Exchange 2007 & Sending Mail to Specific External Domains
I am working on a SBS 2008 server with Exchange 2007, and mail for the most part is working well. This particular office has the ISP host their mail, and the exchange server pulls the mail down to their local exchange server. I discovered they prefer this arrangement because it allows them to continue sending and receiving mail should their mail server go down for any apparent reason. That makes sense and sounds like a good idea.
The problem is certain outbound mail is not sending out for specific domains. The messages sit in the mail queue indicating "Mail Delayed", but then a couple days later drops the mail message stating delivery is delayed and has not yet been delivered. Then a couple of days later they get another email indicating the local exchange server has been trying to deliver the message without success and has stopped trying.
I've am at a loss in trying to figure out how to fix this. I've ensured the Internet router is not blocking anything outbound, disabled anti-virus software on the exchange server, ensured the ISP has the correct Reverse PTR records, conversed with the party we’re trying to send mail to ensure we're not blocked on their end, etc. I even created a new Internet Send Connector. I spoke with the ISP about this problem, and I had them allow me to setup a smarthost temporarily and when I did the mail sitting in the queue immediately sent out. This ISP does not allow smarthosts for client exchange servers when they host their mail. They only allow it for clients that have their mail hosted by another ISP. So I was forced to disable the smarthost after the test. The only thing I can think of is certain Spam programs might be checking the IP, hostname, and MX record. Maybe it’s failing with the MX record because it shows the ISP instead of the local exchange server. I am at a loss here. The ISP stated we have two options: use the ISP popmail exclusively or have the exchange host the mail. They also mentioned using a smarthost is not an option and the connection will be shutdown if you choose to use one. Is there anyway around this by allowing them to keep this mail configuration of the ISP hosting the email without using a smarthost? Maybe we could create a unique send connector or something. Not sure, that's why I am posting this question.
The problem is certain outbound mail is not sending out for specific domains. The messages sit in the mail queue indicating "Mail Delayed", but then a couple days later drops the mail message stating delivery is delayed and has not yet been delivered. Then a couple of days later they get another email indicating the local exchange server has been trying to deliver the message without success and has stopped trying.
I've am at a loss in trying to figure out how to fix this. I've ensured the Internet router is not blocking anything outbound, disabled anti-virus software on the exchange server, ensured the ISP has the correct Reverse PTR records, conversed with the party we’re trying to send mail to ensure we're not blocked on their end, etc. I even created a new Internet Send Connector. I spoke with the ISP about this problem, and I had them allow me to setup a smarthost temporarily and when I did the mail sitting in the queue immediately sent out. This ISP does not allow smarthosts for client exchange servers when they host their mail. They only allow it for clients that have their mail hosted by another ISP. So I was forced to disable the smarthost after the test. The only thing I can think of is certain Spam programs might be checking the IP, hostname, and MX record. Maybe it’s failing with the MX record because it shows the ISP instead of the local exchange server. I am at a loss here. The ISP stated we have two options: use the ISP popmail exclusively or have the exchange host the mail. They also mentioned using a smarthost is not an option and the connection will be shutdown if you choose to use one. Is there anyway around this by allowing them to keep this mail configuration of the ISP hosting the email without using a smarthost? Maybe we could create a unique send connector or something. Not sure, that's why I am posting this question.
ASKER
I changed the mail domain to mydomain (underlinded), but when I ran this command I used the real domain. Not sure why the "mail from:" command is not working. I might just need to scrap further research on this issue, and inform the client they need to host their own mail to alleviate this problem. If you think of anything else, please let me know. Thanks.
220 cl27.gs01.gridserver.com ESMTP Exim 4.69 Fri, 30 Sep 2011 07:28:38 -0700
ehlo mail
250-cl27.gs01.gridserver.c
250-SIZE 52428800
250-PIPELINING
250-AUTH LOGIN PLAIN
250-STARTTLS
250 HELP
mail from rlglaw@mydomain.com
500 unrecognized command
mail from: rlglaw@mydomain.com
500 unrecognized command
220 cl27.gs01.gridserver.com ESMTP Exim 4.69 Fri, 30 Sep 2011 07:28:38 -0700
ehlo mail
250-cl27.gs01.gridserver.c
250-SIZE 52428800
250-PIPELINING
250-AUTH LOGIN PLAIN
250-STARTTLS
250 HELP
mail from rlglaw@mydomain.com
500 unrecognized command
mail from: rlglaw@mydomain.com
500 unrecognized command
notice the : after the mail from, and this server does not like spaces.....
