Solved

Troubleshooting Exchange Error 4.4.7 Delivery Delay and Failures for single domain

Posted on 2011-02-15
28
1,742 Views
Last Modified: 2012-06-21
We are receiving 4.4.7 delivery delays and eventually failures when sending to a specific domain:
buckenmeyer-king-cpa.com

I am able to send successfully using TELNET from my mail server.

Our DNS is hosted by AT&T (https://www.businessdirect.att.com) and i have confirmed that we do have a PTR record for our mail sever: mail.mydomain.com.

Using DNSstuff.com, i ran a test against my email address, and all tests passed:
MX Dashboard - "mydomain.com"

Select / Deselect tests and IP addresses below, then press "Run Selected Tests"
Close
Name       Pref       Addresses       Port 25Help       DNSHelp       Open RelayHelp       SPFHelp       RBLsHelp
Complete!
mydomain.com.inbound10.mxlogicmx.net       10       208.65.144.2       UP       Matched       OK       none       0/54/0
                208.65.145.2       UP       Matched       OK       none       0/54/0
                208.65.144.3       UP       Matched       OK       none       0/54/0
mydomain.com.inbound10.mxlogic.net       10       208.65.145.2       UP       Matched       OK       none       0/54/0
                208.65.144.3       UP       Matched       OK       none       0/54/0
                208.65.144.2       UP       Matched       OK       none       0/54/0
                208.65.145.3       UP       Matched       OK       none       0/54/0

0
Comment
Question by:mray77
  • 14
  • 11
  • 2
28 Comments
 

Author Comment

by:mray77
ID: 34897211
Does my PTR record need to be setup for mailserver.mydomain.com or just simply mydomain.com

When i run search for PTR records for mydomain.com, zero results are returned.
0
 
LVL 7

Expert Comment

by:GridLock137
ID: 34897267
the FQDN is what you need, not the domain alone. this could could be an issue with their side. have you tried sending a test email from a gmail account to see if they receive it?

also the try this:


http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_22620735.html
0
 

Author Comment

by:mray77
ID: 34897342
I have to finish reading the article. I am using a Exclaimer mail signature for Exchange 2010. It sounds like that may be the culprit here? I was able to send via telnet and from gmail to the recipient that fails from Outlook/Exchange.
0
 
LVL 7

Expert Comment

by:GridLock137
ID: 34897444
i don't see how a disclaimer will cause an smtp connection error. this is definitely a dns issue somewhere in the communication between the two servers. that article should clarify it for you.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34897495
Whatever you use as a Reverse DNS record (FQDN or domain.com), it makes no difference.  What is important is that the names resolves in DNS back to the IP address that you are sending from and that the FQDN on your mail server when sending out, also resolves back to the same IP address.

My article explains what you need to be RFC compliant:

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/A_2427-Problems-sending-mail-to-one-or-more-external-domains.html
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34897525
Sending via telnet can't guarantee you are not configured properly a you may be sending correct info when your server is sending the incorrect info!

Some signatures can cause problems.  I had a question a few weeks back where the telephone number was triggering the rejection!!!
0
 

Author Comment

by:mray77
ID: 34897612
Alan, i just read your article and visited dnsgoodies.com. Interesting enough, i just did a DNS query lookup using this site. I tried by ip of my mail server, domain name, and mailserver.mydomain.com and none of them returned a PTR record in the results. I went back to another used by ATT and ran a query.

I was on the phone with ATT for an hour the other day having them verify that there is a PTR record setup. I have access to the site to set this up on my own.
DNS Lookup: mydomain.com PTR record

Searching for mydomain.com PTR record at g.root-servers.net [192.112.36.4]: Got referral to g.gtld-servers.net. (zone: com.) [took 149 ms]

Searching for mydomain.com PTR record at g.gtld-servers.net. [192.42.93.30]: Got referral to dmtu.mt.ns.els-gms.att.net. (zone: mydomain.com.) [took 48 ms]

Searching for mydomain.com PTR record at dmtu.mt.ns.els-gms.att.net. [12.127.16.70]: Reports that no PTR records exist. [took 41 ms]

Response:
No PTR records exist for mydomain.com. [Neg TTL=86400 seconds]

Details:
dmtu.mt.ns.els-gms.att.net. (an authoritative nameserver for mydomain.com.) says that there are no PTR records for mydomain.com.
The E-mail address in charge of the mydomain.com. zone is:  rm-hostmaster@ems.att.com.





