Solved

SMTP Connector not sending to some domains after ISP and Static IP Change

Posted on 2011-02-15
28
1,228 Views
Last Modified: 2012-05-11
I have been racking my brain on this issue for the past couple days.
companyA.com recently changed ISPs from Comcast to TDS. With that got a new IP Address.
DNS registrar is Godaddy.
The server is a Small Business Server 2003, with Exchange 2003. Hosting out own email.
Since the change was made users have been unable to send email to 7 very different domains (so far). I go to the exchange server queue and see the emails sitting there with the SMTP protocol error message. And the users get a NDR email. The most descriptive one was a #4.4.7 error.

Heres what i have checked:
Reverse DNS is correct
No blacklists
SMTP Banner Correct
External IPs removed from the banner area.
Ran Exchange Best practices and made some of the changes it suggested.
Ran the Connection and email wizard in SBS
And much more.
 

Couple things that may be causing issues that i can see:
the path to the internet is as follows:
Server1 -----> SonicWall router/firewall -----> Cisco router for the T1
192.x.x.x         x.x.x.238                                    x.x.x.237
Should the reverse dns be pointing to the 238 or the 237 address?
Should i be pointing my mail.companyA.com address to the 238 or 237 address.

Any help would be greatly appreciated.
Thank you
tom
0
Comment
Question by:tferlaak
  • 13
  • 11
  • 2
  • +1
28 Comments
 
LVL 13

Expert Comment

by:connectex
ID: 34903993
The reverse DNS entry should be the IP address that's being used to forward port 25 through your router/firewall.
0
 
LVL 2

Assisted Solution

by:dattatraykadam
dattatraykadam earned 150 total points
ID: 34904023
mail.comapnyA.com address should pointing to the 237 address.

Also check if your ISP has setup a reverse PTR record for your IP.

go to www.testexchangeconnectivity.com and try running the Inbound SMTP connectivity test.
0
 

Author Comment

by:tferlaak
ID: 34904063
Checked your link, it tested successfully for the outbound SMTP test.
Currently the pointer record for reverse DNS is pointing at the WAN Ip address of the Sonicwall. the 238 address. The sonicwall's WAN Configuration has the 238 address as the IP, and the 237 as the default gateway.
0
 

Author Comment

by:tferlaak
ID: 34904074
Also, Currently the Reverse DNS record is pointing to the 238 address, and the godaddy address for mail.companyA.com is pointing at that address as well.
0
 
LVL 2

Assisted Solution

by:dattatraykadam
dattatraykadam earned 150 total points
ID: 34904110
Do you have a SMTP connector created? If yes, is it using a smart host? If yes, what is the smart host specified?

If you are not using an SMTP connector what is the smart host specified on your SMTP virtual server?
0
 
LVL 76

Assisted Solution

by:Alan Hardisty
Alan Hardisty earned 350 total points
ID: 34904712
Please have a read through my article and make sure you are RFC compliant, not blacklisted and your FQDN is configured correctly:

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/A_2427-Problems-sending-mail-to-one-or-more-external-domains.html
0
 

Author Comment

by:tferlaak
ID: 34907316
The SMTP connector is configured. We do not use SmartHosts as we host all email internally and use the internal dns.
Good link, Alan. The only thing that seems to me to be the problem is the reverse DNS entry. The ISP has a reverse DNS entry configured, but its for only the 238 address, and not for the 237 address. If the Sonicwall is configured to use the Cisco Router as the default gateway, (237 address) Would traffic that is going out actually be going out with a 238 address or a 237 address. I have a sinking feeling that  the server is sending out mail, it goes through the sonicwall and gets a tag of the 238 address, then when it hits the Cisco router, it changes that tag to a 238 address, and when the recieving mail server sees that it does a reverse dns lookup on and sees the 238 address and says "this doesnt match what the companyA.com address is pointing to, im going to deny it"
I could be completly off base on that but at this point im grabbing at straws as MXtoolbox has always checked out perfectly and never had any issues with the SMTP test, Blacklist check, SPF check, Reverse Lookup check and any other tests i have performed.
0
 
LVL 76

Assisted Solution

by:Alan Hardisty
Alan Hardisty earned 350 total points
ID: 34908577
Not sure what outgoing IP you would be using, but one sure-fire way to see is to send me a test email to alan @ it-eye.co.uk and then I'll tell you and see if I can see any other problems.
0
 

Author Comment

by:tferlaak
ID: 34909089
Interesting enough, your address seems to be one of the problem addresses. As soon as i get a bounceback i will send it to you via my gmail account.
Thanks so much for your help on this.
0
 

Author Comment

by:tferlaak
ID: 34909112
NM looks like it went through. Originally in the queue it sat at retry for a bit, then finally went through.
0
 
