[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1783
  • Last Modified:

Troubleshooting Exchange Error 4.4.7 Delivery Delay and Failures for single domain

We are receiving 4.4.7 delivery delays and eventually failures when sending to a specific domain:
buckenmeyer-king-cpa.com

I am able to send successfully using TELNET from my mail server.

Our DNS is hosted by AT&T (https://www.businessdirect.att.com) and i have confirmed that we do have a PTR record for our mail sever: mail.mydomain.com.

Using DNSstuff.com, i ran a test against my email address, and all tests passed:
MX Dashboard - "mydomain.com"

Select / Deselect tests and IP addresses below, then press "Run Selected Tests"
Close
Name       Pref       Addresses       Port 25Help       DNSHelp       Open RelayHelp       SPFHelp       RBLsHelp
Complete!
mydomain.com.inbound10.mxlogicmx.net       10       208.65.144.2       UP       Matched       OK       none       0/54/0
                208.65.145.2       UP       Matched       OK       none       0/54/0
                208.65.144.3       UP       Matched       OK       none       0/54/0
mydomain.com.inbound10.mxlogic.net       10       208.65.145.2       UP       Matched       OK       none       0/54/0
                208.65.144.3       UP       Matched       OK       none       0/54/0
                208.65.144.2       UP       Matched       OK       none       0/54/0
                208.65.145.3       UP       Matched       OK       none       0/54/0

0
mray77
Asked:
mray77
  • 14
  • 11
  • 2
1 Solution
 
mray77Author Commented:
Does my PTR record need to be setup for mailserver.mydomain.com or just simply mydomain.com

When i run search for PTR records for mydomain.com, zero results are returned.
0
 
GridLock137Commented:
the FQDN is what you need, not the domain alone. this could could be an issue with their side. have you tried sending a test email from a gmail account to see if they receive it?

also the try this:


http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_22620735.html
0
 
mray77Author Commented:
I have to finish reading the article. I am using a Exclaimer mail signature for Exchange 2010. It sounds like that may be the culprit here? I was able to send via telnet and from gmail to the recipient that fails from Outlook/Exchange.
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
GridLock137Commented:
i don't see how a disclaimer will cause an smtp connection error. this is definitely a dns issue somewhere in the communication between the two servers. that article should clarify it for you.
0
 
Alan HardistyCo-OwnerCommented:
Whatever you use as a Reverse DNS record (FQDN or domain.com), it makes no difference.  What is important is that the names resolves in DNS back to the IP address that you are sending from and that the FQDN on your mail server when sending out, also resolves back to the same IP address.

My article explains what you need to be RFC compliant:

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/A_2427-Problems-sending-mail-to-one-or-more-external-domains.html
0
 
Alan HardistyCo-OwnerCommented:
Sending via telnet can't guarantee you are not configured properly a you may be sending correct info when your server is sending the incorrect info!

Some signatures can cause problems.  I had a question a few weeks back where the telephone number was triggering the rejection!!!
0
 
mray77Author Commented:
Alan, i just read your article and visited dnsgoodies.com. Interesting enough, i just did a DNS query lookup using this site. I tried by ip of my mail server, domain name, and mailserver.mydomain.com and none of them returned a PTR record in the results. I went back to another used by ATT and ran a query.

I was on the phone with ATT for an hour the other day having them verify that there is a PTR record setup. I have access to the site to set this up on my own.
DNS Lookup: mydomain.com PTR record

Searching for mydomain.com PTR record at g.root-servers.net [192.112.36.4]: Got referral to g.gtld-servers.net. (zone: com.) [took 149 ms]

Searching for mydomain.com PTR record at g.gtld-servers.net. [192.42.93.30]: Got referral to dmtu.mt.ns.els-gms.att.net. (zone: mydomain.com.) [took 48 ms]

Searching for mydomain.com PTR record at dmtu.mt.ns.els-gms.att.net. [12.127.16.70]: Reports that no PTR records exist. [took 41 ms]

Response:
No PTR records exist for mydomain.com. [Neg TTL=86400 seconds]

Details:
dmtu.mt.ns.els-gms.att.net. (an authoritative nameserver for mydomain.com.) says that there are no PTR records for mydomain.com.
The E-mail address in charge of the mydomain.com. zone is:  rm-hostmaster@ems.att.com.





