• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 673
  • Last Modified:

Can't get email from one client

Our domain can't receive emails from one of our client domains, i.e. all of our users can't receive from all of their users.  We send and receive plenty of mail from similar companies fine.  I know, your saying "it's the sender's problem".  But since they do business with us it's OUR problem.  They also say we are the only domain they can't send to.

We are running Exchange 2000 Server SP4 on a windows Server 2000 box with a W2003 Domain Controller.

I have searched for days for a solution.  Our PIX and Exchange 2000 Server appears configured correctly.  Our ISP did an MX test and says we are fine.  EVERYTHING looks fine but we don't get their mail!  Any ideas?  Any help would be gratefully accepted.

BTW, I lost my sense of humor yesterday.  
0
cfsamike
Asked:
cfsamike
  • 8
  • 5
  • 3
  • +1
1 Solution
 
Sebastian TalmonSystem Engineer Datacenter SolutionsCommented:

do they get an error message, or do the mails just get lost somewhere in the nirvana?

If there is an error message / mail:  what is the error message there?

0
 
cfsamikeAuthor Commented:
We had them send the error to an outside address:

Delivery has failed to these recipients or distribution lists:
 
username@cfsa.org
Microsoft Exchange has been trying to deliver this message without success and has stopped trying. Please try sending this message again, or provide the following diagnostic text to your system administrator.

Diagnostic information for administrators:
Generating server: bigfish.com
username@cfsa.org
#< #4.4.7 smtp;550 4.4.7 QUEUE.Expired; message expired> #SMTP#
0
 
cfsamikeAuthor Commented:
One possible issue I forgot to mention is tat our inside domain name - cfsa.org - is the same as our outside domain (AT&T hosted).  BUT our MX settings are correct.
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
jakethecatukCommented:
First thing is to have a chat with your opposite number and get them onside to find a solution.

A good test would be to get them to try and telnet directly to your e-mail server on port 25 to see what happens.  Make sure they use the IP address of your MX record and not the domain name at this time.

They do this by typing from a command prompt: -

   telnet {your IP address} 25

They should see something like this (obviously it will have your domain name, not yahoo): -
   220 mta813.mail.ird.yahoo.com ESMTP YSmtp service ready

If they get that reply, it means they can see your server.  Next thing they can do is to try and establish a dialog with your server using the HELO command with their SMTP DNS name.  Like this: -
   helo smtp.microsoft.com
They will get a reply like: -
   250 mta813.mail.ird.yahoo.com

Next (and the e-mail address must be in <>): -
   mail from: <{user}@{domain name}>
They will get a reply like: -
   250 sender <{user}@{domain name}> ok
Next (and the e-mail address must be in <>): -
   rcpt to: <{user}@{your domain}>
They will get a reply like: -
   250 recipient <{user}@{domain name}> ok
Next: -
   data
They will get a reply: -
   354 Please start mail input.
They can now type any message but the last input must be a '.' on it's own on it's own line.  Example below: -
   Subject: Testing
   hello
   .
They will get the reply: -
   250 Mail queued for delivery.

If they get errors anywhere along the way, then ask them to check the typing.  If not, post the error here.
0
 
Sebastian TalmonSystem Engineer Datacenter SolutionsCommented:

it seems that they use Hosted Exchange Solutions from bigfish.com  - so telnet etc. mentioned by  jakethecatuk is mainly useless, as it only tests the connection from the company-network to your own network - and not from within the bigfish.com-Network where the mail does stop.

Maybe you could directly clarify this with bigfish.com? I think the admins of bigfish.com could see more on this problem then your customer directly.

0
 
Sebastian TalmonSystem Engineer Datacenter SolutionsCommented:

given that the outgoing mailservers of bigfish.com are the same as the MX for incoming mail, you could try (at the command line  / type "cmd" at the "Run"-dialog in start menu)

ping 216.32.180.22

and

ping 65.55.88.22

to see if you could reach the servers of bigfish.com from your own network.

0
 
cfsamikeAuthor Commented:
Ping seems to work fine.

C:\Windows\system32>ping 216.32.180.22

Pinging 216.32.180.22 with 32 bytes of data:
Reply from 216.32.180.22: bytes=32 time=76ms TTL=234
Reply from 216.32.180.22: bytes=32 time=76ms TTL=234
Reply from 216.32.180.22: bytes=32 time=76ms TTL=234
Reply from 216.32.180.22: bytes=32 time=75ms TTL=234

Ping statistics for 216.32.180.22:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 75ms, Maximum = 76ms, Average = 75ms

C:\Windows\system32>ping 65.55.88.22

Pinging 65.55.88.22 with 32 bytes of data:
Reply from 65.55.88.22: bytes=32 time=54ms TTL=238
Reply from 65.55.88.22: bytes=32 time=54ms TTL=237
Reply from 65.55.88.22: bytes=32 time=52ms TTL=238
Reply from 65.55.88.22: bytes=32 time=54ms TTL=237

Ping statistics for 65.55.88.22:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 52ms, Maximum = 54ms, Average = 53ms
0
 
jakethecatukCommented:
all the ping proves is that you can see their servers - which won't really help you get mail from bigfish.com

you will need to engage with bigfish.com to try and get a resolution on this issue.  There may be a setting somewhere within their environment that is causing the problem.  unless they are looking into this, you've got virtuall no chance of getting this resolve.
0
 
Sebastian TalmonSystem Engineer Datacenter SolutionsCommented:

yes, ping does not help much, but it was the only thing he could check himself  (so we could be shure that routing is set up correctly...   I've seen some really weired things in the last years... for example some remote server could not send to my own server but to anyone else... result: wrong submask in his server, so that his server has tried to find my server in his local subnet, and my server seems was the only server with the same first part of his ip-address, so no other server was blocked but mine ;-)
0
 
sufianmehmoodCommented:
chk if your server ip address is blacklisted on some RBL/dnsbl
0
 
cfsamikeAuthor Commented:
I've run several RBL\DNSBL tests and have found our mail server IP or our domain name listed 5 times so far.  I guess the trick now is getting off of them.

