Exchange Server unable to send to google hosted email addresses, smtp error??

Hi Experts,

I am currently administering an Exchange 2003 server for a small company running on Small Business Server.  2 weeks after starting at this job, the Exchange server was hit with a huge amount of spam email (I now believe the server was left as an open relay, which I have now turned off).  The IP address was blacklisted in a couple of places and our rating on IronPort (senderbase) for the IP address was poor, it is now back to good.  A residual problem left over after all of this is being unable to send to email addresses that seem to be hosted by google (servers that use mx.google.com) mail servers.  When i telnet to these email addresses from the server, mx.google.com is happy with helo/ehlo commands and rcpt commands etc.  But when sending from an outlook client, an undeliverable message arrives back within 2 mins.

There was a SMTP communication problem with the recipient's email server. Please contact your system administrator.
  <mail.ourserver.com.au #5.5.0 smtp;550-5.7.1 [165.228.125.39 1] Our system has detected an unusual rate of>

Are we blacklisted by google? What could be stopping the server recieving?  Our mx records check out with FQDN and IP address.  I have checked all settings in the SMTP area of exchange, wondered if it is DNS???  I am really at the end of my limits.  HELP!!!!!!

Any ideas much appreacieated.  Thanks for reading.

Luke...
luckyluke2Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Alan HardistyCo-OwnerCommented:
Sounds like you may have been an authenticated relay, not an open relay, but as long as it has stopped - that's great.

Yes - Google are blocking you and if you visit the following link, fill in your details and wait, you should get de-listed:

https://mail.google.com/support/bin/request.py?contact_type=msgdelivery
0
AlanConsultantCommented:
Hi Luike,

You might also want to look at setting up an SPF record if you haven't already.

Many couterparties regard the existence of an SPF record as being a positive 'score' and that may help ensure that you are not blacklisted by anyone else on top of Google.

Good luck!

Alan.
0
Alan HardistyCo-OwnerCommented:
They already have a good SPF record in place.
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

luckyluke2Author Commented:
Hi Alans!!

I did find the site you linked in your answer on Monday, nothing has changed over 48 hours later (people in office are getting a bit impatient!!)  Guess I will keep waiting

As for SPF records, do they require any ongoing maintenance after setup? I am assisting with IT for a short while, but like most small companies, don't have someone looking after IT fulltime.

Thanks

Luke...
0
luckyluke2Author Commented:
Thanks Alanhardisty, your right, a SPF record is already in place for the domain.  Must have been done before I started.
0
Alan HardistyCo-OwnerCommented:
No ongoing maintenance required unless you change your IP addresses that you send from.

I don't imagine Google will rush to de-list you!

Worst case - you may be able to setup a scoped SMTP Connector to send mail for Google via your ISP which should make the mail get delivered happily:

http://www.msexchange.org/tutorials/configuring-smtp-connector.html

Set the Address Space to google.com and add a SmartHost - your ISP's mail servers and then make sure the mail leaves your server.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
luckyluke2Author Commented:
I will give it a try tomorrow and report back, no smarthost is currently in place, but will try to find the ISP mail server info.  I coincidentally did find this article today ( I have been trying to research this prob on and off for 3 days!!), but was not feeling 100% confident about setting up. What's the chance this might affect any other mail being sent?

If all goes well, I will report back and close case..... Thanks again
0
Alan HardistyCo-OwnerCommented:
None - it will only send mail destined for google.com via your ISP and all other mail will go via your other SMTP Connector, assuming you have one.

If you don't have one, set one up to use DNS and * as the Address Space and all other mail will be sent via that connector.

If you are unsure of any step, or get stuck / go wrong, let me know.
0
luckyluke2Author Commented:
1 point which I may not have been clear enough about here, the email addresses we are sending to don't all have @gmail.com or @google.com, they can be something like @mytime.com (not real example of problem address/server), but when I telnet from the server to these other problem addresses, it is mx.google.com that answers as ready. Interestingly, I think I am getting a bit different result for the replying telnet server whilst at home, than at work.  Something not right!!!
0
Alan HardistyCo-OwnerCommented:
Telnetting will give them your IP Address, so you will see different results if you are at a different IP Address.

You can add whatever domain names to the Address Space - if you have problems, add the domain name and then send that domains mail via your ISP until you get off their lists.

I wouldn't waste more time testing.  If you have filled in the forms, wait for confirmation and in the mean-time, set up a new connector using your ISP's mail server and leave it at that.  Then when you get confirmation, you can remove the connector and all mail will revert back to using DNS.
0
marcustechCommented:
FYI If nytime.com's MX server responds as mx.google.com it just means nytime.com are using Google Apps for their email hosting, which is fairly common these days.
0
Radhakrishnan RSenior Technical LeadCommented:
Just a thought, can you try enable Annonymous access and check whether you able to send mails gmail. I may be wrong here but worth to try once.
0
Alan HardistyCo-OwnerCommented:
@radhakrishnan2007 - What do you suggest anonymous access is enabled on exactly?
0
luckyluke2Author Commented:
Thanks for all suggestions/comments.  Thanks alanhardisty. Adding a temporary SMTP connector linked to our ISP smarthost has certainly fixed the problem.  Following the instructions in the link was quite easy. I did have to create a company wide SMTP connector firstly linked to DNS, then create the secondary SMTP connector linked to ISP smarthost for the problem emails.  I was reassured to hear that I couldn't do too much damage!! Thanks. Very pleased
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
SBS

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.