Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 235
  • Last Modified:

troubleshooting exchange sending issues

One of our clients is having trouble sending email to certain domains.

We are running windows server 2003 and exchange sp2.

As far as I can see we have everything configured correctly - we have a fixed ip, our reverse dns corresponds correctly with our servers FQDN and everything else is working fine.

I have also checked our IP against blacklists using this tool:
http://www.mxtoolbox.com/blacklists.aspx
Everyone seems ok (no listings).


However, they are getting emails bounce back when sent to certain domains.

As an initial test, I found the mx records for a particular problem domain, I pinged it from the server and from a remote machine (both returned the same ip, and response time seemed fine).
Then I telneted into the remote mail server, on a machine outside the company it connected without any problem, but from the server, it would not connect to the remote mail server - it just timed out.

Just wondering if this gives an indication of whats wrong, or what would the next troubleshooting steps be?
0
davids355
Asked:
davids355
  • 7
  • 6
  • 3
1 Solution
 
Manpreet SIngh KhatraSolutions Architect, Project LeadCommented:
Can you verify if that domain is Blacklisted or not and are you able to do a telnet session to that server with its IP.
0
 
Manpreet SIngh KhatraSolutions Architect, Project LeadCommented:
Can you verify if your are able to drop an email using telnet.
0
 
Manpreet SIngh KhatraSolutions Architect, Project LeadCommented:
Can you send mails to that domain user from External account?
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
Manpreet SIngh KhatraSolutions Architect, Project LeadCommented:
0
 
Manpreet SIngh KhatraSolutions Architect, Project LeadCommented:
Do you get any NDR?
0
 
davids355Author Commented:
I canot open a telnet session to the server from our servers ip, I try and connect and it just shows a black screen, then goes back to command prompt (so im assuming its just timing out).

I CAN telnet to the server from outside our network (so sort of confirms its a comms problem from our server to theres).

I have checked blacklists, we are not on any.

We do get ndrs, they say the following:

did not reach the following recipient(s):

***** on Tue, 19 May 2009 12:35:55 +0100
    Could not deliver the message in the time limit specified.  Please retry or contact your administrator.
    <ourFQDN #4.4.7>

I normally find that when there is a blocking issue, we normally get a message either in the ndr, or when I try and telnet. But as there is no error message as such, Im assuming theres some sort of time-out issue? Just dont know how to troubleshoot any further...
0
 
davids355Author Commented:
http://support.microsoft.com/default.aspx?scid=kb;en-us;300171

Regarding this article, we do have a correctly configured RDNS record (nslookup gives our servers FQDN in return from our ip address).
0
 
Manpreet SIngh KhatraSolutions Architect, Project LeadCommented:
Is there any Spam filter or IMF or any antispams set that might have some rules that might be blocking this connection ?
0
 
davids355Author Commented:
we have imf setup, thats about it. But would that effect outgoing mail?
0
 
MesthaCommented:
Timeouts are hard to diagnose, as there could be any number of reasons for those, the bulk of them outside of your control.
Can you telnet to the MX records of the remote domains? If not then that would point to a routing or connectivity issue.

Simon.
0
 
davids355Author Commented:
no we cant telnet to the mx records of the remote domain.
So I guess it does point to a connectivity issue. now that you mention that, i think i had that problem before and someone on experts exchange helped me to create a connector that solved the problem, cant remember how we done it though.

Also, why should we be having these issues? We do have dns setup on the server, but all external dns resolution is forwarded to our router which in turn goes through BT servers, so shouldnt really be an issue there (also we can successfully ping the FQDN of the remote mx servers so doesnt seem to be a dns issue.) Its just really strange...
0
 
MesthaCommented:
Ping means nothing.
It just shows that a packet leaves your server and is returned by something at the other end. Doesn't tell you if it is a router or the server itself. As a troubleshooting tool ping is close to useless.

If you cannot telnet to port 25 of the MX record host name then that means either the server isn't available, you cannot reach it or they are blocking you.

Have you tested the server with one of the public internet based MX testing tools to verify it isn't a more widespread problem?

Otherwise an SMTP Connector to route email via another SMTP server, like your ISPs is the usual way to get around a block. http://www.amset.info/exchange/smtp-connector.asp

Simon.
0
 
davids355Author Commented:
ok fair enough. What I really meant by ping was that it returns the correct ip for the fqdn of the remote server. So ruled out dns issues.

As for telneting in, I can successfully telnet from within another network, so I assume it is a problem specific to our network.
0
 
davids355Author Commented:
Today I have re-checked the server ip for blacklists - and it is listed on a few. accordingly, When telneting into some other mail servers I am getting a message saying that we are listed.

In particular, we are listed on http://www.spamhaus.org CBL; it shows a machine in our network has a virus. The date of listing is today.

I checked all major blacklists yesterday and we definately wernt listed.

My question is this:

Is it possible (even we wernt on any blacklists yesterday) that a mail server could have started blocking our connection attempts because of this?
0
 
MesthaCommented:
Depending on the server setup, they could be using a blacklist to stop all connections. Most blacklist use though is done after the connection, so you would get an NDR to tell you it had failed.

If you are blacklisted then you need to deal with that first.

Simon.
0
 
davids355Author Commented:
sorted blacklists all seems ok now
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

  • 7
  • 6
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now