0
 
mray77Author Commented:
DNS Provisioning Tool: DNS Administration    
   
 
Select a Domain Name

Select a domain from the list below to display its DNS records and make changes to those records.

Total number of DNS domains: 3
1 48/28.3.2.1.in-addr.arpa.
2 myolddomain.com.
3 mydomain.com.
0
 
mray77Author Commented:
DNS Provisioning Tool: DNS Administration    
   


DNS records for 48/28.3.2.1.in-addr.arpa.:

 All RecordsSOA RecordNS RecordPTR Record     PTR RecordNS Record    

 Name Type Data  
 SOA dbru.br.ns.els-gms.att.net.    
 NS dbru.br.ns.els-gms.att.net.
 NS dmtu.mt.ns.els-gms.att.net.

58. PTR mail.mydomain.com.
0
 
Alan HardistyCo-OwnerCommented:
Well either AT&T lied or the record has not propagated yet.  It can take 24-48 hours to update.

You can also use nslookup:

nslookup 123.123.123.123
(replace 123.123.123.123 with your static IP address)

That saves a visit to a website!

Reverse DNS is set on an IP address only, so just check that, not your domain name.

Alan
0
 
mray77Author Commented:
ATT lying does not surprise me. This would not be a recent change, we have been using this domain for years.

nslookup 1.2.3.4

Name:    mail.mydomain.com
Address:  1.2.3.4.
Aliases:  4.3.2.1.in-addr.arpa
0
 
Alan HardistyCo-OwnerCommented:
Well - if it has arpa in the address, that's a generic ISP reverse DNS record!

I'd be calling them and chewing their ear until you see the record for yourself : )
0
 
mray77Author Commented:
So i would want them to add the PTR record under mydomain.com instead of 48/28.3.2.1.in-addr.arpa. I noticed i can only create PTR records under arpa, and not within mydomain.com
0
 
Alan HardistyCo-OwnerCommented:
Reverse DNS is added to an IP address, which is why only your ISP can do it because the IP address is theirs.

You need to add something like mail.domain.com or bananas.domain.com - as long as you have an A record called mail or bananas pointing to your fixed IP address.
0
 
mray77Author Commented:
I do have that. I have an A record configured with AT&T under mydomain.com pointing to mail (mail.mydomain.com) and has the assigned external IP.
0
 
Alan HardistyCo-OwnerCommented:
Okay - so ask AT&T to setup Reverse DNS as mail.domain.com and you should be good to go.
0
 
mray77Author Commented:
Setup reverse DNS as mail.domain.com under mydomain.com and not arpa? Got it.
0
 
Alan HardistyCo-OwnerCommented:
You don't setup reverse dns under a domain - you set it up on an IP address.
0
 
Alan HardistyCo-OwnerCommented:
It is not configured in your domains dns records - your Internet Service Provider adds the record to your fixed IP address.
0
 
mray77Author Commented:
Check out this warning from DNSstuff.com for server MAIL.mydomain.com:

Need to verify reverse DNS for mail.mydomain.com; which is ip address 1.2.3.4. Currently, we are unable to mail specific domains who perform a reverse lookup prior to accepting inbound mail.

