domain name is blocked from sending email to a small handful of other domains. Not on a blacklist.

Sent emails appear in the mailbox queue attempting to "retry".  After 24 hours a message is sent to the internal sender saying, that is still trying to send.  in 48 hours the message fails.  This is happening on about 10% of our email and it is happening to the same domains.  90% of the email is being sent properly.  I've checked blacklists repetedly and mxtoolbox says I'm ok with the exception of the diagnostics which says, "Warning - Reverse DNS does not match SMTP Banner".
This problem started 4/8/10

thanks for your help.

Chuck
OrionrenoAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Bruno PACIIT ConsultantCommented:
Hi,

This in a common error in a mail server configuration.

When your mail server delivers mails to remote destination mail servers a SMTP dialog occurs between the two parts. The dialog starts by a SMTP command "HELO mymaildomain.com" sent by the emitting serer to the receiving server.
In the command succeed, the SMTP dialog goes on with successives SMTP commands like "MAIL FROM:myuser@mymaildomain.com", "RCPT TO:youruser@yourmaildomain.com", "DATA ...", etc...

To avoid forged e-mails from Internet spammers, some mail servers make a Reverse DNS check on the IP address of your server.
This means that just after you send the "HELO mymaildomain.com" the receiving server takes the IP address of your sending mail server and ask Internet DNS servers with a reverse query to obtain the DNS name matching this IP address (let's say the result is "mailserver1.mymaildomain.com").
After that, the receiving server takes the SMTP domain name your server gave in the HELO command (here it is "mymaildomain.com") and asks Internet DNS servers for the MX record for this name. Let's say the DNS servers answer is "mailserver1.mymaildomain.com, mailserver2.mymaildomain.com".
As the MX record contains the name "mailserver1.mymaildomain.com" that match with the name obtained by the reverse DNS query on the IP address the SMTP dialog coming from your server is accepted and things go on with SMTP mail delivering.

If there's no matching between the name obtained in the MX record and the name obtained by the reverse DNs query the receiving server usually close immediatly the SMTP session and the delivery is aborted... you mail server then keep the outgoing mail in its delivry queue for a future retries. By default, after 48 hours of retries the mail is removed form the delivery queue and will not be delivered any more...

What probably cause your problem is that the DNS reverse record for your outgoing SMTP server is missing or is not matching the names in the MX record for your SMTP domain.

You have to check that and eventually make it fixed by your ISP.


Have a good day.
0
Hilal1924Commented:
Add these two records in your external DNS server and hopefully your troubles will go away:
1. PTR record for your Outgoing Mail Server.
2. SPF Record ( Always Nice to Have)
Can you please specify the domains to which you are not able to send email. It could be many reason but absence of Reverse DNS could be one of them since it is used for Sender ID filtering etc.
Hilal
0
Jamie McKillopIT ManagerCommented:
Hello,

PaciB has the process and cause of your problem almost correct but not quite. The recipient's server is doing a reverse DNS lookup on the IP of your server. It is then comparing the DNS name returned for your IP to the hostname name you specified in your SMTP banner. In your case, they do not match.

You need to ensure three things are correct and all match up. First, that you have a revese DNS (PTR) record created for the IP of your sending mail server. Second, you need to ensure that you have an 'A' record for your sending mail server. The IP and hostname should match exactly between the two records. Third, the hostname specified in your SMTP banner should match the hostname you specified inthe DNS records.

JJ
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

OrionrenoAuthor Commented:
Thanks to both for your replies!

When I do a reverse DNS lookup on mail.temperatsure.com (67.138.10.235) everything appears correct.  I even went into the default SMTP Virtual Server Properties, Advanced delivery and changed my FQDN to mail.temperatsure.com from "server".temperatsure.com.  (advice from Experts-Exchange)  It did give me a error, but allowed the change.

As for the domains not going through:  donahue-corry.com, hotmail.com, pdspack.com, sentrybps.com, staples.com, unisourcelink.com, and verizon.com.  

I changed my public IP a few months ago (November), and the ISP failed to put in the PTR record in, which they did about 3 days later.  Everything has been working great up until 4/8/10.  

I'm pulling out the little hair I have left!

Thanks again ofr all your help!
0
Jamie McKillopIT ManagerCommented:
The SMTP banner for your server is mail.temperatsure.local. You need to change the .local to .com

JJ
0
OrionrenoAuthor Commented:
jjmck,

Thanks for this,

I've read alot about the SMTP banner but to change it is very unclear to me.  I went to support tools and ran ldp.exe.  And honestly I have no idea where to make the necessary change to make the banner correct.
0
Jamie McKillopIT ManagerCommented:
Open ESM, expand your server - protocols - SMTP and open the Properties page for the Default SMTP Virtual Server. Go to the Delivery tab and click Advanced. In the Fully-qualified domain name field, enter mail.temperatsure.com

JJ
0
OrionrenoAuthor Commented:
jjmck,

I made the change in "advanced delivery"  I cant believe that I missed the .local vs. .com.  

How did you see that?  I looked at mxtoolbox, dnsstuff, and a host of other sites without seeing the .local ?

0
Jamie McKillopIT ManagerCommented:
You would not see the .local unless you telnet to your mail server, which is what I did. All your DNS records are correct, which is why the other tools showed everything was OK.

JJ
0
OrionrenoAuthor Commented:
Will the emails in Queue eventually send?  Is there anything I need to do at this point (restart svcs, restart server etc)
0
Jamie McKillopIT ManagerCommented:
Yes, the emails in the queue will eventually send. There is nothing else for you to do. It may take a bit of time for all the emails to send as they would be on a retry interval.

JJ
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
OrionrenoAuthor Commented:
HUGE RELIEF!

Thanks jjmck.  You made it easy!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Server Apps

From novice to tech pro — start learning today.