Emails from some domains not routing to our server

We have trouble getting email from SOME domains delivered to our mail server.  We get MOST email delivered to us, but certain domains are unable to email us.

An example of domains that will not deliver to us are:
experts-exchange.com
salesforce.com
rei.com

PREVIOUSLY we had all email sent directly to our email server:  Emails from the problem domains never seemed to touch our email server; there was no record of the email in the SMTP logs.

NOW we have all email routed to the google/postini mail security service:  According to all logs and tests, email from problem domains never get to this service either.

The domain that receives the email is edgeworksclimbing.com.  Like I said, MOST email for this domain gets to our email server.  

Our domains are hosted by 1and1.

We have a second domain that we have hosted (edgeworks-climbing.com).  If we set up a hosted email account on this domain and have it forward to edgeworksclimbing.com the email will get to us (even from the problem domains).

We can not understand why emails from certain domains that are sent directly to test@edgeworksclimbing.com will not get to us, but if we have it sent to the hosted (by 1and1) email address at test@edgeworks-climbing.com and forward to test@edgeworksclimbing.com it will get to us.

It seems the routing to our edgeworksclimbing.com address is broken.

Here are our domain DNS settings:

Domain name: edgeworksclimbing.com
Name server:  1&1 name server
IP address (A record): 1&1 IP  
Mail server (MX record): Other mail server:
edgeworksclimbing.com.s9a1.psmtp.com, Prio1
edgeworksclimbing.com.s9a2.psmtp.com, Prio2
edgeworksclimbing.com.s9b1.psmtp.com, Prio3
edgeworksclimbing.com.s9b2.psmtp.com, Prio4

(These are the settings given to us, exactly by google/postini.  They wanted the address to end with a period but 1and1 would not accept an address ending in a period.  Example: "psmtp.com.")

This routes to the google/postini mail security service which then routes to:

Domain name: mail.edgeworksclimbing.com
Name server:  1&1 name server
IP address (A record): Other IP: 71.39.95.241
Mail server (MX record): Other mail server:
mail.edgeworksclimbing.com, Prio10
 
--------------------------------------------------------------------
Does anyone have any suggestions or solutions?  Has anyone run across this before?  

It seems the only solution is to stop using the domain for email as it does not seem to work completely.
EdgeTodAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

davealfordIt SupportCommented:
When did you change the MX records? It can taje 48 hours to stabalise.
Did you delete any A records that were used by your previuos MX settings?
EdgeTodAuthor Commented:
The MX records were changed November 30th.

Also, our previous MX record settings that routed directly to our mail.edgeworksclimbing.com domain and server was set and left alone for months, but also had the same problems, certain domains could not email to us.
FPOCommented:
I would try with only one MX record. If one of the MX server isnt working well, it could explain why it works partially.

So delete for testing purpose the 3 last MX.
Maximize Customer Retention with Superior Service

The IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy for valuable how-to assets including sample agreements, checklists, flowcharts, and more to help build customer satisfaction and retention.

davealfordIt SupportCommented:
If you're receiveing mail from other domains then the issue will lie with the sending system - there could be a DNS issue at the senders site and, for some reason, their server is unable to resolve your MX, the sender is using an incorrect email address etc. Have you contacted the sender to see if their IT department can assist and monitor messages leaving their network?
Cheever000Commented:
Since you are using Postini, I would also check there if you got your service from a reseller they should be able to help you track it down too.  The mail could be getting filtered by postini also unless you have seen some NDRs stating other wise?
sancelotCommented:
you may have been blacklisted in sorb or rbls, thus your customers can not send you emails, this may happen if your mail server is an open relay or emails are not outgoing directly from your dns

to know where is the problem it must be investigated from customer side.
EdgeTodAuthor Commented:
davealford: That has been my conclusion also, it seems to be somewhere between the sending server and our mx record.  I have not contacted the IT departments as it seemed like a lost cause to convince an IT department of a large company that my issue is worthwhile for them to investigate.  

I wonder if experts-exchange.com would be willing as they are one of the domains....

FPO: When we had only one MX record routing to mail.edgeworksclimbing.com, Prio10 we had the same problems.

