Solved

Changing the domain name and updating PTR, MX, etc. records

Posted on 2011-02-27
21
812 Views
Last Modified: 2012-05-11
Hi guys,
Some emails sent by users get rejected by the remote mail servers because in the email header  the "from address" doesn't match the real domain address. Usually, I get error #541 from the remote server.
Could you please help me fix this issue?
Here is the config in our company. We use Exchange 2007, with a separate static IP address for the mail server. Exchange is running on Windows 2003 Standard SP2 which is also AD controller. The AD domain differs from the web-domain. Please, see the details in the code snippet attached.

What would be preferred fix for this problem? Many thanks, Johnny
Delivered-To: xxxx@gmail.com
Received: by 10.229.213.21 with SMTP id gu21cs105144qcb;
        Sun, 27 Feb 2011 20:44:35 -0800 (PST)
Received: by 10.223.32.214 with SMTP id e22mr2976647fad.45.1298868274068;
        Sun, 27 Feb 2011 20:44:34 -0800 (PST)
Return-Path: <j.kadraliyev@kbv.kz>
Received: from postmaster.web-domain.com (postmaster.web-domain.com [107.145.77.142])
        by mx.google.com with ESMTPS id 6si3426358fau.111.2011.02.27.20.44.31
        (version=TLSv1/SSLv3 cipher=OTHER);
        Sun, 27 Feb 2011 20:44:32 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of email@web-domain.com designates 107.145.77.142 as permitted sender) client-ip=107.145.77.142;
Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of email@web-domain.com designates 107.145.77.142 as permitted sender) smtp.mail=email@web-domain.com
Received: from PDC.AD-DOMAIN.local ([107.145.77.142]) by PDC.AD-DOMAIN.local
 ([107.145.77.142]) with mapi; Mon, 28 Feb 2011 10:44:07 +0600
From: USERNAME <email@web-domain.com>
To: "xxxx@gmail.com" <xxxx@gmail.com>
Date: Mon, 28 Feb 2011 10:44:28 +0600

Open in new window

0
Comment
Question by:Janibek
  • 6
  • 6
  • 3
  • +2
21 Comments
 
LVL 4

Expert Comment

by:BMPTS
ID: 34994652
Do you have Reverse DNS working for the Alias email domain?
0
 

Author Comment

by:Janibek
ID: 34995636
when I type in the IP address of email-server it does find a reverse DNS entry for it. The entry points to postmaster.web-domain.com. I guess, as of right now, there is no way to point on a local AD-domain, since it differs from the web-domain.
0
 
LVL 4

Expert Comment

by:BMPTS
ID: 34995664
are you running your external DNS or is someone else running your external DNS (hosted)?
0
 
LVL 4

Expert Comment

by:BMPTS
ID: 34995672
PS

you can also see how the world see's your domain by going to
http://www.mxtoolbox.com/

there are a bunch of great tools for checking your MX records, black lists etc.
0
 

Author Comment

by:Janibek
ID: 34995924
The external DNS is runned by a host.
0
 
LVL 4

Expert Comment

by:BMPTS
ID: 35000022
look at the MX toolbox link see if your reverse DNS and forward DNS for the mail domain match up.

If they do not can you get the host to add the right Rev DNS.
0
 

Author Comment

by:Janibek
ID: 35005922
When I test the IP address for reverse DNS record, it points to postmaster.web-domain.com
When I test postmaster.web-domain.com it gives me back the right ip address(the one, which points to postmaster.web-domain.com when i run revese dns test).

My guess, the problem is when an email is sent, the receiving server figures that the actual sender is pdc.AD-domain.local instead of postmaster.web-domain.com and that's why blocks the email.
0
 
LVL 4

Expert Comment

by:BMPTS
ID: 35010858
ok so your email domain matches forward and backward, but you believe your exchange (Small business server ed) is sending via your local domain name vs. your email alias name.

We have two domain names one for email and one for the local domain (nothing alike) let me see if I can replicate the issue on Small Business server and get an answer to ya,  we use standard exchange 03 ent ed, and I am not sure how different SBS is.
0
 

Author Comment

by:Janibek
ID: 35014266
Thanks for the efforts, BMPTS! Just to make it clear, we are not using any SBS. The server OS is Windows Server 2003 standard, service pack2. The mail is running on Exchange 2007.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 38

Assisted Solution

by:Hypercat (Deb)
Hypercat (Deb) earned 200 total points
ID: 35043808
You need to change the banner information for your Exchange server so that it broadcasts your external email domain name instead of your internal (.local) domain name.  This has to be done using the Exchange Management Shell.  Here's an article that will help you do this:

http://technet.microsoft.com/en-us/library/bb124740%28EXCHG.80%29.aspx

What you want to do is to set the banner to "postmaster.web-domain.com" (i.e., whatever your actual public host name is for your email server).
0
 
LVL 24

Expert Comment

by:purplepomegranite
ID: 35044395
Your local domain and your internet domain are separate, and Exchange is often configured such that the AD domain is .local and the email domain is your external .com.  What your Exchange server says in response to EHLO (or HELO) doesn't matter, nor does the banner it advertises as far as mail rejections are concerned.