LVL 13

Expert Comment

by:connectex
ID: 34909143
Just by chance would these other domains but non-us like the .uk on Alan's?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34909205
We use Greylisting - so your initial attempt will be bounced.  It loses plenty of spam just with Greylisting : )

Okay - you are sending out using the .238 IP Address.  Configuration seems fine but your SPF record contains the PTR detail which is not recommended:

Please check http://old.openspf.org/wizard.html
0
 

Author Comment

by:tferlaak
ID: 34909254
Its all US, .coms and .nets.
Would PTR Detail be causing it though? I can take that out right now, let the TTL run out and try again. Its just odd, Everything i have checked looks fine, but still no go when i try to force connection via the queue.
0
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 350 total points
ID: 34909328
All looks fine - your Reverse DNS, FQDN, SPF - slightly iffy, but not incorrect and your IP is clean (mostly) - visit http://www.apews.org/?page=index and enter your IP Address - you are listed, but this seems to have been listed in 2007:

History:
Entry created 2007-07-18
0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 

Author Comment

by:tferlaak
ID: 34909458
Hmm... Anyone know if Godaddy's Hosted email uses that spam listing?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34909489
Not got a clue unfortunately.

What was your old IP Address (or is that still in use by you)?
0
 

Author Comment

by:tferlaak
ID: 34909494
reason i ask is that one of the domains that we have issues sending to is email hosted at godaddy.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34909512
Well - as you stand - the APEWS listing is all I can see that might be causing you a problem.

Having said that - my IP is also listed on APEWS.  Do you want to let me know an email address you are having problems sending to that is hosted on Godaddy and I'll see if I can get the mail through?

Would rule in or out the APEWS listing as the problem.
0
 

Author Comment

by:tferlaak
ID: 34909522
I will have to look at my notes when i get home and let you know. It was a comcast IP address. Never had any problems sending to the domains prior to this.
0
 

Author Comment

by:tferlaak
ID: 34909530
sent you the address.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34909538
Thanks
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34909558
Message sent - with a delivery / read receipt attached.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34909571
Delivery receipt arrived : )

So - it's not APEWS.

Are you using an Autosignature?

It could be GoDaddy not liking you and you may need to contact them directly and ask to be removed from a blacklist.
0
 

Author Comment

by:tferlaak
ID: 34909867
I actually have contacted godaddy, they looked at the header of the email getting bounced, checked the domain i was sending to, also checked my domain listing. couldnt find any issues either. ugh.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34910070
4.4.7 Error:

Numeric Code: 4.4.7

Possible Cause: The message in the queue has expired. The sending server tried to relay or deliver the message, but the action was not completed before the message expiration time occurred. This NDR may also indicate that a message header limit has been reached on a remote server or that some other protocol timeout occurred during communication with the remote server.

Troubleshooting: This code typically indicates an issue on the receiving server. Verify the validity of the recipient address, and verify that the receiving server is configured to receive messages correctly. You may have to reduce the number of recipients in the header of the message for the host that you are receiving this NDR from. If you resend the message, it is placed in the queue again. If the receiving server is on line, the message is delivered.

Extracted from http://support.microsoft.com/kb/284204
0
 

Author Comment

by:tferlaak
ID: 34910185
if you could only see the steam pouring out of my ears right now. They gave us a blacklisted IP. Appearantly it was listed on a bunch of private spam lists that you cannot access by normal means.
I found this out by going to http://www.msexchange.org/tutorials/SMTPDIAGdiagnose-Exchange-2003-SMTP-DNS.html
SMTPDiag tool came back with "
Error: Expected "220". Server is not accepting connections.
Failed to submit mail to smtp.secureserver.net.
Connecting to mailstore1.secureserver.net [216.69.186.201] on port 25.
Received:
554-m1pismtp01-024.prod.mesa1.secureserver.net
554 Your access to this mail system has been rejected due to spam or virus conte
nt. If you believe that this failure is in error, please submit an unblock reque
st at  http://unblock.secureserver.net"
This is for the godaddy address we were sending to. So i wen to the address and unblocked our IP and it started magically sending.
So now i have to do this for every one of those domains. Is there any way to mass unblock these other smaller domains?
0
 

Author Comment

by:tferlaak
ID: 34910248
Just looked at the queue, and unblocking from the secureserver.net address unblocked from a lot of them and the mail started flowing out amazingly.
There will still be a bit of cleanup but ill work though it. Thank you all for your help. i really appreciate the effort on your parts.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34911143
I'll have to remember the SMTPDiag tool - if it unearths more Hidden Blacklists!  Very odd - but appreciate the update.
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Suggested Solutions

Resolve Outlook connectivity issues after moving mailbox to new Exchange 2016 server
Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now