Solved

Switched ISP IP address, now internal exchange server showing MSexchangetransport errors

Posted on 2011-03-17
6
449 Views
Last Modified: 2012-05-11
Our organization recently switched ISPs.  We got a new data T1 and new IP addresses from AT&T.  I've switched our A record tat our registrar to point to the new WAN IP for our exchange server. Everything seems to work, but here's the problem:

Most email goes out from our organization.  I tested several high level domains: gmail.com, yahoo.com, but there are a few other domains that I cannot send email to.

When I try and send mail to a comcast.net, agfc.state.ar.us, or several other domains, we get a delay of delivery notification from our exchange server.

Our exchange server is not set up as a mail relay, our SMTP virtual outbound settings do not point to a smart host.  We are managing everything from our exchange server

There are hundreds of application event warnings for the MSexchangeTransport in our event logs. Here are a few examples:
Source: MSExchangeTransport
Category: SMTP Protocol
Event ID: 7010
Description:
This is an SMTP protocol log for the vertual server ID 1, connection #466. The client "166.137.140.122" sent a "rcpt" command and the SMTP server responded with "550 5.7.1 Unable to relay for xxxxx@agfc.state.ar.us". The full command sent was "rcpt TO:<xxxxx@agfc.state.ar.us>". This will probably cause the connection to fail.

I've got hundreds of these in my event log.  I just need some help figuring out why some mail is going through and some is not.

Thanks in advance for your help.
0
Comment
Question by:J_bodenheimer
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 9

Expert Comment

by:TBK-Consulting
ID: 35159875
you need to change or add an SPF Record to your DNS Records so that other servers will know that you are set to a good ip address that is authorized to send your domains email ... also you need to have reverse dns setup properly from the new ISP for that IP Address to show it does belong to the mail server.
0
 

Author Comment

by:J_bodenheimer
ID: 35159911
Can you provide me with instructions for change/add of an SPF record in my DNS records?  That would be awesome.  I think I have the reverse setup properly.  

Also, what is a good command line input I can give to test proper reverse DNS?

Thank you TBK for your prompt response on this.
0
 
LVL 9

Expert Comment

by:TBK-Consulting
ID: 35159947
mxtoolbox.com has a reverse dns lookup tool and also has a tool to help create the spf record as well
0
Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

 

Author Comment

by:J_bodenheimer
ID: 35160090
TBK,

I'm really just an admin for the organization.  I mainly do hardware.  I see on mxtoolbox.com that the spf query shows no record, but I'm not finding the tool that will help me create an spf record or where that spf record is even suppose to reside.

Here's a little more information:
When we switched our T1 over to AT&T and got the new IP address, they will not set a reverse lookup, but will allow our IPs to be associated with our registrar's name servers.  
Are you say I have to work with my registrar to make sure there are reverse dns set on their name servers and the SPF record as well?

Thanks!
Jason
0
 
LVL 9

Accepted Solution

by:
TBK-Consulting earned 500 total points
ID: 35160129
The SPF in of itself will get you past most spam filters, but there are some that will absolutely not pass your email unless the reverse dns points the ip address to mail.yourdomain.com

For the SPF Record creation, there is a link to www.openspf.org from mxtoolbox.com but it's hard to find sometimes ... try going directly to www.openspf.org and the tool is right on the front page towards the right side ...

If you still can't get all your email passing thru servers for proper delivery, you may want to consider using your ISP's email servers as a smarthost to deliver the email.
0
 

Author Closing Comment

by:J_bodenheimer
ID: 35194501
TBK Gave the right solution for the question I asked, but ultimately the best solution for me was to completely give DNS control to our ISP.  
We were having our Registrar handle DNS, which made it quick and efficient to make changes for CNAME and A Records, but when it came to reverse DNS lookups for our inhouse exchange server, the provider that is hosting your exchange server's IP address is (as a rule) the provider you want to handle your DNS.   I think it's stupid and the SPF record should've worked...  in theory it should have, but in practice it did not.
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lotus Notes – formerly IBM Notes – is an email client application, while IBM Domino (earlier Lotus Domino) is an email server. The client possesses a set of features that are even more advanced as compared to that of Outlook. Likewise, IBM Domino is…
This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question