?
Solved

RBL and Exchange 2007

Posted on 2011-09-30
19
Medium Priority
?
558 Views
Last Modified: 2012-05-12
I have a hand full of users that have outside reciepents that bounce back emails sent to them and the error details note 'Message rejected because of RBL policy'

We are running Exchange 2007 and using Vipre (from GFI) for spam filtering. When I run our mail server IP on the blacklist check found at http://www.mxtoolbox.com it comes back clean.

My question is two fold...

(1) Could it be that we are listed someplace else that http://www.mxtoolbox.com does not scan again and if so is there another tool I should be using other than http://www.mxtoolbox.com?

(2) I am under the assumption that I am only relying only on GFI's software for RBL purposes but is it possible that I have it also setup in Exchange? If so how would I check?

Not sure if it matters any but the bounce backs all seem to come from users that have Google for email
0
Comment
Question by:bnrtech
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 11
  • 8
19 Comments
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 36892120
What is the FQDN on your SEND Connector and what is your Reverse DNS Record on your fixed IP Address set as?

Do they match?  Do they both resolve in DNS back to the IP Address you are sending from?

If you are not sure - send me a test message to alan @ it-eye.co.uk and I'll see what you are sending as, what IP you are coming from and I'll see if I can see any issues with your setup that might be causing you problems.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 36892124
FYI - Vipre is Anti-Virus not Anti-Spam.  Are you using GFI Mail Essentials for Spam Filtering?
0
 

Author Comment

by:bnrtech
ID: 36892302

Thanks for this input. I will send you a test email right now from the admin account. I did update the FQDN in E2007 a couple of moments ago. I thought I already did this but it looks like I was wrong in that assumption.

The Vipre product we use is both for anti-spam and anti-virus.

Thanks for this helpful input.
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 

Author Comment

by:bnrtech
ID: 36892321

FYI - Here is the Vipre product that we use...

http://www.gfi.com/mes

0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 36892322
Ooh - sorry about the Vipre - didn't know they did a combined product.  We use a Vipre based solution from them and wrongly assumed it was only AV!  You live and you learn :)
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 36892343
Okay - test email received.  Checking your config to see if anything stands out as being wrong.
0
 

Author Comment

by:bnrtech
ID: 36892367

All good. Standing by. Thanks :)
0
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 2000 total points
ID: 36892403
Okay - your FQDN = exchange.domain.org.  Your Reverse DNS on the IP you are sending from is mail.domain.org.

Performing an nslookup on exchange.domain.org fails, so you would be better off changing the FQDN on your SEND connector to mail.domain.org then you will be RFC compliant.

Separate note - you have two MX records pointing to the same IP Address, which is completely pointless.  If you only have 1 server - having two MX's is not going to help if your 1 server goes down.  Best to remove the MX record with the 300 priority.

You don't have an SPF record and would be advised to get one setup.

Other than that - you are clean!
0
 

Author Comment

by:bnrtech
ID: 36892596
On the FQDN, maybe I need to restart the connector before the change takes effect (?). I will do that later and send you another test. I see your point in making certain both are mail.domain.org

Understood on the MX record.

Any recommendation on setting up a SPF record?

Thanks for all of the support
0
 
LVL 76

Assisted Solution

by:Alan Hardisty
Alan Hardisty earned 2000 total points
ID: 36892612
Make the change and restart the Exchange Transport Service.

You can visit http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/ to figure out what you need for SPF.

You are welcome :)
0
 

Author Comment

by:bnrtech
ID: 36892717

All good. I will restart the transport now and send you one more test message.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 36892740
Okey dokey.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 36892805
Still seeing exchange.domain.org as FQDN.
0
 

Author Comment

by:bnrtech
ID: 36893635

Maybe I need to reboot the server (which I can do tonight)?

and/or

Maybe I am not doing the right thing to setup the FQDN? Here are screenshots of the connectors with what I think is the right FQDN setup, Is there something I am missed? connector 1 connector 1connector2.JPG
connector3.JPG
0
 
LVL 76

Assisted Solution

by:Alan Hardisty
Alan Hardisty earned 2000 total points
ID: 36893701
You don't need to adjust your Receive connector - you need to adjust you Send Connector under Org Config> Hub Transport
0
 

Author Comment

by:bnrtech
ID: 36893755

Got it. My mistake. I just updated (hopefully the right way this time) and resent another test.

Thanks for all the good tips.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 36893800
That's better.  Seeing mail.domain.org now.

Try sending emails to the recipients that failed before.
0
 

Author Closing Comment

by:bnrtech
ID: 36893913
Thanks for all the help info!
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 36893966
Thanks for the points :)

Have a good weekend.

Alan
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Unified and professional email signatures help maintain a consistent company brand image to the outside world. This article shows how to create an email signature in Exchange Server 2010 using a transport rule and how to overcome native limitations …
I don't pretend to be an expert at this, but I have found a few things that are useful. I hope that sharing them here will help others, so they will not have to face some rather hard choices. Since I felt this to be a topic of enough importance and…
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
Suggested Courses
Course of the Month8 days, 22 hours left to enroll

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question