One weird listing showed this - Entry matching your Query: E-307008 63.200.0.0/16

Wouldn't using that netmask block an enormous range of addresses, many of them good?
0
 
cfsamikeAuthor Commented:
I was (finally!) told by 2 of our users and one of the outside company people that they are receiving mail from us just fine.  It's only the messages FROM them to us that is being dropped.  Any direction you can give would be helpful!
0
 
jakethecatukCommented:
As I said earlier, you will need to engage with bigfish.com to try and get a resolution on this issue.  There may be a setting somewhere within their environment that is causing the problem.  unless they are looking into this, you've got virtuall no chance of getting this resolved.
0
 
sufianmehmoodCommented:
the best solution for you will be that you try to whitelist/delist your server's ip address. There are also some paid whitelists available that you can use to upgrade your server's credibility. Also, do check your server for open relays before proceeding any further.
0
 
cfsamikeAuthor Commented:
I sent a request to delist@bigfish.com.  Apparently it's being looked at.  No open relays.
I've run countless tests - latest is MXToolbox tests.  Now I've got EE experts and our AT&T ISP telling me things look fine on our end, and a Microsoft tech and one other IT guy telling me we're the one with the problem.  This is getting VERY frustrating. Bottiom line is  a handful of our clients receive all our mail but can't send to us.  ARGGGG....

SMTP:
220 thurston4.cfsa.org Microsoft ESMTP MAIL Service, Version: 5.0.2195.6713 ready at Tue, 30 Mar 2010 09:01:04 -0700

 Not an open relay.
 0 seconds - Good on Connection time
 0.250 seconds - Good on Transaction time
 OK - 63.200.76.77 resolves to mail.cfsa.org
 OK - Reverse DNS matches SMTP Banner

Session Transcript:
HELO please-read-policy.mxtoolbox.com
250 thurston4.cfsa.org Hello [64.20.227.133] [62 ms]
MAIL FROM: <supertool@mxtoolbox.com>
250 2.1.0 supertool@mxtoolbox.com....Sender OK [62 ms]
RCPT TO: <test@example.com>
550 5.7.1 Unable to relay for test@example.com [62 ms]
QUIT
221 2.0.0 thurston4.cfsa.org Service closing transmission channel [62 ms]

PORT SCAN
3 open ports:

  25 smtp Success 47 ms
  80 http Success 62 ms
  3389 remote desktop Success 62 ms

These ports were closed:

  21 ftp No connection could be made because the target machine actively refused it 63.200.76.77:21 0 ms
  22 ssh Timeout 0 ms
  23 telnet Timeout 0 ms
  53 dns Timeout 0 ms
  110 pop3 Timeout 0 ms
  143 imap Timeout 0 ms
  139 netbios Timeout 0 ms
  389 ldap Timeout 0 ms
  443 https Timeout 0 ms
  587 msa-outlook Timeout 0 ms
  1433 sql server Timeout 0 ms
  3306 my sql Timeout 0 ms
  8080 webcache Timeout 0 ms
0
 
cfsamikeAuthor Commented:
Upon posting I just noticed in the SMTP test:
RCPT TO: <test@example.com>
550 5.7.1 Unable to relay for test@example.com [62 ms]

Is that a clue?!
0
 
Sebastian TalmonSystem Engineer Datacenter SolutionsCommented:

the SMTP test is fine - just as it should be!

if your server refuses to relay mail for a foreign domain this is ok...   the bad thing would be if your server relays any mail to a different domain - then anyone could send spam through your server.


I do not think that blacklists are a problem in this case, as they are normally used to identify spam at receipients end (checks blacklist-status OF THE SENDER) - and not used while sending mail.

If it would be a problem of blacklists with your own IP, then you would not succeed in sending mails TO THEM...   but here it is a problem of receiving mails.


I would recommend to get in contact with the guys from bigfish.com, as they should be experts on mail problems when they offer this hosted mail service commercially.

btw, what is delist@bigfish.com for a mail address?   is the blacklist a private blacklist of bigfish?
0
 
cfsamikeAuthor Commented:
So... it seems we had a configuration issue with our ISP.  I was told by their support tech, long ago in this ordeal, that all was OK.  Well it wasn't. After trying all of the excellent solutions given here, I decided to try the ISP once again.  I got a different tech this time and we were able to look at all of our DNS settings as well as all of our configuration.

I think the misconfiguration was brought to light by the recent tightening of SPAM rules.  We could not "slide by" with all of our mail anymore.

Thanks to all who offered suggestions.  I learned a lot!
0

Featured Post

Easily manage email signatures in Office 365

Managing email signatures in Office 365 can be a challenging task if you don't have the right tool. CodeTwo Email Signatures for Office 365 will help you implement a unified email signature look, no matter what email client is used by users. Test it for free!

  • 8
  • 5
  • 3
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now