Exchange 2007 & Sending Mail to Specific External Domains

Posted on 2011-09-30
Last Modified: 2012-06-27
I am working on a SBS 2008 server with Exchange 2007, and mail for the most part is working well.  This particular office has the ISP host their mail, and the exchange server pulls the mail down to their local exchange server.  I discovered they prefer this arrangement because it allows them to continue sending and receiving mail should their mail server go down for any apparent reason.  That makes sense and sounds like a good idea.  

The problem is certain outbound mail is not sending out for specific domains.  The messages sit in the mail queue indicating "Mail Delayed", but then a couple days later drops the mail message stating delivery is delayed and has not yet been delivered.  Then a couple of days later they get another email indicating the local exchange server has been trying to deliver the message without success and has stopped trying.  

I've am at a loss in trying to figure out how to fix this.  I've ensured the Internet router is not blocking anything outbound, disabled anti-virus software on the exchange server, ensured the ISP has the correct Reverse PTR records, conversed with the party we’re trying to send mail to ensure we're not blocked on their end, etc.  I even created a new Internet Send Connector.  I spoke with the ISP about this problem, and I had them allow me to setup a smarthost temporarily and when I did the mail sitting in the queue immediately sent out.  This ISP does not allow smarthosts for client exchange servers when they host their mail.  They only allow it for clients that have their mail hosted by another ISP.  So I was forced to disable the smarthost after the test.  The only thing I can think of is certain Spam programs might be checking the IP, hostname, and MX record.  Maybe it’s failing with the MX record because it shows the ISP instead of the local exchange server.  I am at a loss here.  The ISP stated we have two options: use the ISP popmail exclusively or have the exchange host the mail.  They also mentioned using a smarthost is not an option and the connection will be shutdown if you choose to use one.  Is there anyway around this by allowing them to keep this mail configuration of the ISP hosting the email without using a smarthost?  Maybe we could create a unique send connector or something.  Not sure, that's why I am posting this question.  
Question by:cmp119
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
LVL 17

Expert Comment

ID: 36891890
This is really just a guess.... but I think you are on the right track with your guess....

Sometimes recieving mail servers do a reverse MX qualification on recieving email...

i.e. is the server that is sendimg me mail from the same server that is listed as theMX record for, or at least on the same subnet.

In your case your sending server (SBS) will/may be very different from the server listed in your MX record. This could cause this issue.

Creating a custom send connector will not really help, as your server is delivering by DNS anyway to the chances are the end result will be the same, send connector will point to their MX server, or dns will deliver to their MX server, same deal.

you may be able to glean more information by telnet from your exchange server to port 25 of the destination server....

telnet 25
ehlo mail
mail from:
rcpt to:
type some test here
. (full stop to signal end of traffic)

You could pay for another smart host, but this may result in the same effect as the sending srver would be different from your recieving MX. The messages may appear to go out of your server to the smart host, but still no guarantee that that means they are delivered.

Exchange is designed to work as a SMTP client/server the POP connector in SBS is a "patch" at best. I would talk to your client and try to convince them to have it configured as it is meant to be. if they are that concerned about uptime, put in another DSL connection and have a decent backup strategy like Storage Craft ShadowProtect. Once they get used to having emails from client appear in 2 seconds rather than the 5 minute cycle of the POP connector they won't want to change back..

that's my 2c woth for this evening.... :)


Author Comment

ID: 36892172
I changed the mail domain to mydomain (underlinded), but when I ran this command I used the real domain.  Not sure why the "mail from:" command is not working.  I might just need to scrap further research on this issue, and inform the client they need to host their own mail to alleviate this problem.  If you think of anything else, please let me know.  Thanks.  

220 ESMTP Exim 4.69 Fri, 30 Sep 2011 07:28:38 -0700
ehlo mail Hello []
250-SIZE 52428800
250 HELP
mail from
500 unrecognized command
mail from:
500 unrecognized command
LVL 17

Expert Comment

ID: 36892196
notice the : after the mail from, and this server does not like spaces.....

220 ESMTP Exim 4.69 Fri, 30 Sep 2011 07:41:32 -0700
ehlo mail Hello mail []
250-SIZE 52428800
250 OK
550 relay not permitted

Relay not permistted obviously as I am trying to send email to myself, you should use one of the email addresses on this server that you are sending to.
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

LVL 17

Expert Comment

ID: 36892213
also, I notice that this server supports TTLS. Try disabling TTLS on your send connector, maybe your sever and this server are trying to establish a TTLS session and that is failing.

Author Comment

ID: 36892236
I saw that myself.  I do not have "Enable Domain Security (Mutual Auth TLS) enabled (checked).  I even tried enabling it to see if the message sends or not.  Not luck.

Author Comment

ID: 36892247
Any last thoughts before I speak with the client?

Author Comment

ID: 36892338
Is there a way to setup an alternate send connector with the ISP smarthost, and when mail sent that has problems it uses this alternate send connector.  The ISP stated if we use the smarthost and they get wing of it, they will shut it down.  So I was thinking if all mail sent out goes to the default send connector which doesn't an ISP smarthost defined, but when it has problems sending mail it out it uses the alternet send connector that has the smarthost defined to send out problem mail.  If I could get that to work, and it has low volume maybe the ISP won't see much traffic and flag it for shutdown.  I am thinking setting up the alternate Internet Send connector with an address space cost of 2 or higher would do this since the default send connector has a cost of 1.  When possible, please let me know.  This about all I can think of as a possible resolution.
LVL 17

Accepted Solution

aoakeley earned 500 total points
ID: 36894940
You you can.
Create a new send connector
Set the smart host for the ISP's SMTP server
in the address space tab enter the domains that you want to use this connector - set the cost to 1
in the adress space tab of your default send connector - set the cost to 5

Author Closing Comment

ID: 36911784
Appreciate the information.  I simply informed the client they either need to host there own mail or allow the ISP to host it.  The ISP blocked SmartHost access for this client, and they will not authorize it since they actually host their mail.  If another ISP were hosting their mail, they would allow access.  Thank you anyway.

Featured Post

[Webinar] How Hackers Steal Your Credentials

Do You Know How Hackers Steal Your Credentials? Join us and Skyport Systems to learn how hackers steal your credentials and why Active Directory must be secure to stop them. Thursday, July 13, 2017 10:00 A.M. PDT

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

MS Outlook is a world-class email client application that is mainly used for e-communication globally.  In this article, we will discuss the basic idea about MS Outlook, its advanced features, and types of MS Outlook File formats.
After hours on line I found a solution which pointed to the inherited Active Directory permissions . You have to give/allow permissions to the "Exchange trusted subsystem" for the user in the Active Directory...
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to:…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
Suggested Courses
Course of the Month7 days, 17 hours left to enroll

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question