Solved

Exchange 2007 & Sending Mail to Specific External Domains

Posted on 2011-09-30
9
279 Views
Last Modified: 2012-06-27
I am working on a SBS 2008 server with Exchange 2007, and mail for the most part is working well.  This particular office has the ISP host their mail, and the exchange server pulls the mail down to their local exchange server.  I discovered they prefer this arrangement because it allows them to continue sending and receiving mail should their mail server go down for any apparent reason.  That makes sense and sounds like a good idea.  

The problem is certain outbound mail is not sending out for specific domains.  The messages sit in the mail queue indicating "Mail Delayed", but then a couple days later drops the mail message stating delivery is delayed and has not yet been delivered.  Then a couple of days later they get another email indicating the local exchange server has been trying to deliver the message without success and has stopped trying.  

I've am at a loss in trying to figure out how to fix this.  I've ensured the Internet router is not blocking anything outbound, disabled anti-virus software on the exchange server, ensured the ISP has the correct Reverse PTR records, conversed with the party we’re trying to send mail to ensure we're not blocked on their end, etc.  I even created a new Internet Send Connector.  I spoke with the ISP about this problem, and I had them allow me to setup a smarthost temporarily and when I did the mail sitting in the queue immediately sent out.  This ISP does not allow smarthosts for client exchange servers when they host their mail.  They only allow it for clients that have their mail hosted by another ISP.  So I was forced to disable the smarthost after the test.  The only thing I can think of is certain Spam programs might be checking the IP, hostname, and MX record.  Maybe it’s failing with the MX record because it shows the ISP instead of the local exchange server.  I am at a loss here.  The ISP stated we have two options: use the ISP popmail exclusively or have the exchange host the mail.  They also mentioned using a smarthost is not an option and the connection will be shutdown if you choose to use one.  Is there anyway around this by allowing them to keep this mail configuration of the ISP hosting the email without using a smarthost?  Maybe we could create a unique send connector or something.  Not sure, that's why I am posting this question.  
0
Comment
Question by:cmp119
  • 5
  • 4
9 Comments
 
LVL 17

Expert Comment

by:aoakeley
ID: 36891890
This is really just a guess.... but I think you are on the right track with your guess....

Sometimes recieving mail servers do a reverse MX qualification on recieving email...

i.e. is the server that is sendimg me mail from domain.com the same server that is listed as theMX record for domain.com, or at least on the same subnet.

In your case your sending server (SBS) will/may be very different from the server listed in your MX record. This could cause this issue.

Creating a custom send connector will not really help, as your server is delivering by DNS anyway to the chances are the end result will be the same, send connector will point to their MX server, or dns will deliver to their MX server, same deal.

you may be able to glean more information by telnet from your exchange server to port 25 of the destination server....

eg:
telnet mail.destinationdomain.com 25
ehlo mail
mail from: me@mydomain.com
rcpt to: you@destinationdomain.com
data
type some test here
. (full stop to signal end of traffic)
quit

You could pay for another smart host, but this may result in the same effect as the sending srver would be different from your recieving MX. The messages may appear to go out of your server to the smart host, but still no guarantee that that means they are delivered.

Exchange is designed to work as a SMTP client/server the POP connector in SBS is a "patch" at best. I would talk to your client and try to convince them to have it configured as it is meant to be. if they are that concerned about uptime, put in another DSL connection and have a decent backup strategy like Storage Craft ShadowProtect. Once they get used to having emails from client appear in 2 seconds rather than the 5 minute cycle of the POP connector they won't want to change back..

that's my 2c woth for this evening.... :)

0
 

Author Comment

by:cmp119
ID: 36892172
I changed the mail domain to mydomain (underlinded), but when I ran this command I used the real domain.  Not sure why the "mail from:" command is not working.  I might just need to scrap further research on this issue, and inform the client they need to host their own mail to alleviate this problem.  If you think of anything else, please let me know.  Thanks.  

220 cl27.gs01.gridserver.com ESMTP Exim 4.69 Fri, 30 Sep 2011 07:28:38 -0700
ehlo mail
250-cl27.gs01.gridserver.com Hello remote.mydomain.com [98.190.255.5]
250-SIZE 52428800
250-PIPELINING
250-AUTH LOGIN PLAIN
250-STARTTLS
250 HELP
mail from rlglaw@mydomain.com
500 unrecognized command
mail from: rlglaw@mydomain.com
500 unrecognized command
0
 
LVL 17

Expert Comment

by:aoakeley
ID: 36892196
notice the : after the mail from, and this server does not like spaces.....

220 cl27.gs01.gridserver.com ESMTP Exim 4.69 Fri, 30 Sep 2011 07:41:32 -0700
ehlo mail
250-cl27.gs01.gridserver.com Hello mail [124.149.134.241]
250-SIZE 52428800
250-PIPELINING
250-AUTH LOGIN PLAIN
250-HELP
250 STARTTLS
mail from:andrew@domain.com
250 OK
rcpt to:andrew@domain.com.au
550 relay not permitted

Relay not permistted obviously as I am trying to send email to myself, you should use one of the email addresses on this server that you are sending to.
0
 
LVL 17

Expert Comment

by:aoakeley
ID: 36892213
also, I notice that this server supports TTLS. Try disabling TTLS on your send connector, maybe your sever and this server are trying to establish a TTLS session and that is failing.
0
Do email signature updates give you a headache?

Constantly trying to correctly format email signatures? Spending all of your time at every user’s desk to make updates? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today!

 

Author Comment

by:cmp119
ID: 36892236
I saw that myself.  I do not have "Enable Domain Security (Mutual Auth TLS) enabled (checked).  I even tried enabling it to see if the message sends or not.  Not luck.
0
 

Author Comment

by:cmp119
ID: 36892247
Any last thoughts before I speak with the client?
0
 

Author Comment

by:cmp119
ID: 36892338
Is there a way to setup an alternate send connector with the ISP smarthost, and when mail sent that has problems it uses this alternate send connector.  The ISP stated if we use the smarthost and they get wing of it, they will shut it down.  So I was thinking if all mail sent out goes to the default send connector which doesn't an ISP smarthost defined, but when it has problems sending mail it out it uses the alternet send connector that has the smarthost defined to send out problem mail.  If I could get that to work, and it has low volume maybe the ISP won't see much traffic and flag it for shutdown.  I am thinking setting up the alternate Internet Send connector with an address space cost of 2 or higher would do this since the default send connector has a cost of 1.  When possible, please let me know.  This about all I can think of as a possible resolution.
0
 
LVL 17

Accepted Solution

by:
aoakeley earned 500 total points
ID: 36894940
You you can.
Create a new send connector
Set the smart host for the ISP's SMTP server
in the address space tab enter the domains that you want to use this connector - set the cost to 1
in the adress space tab of your default send connector - set the cost to 5
0
 

Author Closing Comment

by:cmp119
ID: 36911784
Appreciate the information.  I simply informed the client they either need to host there own mail or allow the ISP to host it.  The ISP blocked SmartHost access for this client, and they will not authorize it since they actually host their mail.  If another ISP were hosting their mail, they would allow access.  Thank you anyway.
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now