0
 

Author Comment

by:mray77
ID: 34897630
DNS Provisioning Tool: DNS Administration    
   
 
Select a Domain Name

Select a domain from the list below to display its DNS records and make changes to those records.

Total number of DNS domains: 3
1 48/28.3.2.1.in-addr.arpa.
2 myolddomain.com.
3 mydomain.com.
0
 

Author Comment

by:mray77
ID: 34897636
DNS Provisioning Tool: DNS Administration    
   


DNS records for 48/28.3.2.1.in-addr.arpa.:

 All RecordsSOA RecordNS RecordPTR Record     PTR RecordNS Record    

 Name Type Data  
 SOA dbru.br.ns.els-gms.att.net.    
 NS dbru.br.ns.els-gms.att.net.
 NS dmtu.mt.ns.els-gms.att.net.

58. PTR mail.mydomain.com.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34897662
Well either AT&T lied or the record has not propagated yet.  It can take 24-48 hours to update.

You can also use nslookup:

nslookup 123.123.123.123
(replace 123.123.123.123 with your static IP address)

That saves a visit to a website!

Reverse DNS is set on an IP address only, so just check that, not your domain name.

Alan
0
 

Author Comment

by:mray77
ID: 34897693
ATT lying does not surprise me. This would not be a recent change, we have been using this domain for years.

nslookup 1.2.3.4

Name:    mail.mydomain.com
Address:  1.2.3.4.
Aliases:  4.3.2.1.in-addr.arpa
0
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 500 total points
ID: 34898130
Well - if it has arpa in the address, that's a generic ISP reverse DNS record!

I'd be calling them and chewing their ear until you see the record for yourself : )
0
 

Author Comment

by:mray77
ID: 34898147
So i would want them to add the PTR record under mydomain.com instead of 48/28.3.2.1.in-addr.arpa. I noticed i can only create PTR records under arpa, and not within mydomain.com
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34898208
Reverse DNS is added to an IP address, which is why only your ISP can do it because the IP address is theirs.

You need to add something like mail.domain.com or bananas.domain.com - as long as you have an A record called mail or bananas pointing to your fixed IP address.
0
 

Author Comment

by:mray77
ID: 34898227
I do have that. I have an A record configured with AT&T under mydomain.com pointing to mail (mail.mydomain.com) and has the assigned external IP.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34898393
Okay - so ask AT&T to setup Reverse DNS as mail.domain.com and you should be good to go.
0
 

Author Comment

by:mray77
ID: 34898470
Setup reverse DNS as mail.domain.com under mydomain.com and not arpa? Got it.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34899302
You don't setup reverse dns under a domain - you set it up on an IP address.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34899319
It is not configured in your domains dns records - your Internet Service Provider adds the record to your fixed IP address.
0
 

Author Comment

by:mray77
ID: 34900127
Check out this warning from DNSstuff.com for server MAIL.mydomain.com:

Need to verify reverse DNS for mail.mydomain.com; which is ip address 1.2.3.4. Currently, we are unable to mail specific domains who perform a reverse lookup prior to accepting inbound mail.

