checked you are not on any blacklists?

binaryhexAuthor Commented:
Thanks guys, sorry, but you are dealing with a MORON here!  I did get a good lesson in SPF and exchange servers over this, but that wasn't the issue.

They have openDNS set up so we can control what websites people can get to.  just recently (if I think real hard, which I am trying not to do : ), it was just before this problem started), I tightened up the level of filtering so people can't get to things like, oh, yahoo webmail.  

I turned on logging for smtp in exchange, saw errors about can't connect to (ip address) to send mail to yahoo.com.

do a ping -a (that IP address). and it resolves, rather than to a yahoo hostname, but to an opendns name.  Oh yeah!  I turned up the filtering!

Foolish me, so open dns was keeping people from getting to webmail AND  also keeping exchange from getting to (resolving IPs for ) mx_.yahoo.com, mx_.msn.com etc..

lowered the filtering with opendns and the mail started flowing.

I be a college grajuate

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now