Email for certain senders being rejected

I have a SBS2003 server running both exchange and ISA.  About a month ago, certain senders email started to be rejected.  They are getting the following message back:

"[] #<[] #5.0.0 smtp; 5.4.7 - Delivery expired (message too old) [Default] '[Errno 54] Connection reset by peer' (delivery attempts: 69)> #SMTP#

I've used the message tracking center to find the emails and they do not exist so I know they are not getting that far.  I also had the sender have someone else in his organization send an email to see if we were blocking him for some reason but it appears to be the domain.  Messages are not being blocked by the intelligent message filter either.

Only change about the same time was I went from using DynDNS to a static IP address on the DSL modem.  I only have one MX record in the DNS and it is pointing to the IP on the DSL modem.  I heard of one other sender geting this error too from a different domain, but the majority of mail is coming through with no problem.

I'm struggling to figure out where to look to see why these keep being rejected.  Thanks in advance for the help!
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

You may need to have a reverse dns lookup put on your static IP.  Many of the big companies (comcast, aol, etc), use spam filters that require the reverse dns lookup in order to receive the email.  If you do not have the reverse dns, the email will not go through.  The best way to find out if you have this is to go to and put your static IP address in to see if it has a reverse lookup entry (should be host.domain).  

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Expanding on what nettek0300 said. if you're using AT&T or SBC you need to send an email to the DNS team.
Here's the reference:  

You can also use if your ip is on a blacklist.
If you problem is not recieving INBOUND mail, which is what I got, I would start by checking you anti-spam software.  You can also check the DNS blacklists for those particular domains you do not recieve.
You'll need to figure out thier email server's IP address, which may require some DNSlookup work.
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

KZimAuthor Commented:
Thanks for the feedback.  Checked and am not blacklisted, but do not have a reverse DNS setup.  Need to get a hold of qwest.  

Help me understand two things:  First, this is someone outside my organization sending to me, and their email is being rejected as it is coming into me.  You're thinking it's because our ISP is rejecting it because our static IP doesn't have reverse lookup?

Second, what do I request in the reverse lookup?  Our domain name (ie or the a record that points to the static IP address on my dsl modem (fronting the exchange server)?  I'm thinking the because of that's what's built in DNS, right?

Thanks again!
If it is inbound emails that you are not receiving, the problem may actually be the reverse of what I said.  Qwest may be block the senders for some reason, possibly because they do not have a reverse lookup.  I misunderstood the question.  I thought you were having trouble sending out.  In either case, I would go back to Qwest and explain the situation to them.  It would be handy to have a list of rejected senders and/or sender domains to give them.
I would check to see if your port 25 is open from your ISA rules. That's if you're using ISA for packetfiltering (firewall).  Otherwise, you can check your firewall if it's blocking port tcp 25.  You can do from a remote location and following this guide: [Don't think this is really your problem but, doesn't hurt to check]

If you fixed this, the next thing you should do is check if your MX is set up correctly on the NS of your domain. This depends on if you're using their name server or not, or if you're using your own (which i highly doubt due to security issues and what not).  [Don't think this one is either]

If all these are correct, then do you have a spam filter in place?  Intelligent message filter does not show in the message tracking, at least I don't think.  However you can set your virtual smtp to log errors and you can see if there's any clues there.  You may need to open the log in excel, because it's space delimited.  The other thing you can do is find out the sender's email server and put the ip in the RBL server you are using in your intelligent message filter or use
KZimAuthor Commented:
I did find out that qwest allows you to configure your reverse dns yourself at

Can someone validate my other question of what do I request in the reverse lookup?  Our domain name (ie or the a record that points to the static IP address on my dsl modem (fronting the exchange server)?

I'm thinking the because of that's what's built in DNS, right?  But want to get this right.

If it's inbound mail thats a problem,  reverse DNS, and YOU being a a blacklist, is *irrelevant*.
Your spam blocker or ISP may be blocking the sender if THEY are on a blacklist tho.
Korbus is correct.  Reverse DNS is irrelevant with inbound issues.  If you are not having trouble sending email, I would not worry about the reverse DNS.  You need to go to Qwest and find out why your sender's are getting blocked.
KZimAuthor Commented:
After reading some other posts, I've monitored ISA (ISA 2004) to see if things are being blocked for these senders, etc.  I am seeing a lot of the following denial/error:

"A connection was abortively closed after one of the peers sent a RST segment"  And it shows it is an

I read one post on this site that discusses this, but it referred to turning off reverse DNS on exchange, which I don't have on and I'm still having this issue.

Any thoughts?
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.