Could you detail some of the actual rejections you are recieving?  541 in SMTP terms means no response from host, which implies connectivity issues or that your IP is blocked by the remote host.
0
 
LVL 24

Expert Comment

by:purplepomegranite
ID: 35044406
Incidentally, those received headers that detail "received from xx.domain.local" also have very little bearing on whether a mail is rejected (unless the IP detailed is blacklisted - some servers reject a message if any of its hops have been via a blacklisted server).  The headers of that message show nothing unusual, and are extremely unlikely to be the cause of your mail problems.
0
 
LVL 37

Expert Comment

by:meverest
ID: 35044815
Hi,

do you have any SPF records in your dns?  If so, you need to add the IP address of your mail host to the list of permitted senders!

Cheers,  Mike.
0
 
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 35057802
Looking again at the header information you posted, it appears that you may be using a Google SMTP server as a smart host? Is this correct?  
0
 
LVL 4

Expert Comment

by:BMPTS
ID: 35057978
looks fine can we get the actual error msg, also can you test send to a domain If I give you an email to send to?
0
 
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 35058304
The header you've provided is from an email that was sent successfully. We need to see what happens when the message doesn't go through. Do you get an NDR back? The complete NDR information would be helpful. Also, do you have SMTP logs that you can look at to see what the conversation was between your email server and the external server when the message was sent?
0
 

Author Comment

by:Janibek
ID: 35127624
First of all, many thanks guys. Sorry for the delay, been on a business trip.

Here is the error message I got from exchange 2007:
Please note that I've changed the ip address of the sender and email addresses, except for the receiver domain. My guess is that the IP address is blacklisted on one of the spam-lists. But on all the rest it's clear.  

¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿ ¿¿¿¿¿¿¿¿ ¿¿¿ ¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿:

¿¿¿¿¿¿¿¿¿¿¿ ¿¿¿¿¿¿: PDC.AD-DOMAIN.local

xxx@total.com
relay02.par.totalfinaelf.net #541 Internet Security Systems' Proventia(TM) intrusion prevention appliance blocked forwarding of message. ##

¿¿¿¿¿¿¿¿ ¿¿¿¿¿¿¿¿¿ ¿¿¿¿¿¿¿¿¿:

Received: from PDC.AD-DOMAIN.local ([107.145.77.142]) by PDC.AD-DOMAIN.local
 ([107.145.77.142]) with mapi; Mon, 28 Feb 2011 10:34:11 +0600
From: user <user@web-domain.com>
To:"xxx(TOTAL)" <xxx@total.com>
Date: Mon, 28 Feb 2011 10:34:11 +0600
Subject: FW:
Thread-Topic: whatever
Thread-Index: AcvW+hx8JW2KpsU8QuSZIE9F8Fm/KwABQDFwAABV1gA=
Message-ID: <56CADA32EDBF1B4B94EB5669B868F48B45045DB50F@PDC.AD-DOMAIN.local>
Accept-Language: ru-RU
Content-Language: ru-RU
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
acceptlanguage: ru-RU
Content-Type: multipart/mixed;
      boundary="_006_56CADA32EDBF1B4B94EB5669B868F48B45045DB50FPDCAD-DOMAIN_"
MIME-Version: 1.0
0
 
LVL 24

Accepted Solution

by:
purplepomegranite earned 200 total points
ID: 35128302
The issue is as stated:
#541 Internet Security Systems' Proventia(TM) intrusion prevention appliance blocked forwarding of message

So yes, the message has been blocked as an antispam measure.  Have you checked the IP addresses in the header against blacklists?  If you have changed them, there's no point in me running any through!

The problem could be a variety of reasons, but it would be helpful if you could obtain from the recipient the exact reason that the message was blocked.  I had a similar case with a customer, and it turned out that BT Internet had managed to get their mail system on an abusive list, and this meant that anyone using Barracuda firewalls rejected messages from my customer.

If you can find the exact reason, then we can determine whether anything can be done to reconfigure at your end, or it is an issue that must be resolved by the recipient.  An alternative would be for the recipient to whitelist your sending IP address (assuming their system allows this).
0
 

Author Closing Comment

by:Janibek
ID: 35237920
Thanks guys for your help, sorry for the delay, been on a short vacation
0

Featured Post

Free Gift Card with Acronis Backup Purchase!

Backup any data in any location: local and remote systems, physical and virtual servers, private and public clouds, Macs and PCs, tablets and mobile devices, & more! For limited time only, buy any Acronis backup products and get a FREE Amazon/Best Buy gift card worth up to $200!

Join & Write a Comment

Resolve DNS query failed errors for Exchange
Local Continuous Replication is a cost effective and quick way of backing up Exchange server data. The following article describes the steps required to configure Local Continuous Replication. Also, the article tells you how to restore from a backup…
Familiarize people with the process of retrieving data from SQL Server using an Access pass-thru query. Microsoft Access is a very powerful client/server development tool. One of the ways that you can retrieve data from a SQL Server is by using a pa…
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now