As seen at DNSstuff.com for mydomain.com

MAIL
WARNMail server host name in greetingWARNING: One or more of your mailservers is claiming to be a host other than what it really is (the SMTP greeting should be a 3-digit code, followed by a space or a dash, then the host name). If your mailserver sends out E-mail using this domain in its EHLO or HELO, your E-mail might get blocked by anti-spam software. This is also a technical violation of RFC821 4.3 (and RFC2821 4.3.1). Note that the hostname given in the SMTP greeting should have an A record pointing back to the same server. Note that this one test may use a cached DNS record.
mydomain.com.inbound10.mxlogic.net claims to be non-existent host p01c12m062.mxlogic.net: <br /> 220 p01c12m062.mxlogic.net ESMTP mxl_mta-6.9.0-1 [75887940.3872453.00-2278]; Tue, 15 Feb 2011 12:35:55 -0700 (MST); NO UCE, INBOUND <br />mydomain.com.inbound10.mxlogicmx.net claims to be non-existent host p01c11m065.mxlogic.net: <br /> 220 p01c11m065.mxlogic.net ESMTP mxl_mta-6.9.0-1 [563c5940.825929.00-2093]; Tue, 15 Feb 2011 12:35:55 -0700 (MST); NO UCE, INBOUND <br />
0
 
mray77Author Commented:
PASS      Reverse DNS entries for MX records      OK. The IPs of all of your mail server(s) have reverse DNS (PTR) entries. RFC1912 2.1 says you should have a reverse DNS for all your mail servers. It is strongly urged that you have them, as many mailservers will not accept mail from mailservers with no reverse DNS entry. Note that this information is cached, so if you changed it recently, it will not be reflected here (see the 'Reverse DNS Tool' for the current data). The reverse DNS entries are:

3.144.65.208.in-addr.arpa mxl144v3.mxlogic.net. [TTL=23301]
3.145.65.208.in-addr.arpa mxl145v3.mxlogic.net. [TTL=23748]
0
 
mray77Author Commented:
Yes, you have  a reverse PTR record for IP 1.2.3.4 which points to mail.mydomain.com.  Someone added it today using the DNS Provisioning Tool.  This will go through our next download which starts at 2:00 p.m. central time and will start propagating after that.

Dragon Acct # 81195

Thank you,
AT&T DNS Tech Team
888-613-6330 prompts 3,1
PC


Need to verify reverse DNS for mail.mydomain.com; which is ip address 1.2.3.4.
0
 
Alan HardistyCo-OwnerCommented:
Ignore dnsstuff check for the mail server host name in greeting, that test doesn't work properly for exchange 2007/2010 because it talks to your receive connector not your send connector.

To verify reverse dns, run another nslookup 1.2.3.4 and see if the result has changed, but bear in mind you may see the same result because it will be cached your end.
0
 
mray77Author Commented:
Server: 208.82.xxx.xxx
Address: 208.82.xxx.xxx#53

Non-authoritative answer:
xxx.xxx.232.12.in-addr.arpa canonical name = 58.48/xxx.xxx.232.12.in-addr.arpa.
58.48/xxx.xxx.232.12.in-addr.arpa name = mail.domain.com.

Authoritative answers can be found from:
48/xxx.xxx.232.12.in-addr.arpa nameserver = dmtu.mt.ns.els-gms.att.net.
48/xxx.xxx.232.12.in-addr.arpa nameserver = dbru.br.ns.els-gms.att.net.
dbru.br.ns.els-gms.att.net internet address = 199.191.xxx.xxx
dmtu.mt.ns.els-gms.att.net internet address = 12.127.xxx.xxx
0
 
Alan HardistyCo-OwnerCommented:
Still showing as ISP generic for me, assuming the info above is correct and your actual domain / IP, which if correct, I will obscure for you.

Alan
0
 
mray77Author Commented:
Problem Solved. Thanks for the help! I played hard ball with AT&T all set. Mail is already flowing.
0
 
Alan HardistyCo-OwnerCommented:
: D  Well done.   I can see the change my end too.

Thanks for the points.

Alan
0

Featured Post

Easily manage email signatures in Office 365

Managing email signatures in Office 365 can be a challenging task if you don't have the right tool. CodeTwo Email Signatures for Office 365 will help you implement a unified email signature look, no matter what email client is used by users. Test it for free!

  • 14
  • 11
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now