Changing the domain name and updating PTR, MX, etc. records

Hi guys,
Some emails sent by users get rejected by the remote mail servers because in the email header  the "from address" doesn't match the real domain address. Usually, I get error #541 from the remote server.
Could you please help me fix this issue?
Here is the config in our company. We use Exchange 2007, with a separate static IP address for the mail server. Exchange is running on Windows 2003 Standard SP2 which is also AD controller. The AD domain differs from the web-domain. Please, see the details in the code snippet attached.

What would be preferred fix for this problem? Many thanks, Johnny
Received: by with SMTP id gu21cs105144qcb;
        Sun, 27 Feb 2011 20:44:35 -0800 (PST)
Received: by with SMTP id e22mr2976647fad.45.1298868274068;
        Sun, 27 Feb 2011 20:44:34 -0800 (PST)
Return-Path: <>
Received: from ( [])
        by with ESMTPS id 6si3426358fau.111.2011.
        (version=TLSv1/SSLv3 cipher=OTHER);
        Sun, 27 Feb 2011 20:44:32 -0800 (PST)
Received-SPF: pass ( best guess record for domain of designates as permitted sender) client-ip=;
Authentication-Results:; spf=pass ( best guess record for domain of designates as permitted sender)
Received: from PDC.AD-DOMAIN.local ([]) by PDC.AD-DOMAIN.local
 ([]) with mapi; Mon, 28 Feb 2011 10:44:07 +0600
To: "" <>
Date: Mon, 28 Feb 2011 10:44:28 +0600

Open in new window

Who is Participating?
purplepomegraniteConnect With a Mentor Commented:
The issue is as stated:
#541 Internet Security Systems' Proventia(TM) intrusion prevention appliance blocked forwarding of message

So yes, the message has been blocked as an antispam measure.  Have you checked the IP addresses in the header against blacklists?  If you have changed them, there's no point in me running any through!

The problem could be a variety of reasons, but it would be helpful if you could obtain from the recipient the exact reason that the message was blocked.  I had a similar case with a customer, and it turned out that BT Internet had managed to get their mail system on an abusive list, and this meant that anyone using Barracuda firewalls rejected messages from my customer.

If you can find the exact reason, then we can determine whether anything can be done to reconfigure at your end, or it is an issue that must be resolved by the recipient.  An alternative would be for the recipient to whitelist your sending IP address (assuming their system allows this).
Do you have Reverse DNS working for the Alias email domain?
JanibekAuthor Commented:
when I type in the IP address of email-server it does find a reverse DNS entry for it. The entry points to I guess, as of right now, there is no way to point on a local AD-domain, since it differs from the web-domain.
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

are you running your external DNS or is someone else running your external DNS (hosted)?

you can also see how the world see's your domain by going to

there are a bunch of great tools for checking your MX records, black lists etc.
JanibekAuthor Commented:
The external DNS is runned by a host.
look at the MX toolbox link see if your reverse DNS and forward DNS for the mail domain match up.

If they do not can you get the host to add the right Rev DNS.
JanibekAuthor Commented:
When I test the IP address for reverse DNS record, it points to
When I test it gives me back the right ip address(the one, which points to when i run revese dns test).

My guess, the problem is when an email is sent, the receiving server figures that the actual sender is pdc.AD-domain.local instead of and that's why blocks the email.
ok so your email domain matches forward and backward, but you believe your exchange (Small business server ed) is sending via your local domain name vs. your email alias name.

We have two domain names one for email and one for the local domain (nothing alike) let me see if I can replicate the issue on Small Business server and get an answer to ya,  we use standard exchange 03 ent ed, and I am not sure how different SBS is.
JanibekAuthor Commented:
Thanks for the efforts, BMPTS! Just to make it clear, we are not using any SBS. The server OS is Windows Server 2003 standard, service pack2. The mail is running on Exchange 2007.
Hypercat (Deb)Connect With a Mentor Commented:
You need to change the banner information for your Exchange server so that it broadcasts your external email domain name instead of your internal (.local) domain name.  This has to be done using the Exchange Management Shell.  Here's an article that will help you do this:

What you want to do is to set the banner to "" (i.e., whatever your actual public host name is for your email server).
Your local domain and your internet domain are separate, and Exchange is often configured such that the AD domain is .local and the email domain is your external .com.  What your Exchange server says in response to EHLO (or HELO) doesn't matter, nor does the banner it advertises as far as mail rejections are concerned.

Could you detail some of the actual rejections you are recieving?  541 in SMTP terms means no response from host, which implies connectivity issues or that your IP is blocked by the remote host.
Incidentally, those received headers that detail "received from xx.domain.local" also have very little bearing on whether a mail is rejected (unless the IP detailed is blacklisted - some servers reject a message if any of its hops have been via a blacklisted server).  The headers of that message show nothing unusual, and are extremely unlikely to be the cause of your mail problems.

do you have any SPF records in your dns?  If so, you need to add the IP address of your mail host to the list of permitted senders!

Cheers,  Mike.
Hypercat (Deb)Commented:
Looking again at the header information you posted, it appears that you may be using a Google SMTP server as a smart host? Is this correct?  
looks fine can we get the actual error msg, also can you test send to a domain If I give you an email to send to?
Hypercat (Deb)Commented:
The header you've provided is from an email that was sent successfully. We need to see what happens when the message doesn't go through. Do you get an NDR back? The complete NDR information would be helpful. Also, do you have SMTP logs that you can look at to see what the conversation was between your email server and the external server when the message was sent?
JanibekAuthor Commented:
First of all, many thanks guys. Sorry for the delay, been on a business trip.

Here is the error message I got from exchange 2007:
Please note that I've changed the ip address of the sender and email addresses, except for the receiver domain. My guess is that the IP address is blacklisted on one of the spam-lists. But on all the rest it's clear.  

¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿ ¿¿¿¿¿¿¿¿ ¿¿¿ ¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿:

¿¿¿¿¿¿¿¿¿¿¿ ¿¿¿¿¿¿: PDC.AD-DOMAIN.local #541 Internet Security Systems' Proventia(TM) intrusion prevention appliance blocked forwarding of message. ##

¿¿¿¿¿¿¿¿ ¿¿¿¿¿¿¿¿¿ ¿¿¿¿¿¿¿¿¿:

Received: from PDC.AD-DOMAIN.local ([]) by PDC.AD-DOMAIN.local
 ([]) with mapi; Mon, 28 Feb 2011 10:34:11 +0600
From: user <>
To:"xxx(TOTAL)" <>
Date: Mon, 28 Feb 2011 10:34:11 +0600
Subject: FW:
Thread-Topic: whatever
Thread-Index: AcvW+hx8JW2KpsU8QuSZIE9F8Fm/KwABQDFwAABV1gA=
Message-ID: <56CADA32EDBF1B4B94EB5669B868F48B45045DB50F@PDC.AD-DOMAIN.local>
Accept-Language: ru-RU
Content-Language: ru-RU
X-MS-Has-Attach: yes
acceptlanguage: ru-RU
Content-Type: multipart/mixed;
MIME-Version: 1.0
JanibekAuthor Commented:
Thanks guys for your help, sorry for the delay, been on a short vacation
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.