Cheever000:  We are not through a reseller, we are direct through google/postini sales.  It does not seem to be getting filtered as it is not in the logs.  I will contact them though and see if they have any suggestions.

sancelot:  I have checked many times and our IP or domain is not on any lists nor is it an open relay.
davealfordIt SupportCommented:
I've run a DNSREPORT test against edgeworksclimbing.com and it checks out (except, ns30.1and1.com. [74.208.3.4] didn't respomd ... whch sometimes happens) and passed all the send mail checks. So, I guess you need  the assistance of the sending domain - sysadmins are generally very helpfull .... I think it's what most of us do here anyway!
EdgeTodAuthor Commented:
I have emailed  the following support contacts requesting help from their system admins to track why their emails to our domain are not routing properly:
experts-exchange.com
salesforce.com
rei.com

Hopefully I get some response that is helpful.
EdgeTodAuthor Commented:
So far no responses:

I am checking two other companies/domains that I know admins at that I'm hoping can't email so I can hopefully have an insider who is willing to help me.
EdgeTodAuthor Commented:
I have found a series of warnings in my event log that may be related.  After reading this article I am wondering if this is my problem:
http://www.experts-exchange.com/Software/Internet_Email/Email/Anti_Spam/Black_Holes/Q_23666404.html?sfQueryTermInfo=1+1+10+30+certif+could+email+instanc+retriev+server

The warning in my event log that I am getting is:
Event Type:      Warning
Event Source:      smtpsvc
Event Category:      None
Event ID:      2002
Date:            10/26/2010
Time:            10:41:30 AM
User:            N/A
Description:
The server certificate for instance '1' could not be retrieved because it could not be found in a certificate store; the error encountered was '0x80092004'

Both the experts-exchange article above and another comment on the web mention removing the certificate from the SMTP virtual server.

http://www.eventid.net/display.asp?eventid=2002&eventno=4306&source=smtpsvc&phase=1
Remove the certificate from the SMTP virtual server using the IIS snap-in or Exchange System Manager. Manually install the new certificate or link to an existing one if necessary.

----------------------------------------------------------------------------------------------
Should I attempt to remove the certificate from the SMTP virtual server?  If so, how do I do that and do I need to install a new certificate?  How?

I have a SBS 2003 machine running Exchange 6.5.7638.1
FPOCommented:
As far as I can remember, this error is not critical and I had an Exchange with lots of this error and no receiving problem.

FPOCommented:
Do you have exchange sp2 installed ?

Have you enough free space on your system disk and logs disk and exchange databases disk ?


In fact, whatever the answers, according to your symptoms, if Postini doesnt log the mails, it's not an Exchange problem.

EdgeTodAuthor Commented:
Yes, Postini does not log the emails.  I have tested other emails and blocked them to see if they are logged, and indeed they are.  When I attempt to block the problem websites (like experts-exchange), nothing is registered as blocked (as if the email never got to us).

I am at a total loss as to why the routing would fail to get to postini.

Could there be routing instruction artifacts that the errant domains are using?  Should I try and block all traffic on my exchange server and except only traffic from postini?
EdgeTodAuthor Commented:
This issue was partially resolved after discontinuing use of our exchange server.  We are now receiving our email via POP3 from our domain host directly and all emails are being received, including from the domains that we were having problems with.

As far as I can tell, our exchange server was not processing (or dropping) some email from particular domains, or the sending mail servers were not accepting the MX records posted.

If our exchange server was the issue, I have a feeling it had to do with the following:
-------------------------------------------------------------------------------------
Event Type:      Warning
Event Source:      smtpsvc
Event Category:      None
Event ID:      2002
Date:            10/26/2010
Time:            10:41:30 AM
User:            N/A
Description:
The server certificate for instance '1' could not be retrieved because it could not be found in a certificate store; the error encountered was '0x80092004'

Both the experts-exchange article above and another comment on the web mention removing the certificate from the SMTP virtual server.

http://www.eventid.net/display.asp?eventid=2002&eventno=4306&source=smtpsvc&phase=1
Remove the certificate from the SMTP virtual server using the IIS snap-in or Exchange System Manager. Manually install the new certificate or link to an existing one if necessary.
-------------------------------------------------------------------------------------

I never did this as I was not able to fully figure out how to do this without breaking the exchange server.

Currently I am in the process of decommissioning my exchange server and will be moving to a hosted solution such as google apps.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
EdgeTodAuthor Commented:
No solution was actually found other than not using the exchange server.  No points should be awarded.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
DNS

From novice to tech pro — start learning today.