220 cl27.gs01.gridserver.com ESMTP Exim 4.69 Fri, 30 Sep 2011 07:41:32 -0700
ehlo mail
250-cl27.gs01.gridserver.c
250-SIZE 52428800
250-PIPELINING
250-AUTH LOGIN PLAIN
250-HELP
250 STARTTLS
mail from:andrew@domain.com
250 OK
rcpt to:andrew@domain.com.au
550 relay not permitted
Relay not permistted obviously as I am trying to send email to myself, you should use one of the email addresses on this server that you are sending to.
220 cl27.gs01.gridserver.com ESMTP Exim 4.69 Fri, 30 Sep 2011 07:41:32 -0700
ehlo mail
250-cl27.gs01.gridserver.c
250-SIZE 52428800
250-PIPELINING
250-AUTH LOGIN PLAIN
250-HELP
250 STARTTLS
mail from:andrew@domain.com
250 OK
rcpt to:andrew@domain.com.au
550 relay not permitted
Relay not permistted obviously as I am trying to send email to myself, you should use one of the email addresses on this server that you are sending to.
also, I notice that this server supports TTLS. Try disabling TTLS on your send connector, maybe your sever and this server are trying to establish a TTLS session and that is failing.
ASKER
I saw that myself. I do not have "Enable Domain Security (Mutual Auth TLS) enabled (checked). I even tried enabling it to see if the message sends or not. Not luck.
ASKER
Any last thoughts before I speak with the client?
ASKER
Is there a way to setup an alternate send connector with the ISP smarthost, and when mail sent that has problems it uses this alternate send connector. The ISP stated if we use the smarthost and they get wing of it, they will shut it down. So I was thinking if all mail sent out goes to the default send connector which doesn't an ISP smarthost defined, but when it has problems sending mail it out it uses the alternet send connector that has the smarthost defined to send out problem mail. If I could get that to work, and it has low volume maybe the ISP won't see much traffic and flag it for shutdown. I am thinking setting up the alternate Internet Send connector with an address space cost of 2 or higher would do this since the default send connector has a cost of 1. When possible, please let me know. This about all I can think of as a possible resolution.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Appreciate the information. I simply informed the client they either need to host there own mail or allow the ISP to host it. The ISP blocked SmartHost access for this client, and they will not authorize it since they actually host their mail. If another ISP were hosting their mail, they would allow access. Thank you anyway.
Sometimes recieving mail servers do a reverse MX qualification on recieving email...
i.e. is the server that is sendimg me mail from domain.com the same server that is listed as theMX record for domain.com, or at least on the same subnet.
In your case your sending server (SBS) will/may be very different from the server listed in your MX record. This could cause this issue.
Creating a custom send connector will not really help, as your server is delivering by DNS anyway to the chances are the end result will be the same, send connector will point to their MX server, or dns will deliver to their MX server, same deal.
you may be able to glean more information by telnet from your exchange server to port 25 of the destination server....
eg:
telnet mail.destinationdomain.com
ehlo mail
mail from: me@mydomain.com
rcpt to: you@destinationdomain.com
data
type some test here
. (full stop to signal end of traffic)
quit
You could pay for another smart host, but this may result in the same effect as the sending srver would be different from your recieving MX. The messages may appear to go out of your server to the smart host, but still no guarantee that that means they are delivered.
Exchange is designed to work as a SMTP client/server the POP connector in SBS is a "patch" at best. I would talk to your client and try to convince them to have it configured as it is meant to be. if they are that concerned about uptime, put in another DSL connection and have a decent backup strategy like Storage Craft ShadowProtect. Once they get used to having emails from client appear in 2 seconds rather than the 5 minute cycle of the POP connector they won't want to change back..
that's my 2c woth for this evening.... :)