As seen at DNSstuff.com for mydomain.com

MAIL
WARNMail server host name in greetingWARNING: One or more of your mailservers is claiming to be a host other than what it really is (the SMTP greeting should be a 3-digit code, followed by a space or a dash, then the host name). If your mailserver sends out E-mail using this domain in its EHLO or HELO, your E-mail might get blocked by anti-spam software. This is also a technical violation of RFC821 4.3 (and RFC2821 4.3.1). Note that the hostname given in the SMTP greeting should have an A record pointing back to the same server. Note that this one test may use a cached DNS record.
mydomain.com.inbound10.mxlogic.net claims to be non-existent host p01c12m062.mxlogic.net: <br /> 220 p01c12m062.mxlogic.net ESMTP mxl_mta-6.9.0-1 [75887940.3872453.00-2278]; Tue, 15 Feb 2011 12:35:55 -0700 (MST); NO UCE, INBOUND <br />mydomain.com.inbound10.mxlogicmx.net claims to be non-existent host p01c11m065.mxlogic.net: <br /> 220 p01c11m065.mxlogic.net ESMTP mxl_mta-6.9.0-1 [563c5940.825929.00-2093]; Tue, 15 Feb 2011 12:35:55 -0700 (MST); NO UCE, INBOUND <br />
0
 

Author Comment

by:mray77
ID: 34900159
PASS      Reverse DNS entries for MX records      OK. The IPs of all of your mail server(s) have reverse DNS (PTR) entries. RFC1912 2.1 says you should have a reverse DNS for all your mail servers. It is strongly urged that you have them, as many mailservers will not accept mail from mailservers with no reverse DNS entry. Note that this information is cached, so if you changed it recently, it will not be reflected here (see the 'Reverse DNS Tool' for the current data). The reverse DNS entries are:

3.144.65.208.in-addr.arpa mxl144v3.mxlogic.net. [TTL=23301]
3.145.65.208.in-addr.arpa mxl145v3.mxlogic.net. [TTL=23748]
0
 

Author Comment

by:mray77
ID: 34900179
Yes, you have  a reverse PTR record for IP 1.2.3.4 which points to mail.mydomain.com.  Someone added it today using the DNS Provisioning Tool.  This will go through our next download which starts at 2:00 p.m. central time and will start propagating after that.

Dragon Acct # 81195

Thank you,
AT&T DNS Tech Team
888-613-6330 prompts 3,1
PC


Need to verify reverse DNS for mail.mydomain.com; which is ip address 1.2.3.4.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34900437
Ignore dnsstuff check for the mail server host name in greeting, that test doesn't work properly for exchange 2007/2010 because it talks to your receive connector not your send connector.

To verify reverse dns, run another nslookup 1.2.3.4 and see if the result has changed, but bear in mind you may see the same result because it will be cached your end.
0
 

Author Comment

by:mray77
ID: 34900563
Server: 208.82.xxx.xxx
Address: 208.82.xxx.xxx#53

Non-authoritative answer:
xxx.xxx.232.12.in-addr.arpa canonical name = 58.48/xxx.xxx.232.12.in-addr.arpa.
58.48/xxx.xxx.232.12.in-addr.arpa name = mail.domain.com.

Authoritative answers can be found from:
48/xxx.xxx.232.12.in-addr.arpa nameserver = dmtu.mt.ns.els-gms.att.net.
48/xxx.xxx.232.12.in-addr.arpa nameserver = dbru.br.ns.els-gms.att.net.
dbru.br.ns.els-gms.att.net internet address = 199.191.xxx.xxx
dmtu.mt.ns.els-gms.att.net internet address = 12.127.xxx.xxx
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34900680
Still showing as ISP generic for me, assuming the info above is correct and your actual domain / IP, which if correct, I will obscure for you.

Alan
0
 

Author Comment

by:mray77
ID: 34901520
Problem Solved. Thanks for the help! I played hard ball with AT&T all set. Mail is already flowing.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34901560
: D  Well done.   I can see the change my end too.

Thanks for the points.

Alan
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Utilizing an array to gracefully append to a list of EmailAddresses
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
Get people started with the process of using Access VBA to control Outlook using automation, Microsoft Access can control other applications. An example is the ability to programmatically talk to Microsoft Outlook. Using automation, an Access applic…
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now