[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 377
  • Last Modified:

Exchange Server unable to send to google hosted email addresses, smtp error??

Hi Experts,

I am currently administering an Exchange 2003 server for a small company running on Small Business Server.  2 weeks after starting at this job, the Exchange server was hit with a huge amount of spam email (I now believe the server was left as an open relay, which I have now turned off).  The IP address was blacklisted in a couple of places and our rating on IronPort (senderbase) for the IP address was poor, it is now back to good.  A residual problem left over after all of this is being unable to send to email addresses that seem to be hosted by google (servers that use mx.google.com) mail servers.  When i telnet to these email addresses from the server, mx.google.com is happy with helo/ehlo commands and rcpt commands etc.  But when sending from an outlook client, an undeliverable message arrives back within 2 mins.

There was a SMTP communication problem with the recipient's email server. Please contact your system administrator.
  <mail.ourserver.com.au #5.5.0 smtp;550-5.7.1 [165.228.125.39 1] Our system has detected an unusual rate of>

Are we blacklisted by google? What could be stopping the server recieving?  Our mx records check out with FQDN and IP address.  I have checked all settings in the SMTP area of exchange, wondered if it is DNS???  I am really at the end of my limits.  HELP!!!!!!

Any ideas much appreacieated.  Thanks for reading.

Luke...
0
luckyluke2
Asked:
luckyluke2
1 Solution
 
Alan HardistyCommented:
Sounds like you may have been an authenticated relay, not an open relay, but as long as it has stopped - that's great.

Yes - Google are blocking you and if you visit the following link, fill in your details and wait, you should get de-listed:

https://mail.google.com/support/bin/request.py?contact_type=msgdelivery
0
 
AlanConsultantCommented:
Hi Luike,

You might also want to look at setting up an SPF record if you haven't already.

Many couterparties regard the existence of an SPF record as being a positive 'score' and that may help ensure that you are not blacklisted by anyone else on top of Google.

Good luck!

Alan.
0
 
Alan HardistyCommented:
They already have a good SPF record in place.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
luckyluke2Author Commented:
Hi Alans!!

I did find the site you linked in your answer on Monday, nothing has changed over 48 hours later (people in office are getting a bit impatient!!)  Guess I will keep waiting

As for SPF records, do they require any ongoing maintenance after setup? I am assisting with IT for a short while, but like most small companies, don't have someone looking after IT fulltime.

Thanks

Luke...
0
 
luckyluke2Author Commented:
Thanks Alanhardisty, your right, a SPF record is already in place for the domain.  Must have been done before I started.
0
 
Alan HardistyCommented:
No ongoing maintenance required unless you change your IP addresses that you send from.

I don't imagine Google will rush to de-list you!

Worst case - you may be able to setup a scoped SMTP Connector to send mail for Google via your ISP which should make the mail get delivered happily:

http://www.msexchange.org/tutorials/configuring-smtp-connector.html

Set the Address Space to google.com and add a SmartHost - your ISP's mail servers and then make sure the mail leaves your server.
0
 
luckyluke2Author Commented:
I will give it a try tomorrow and report back, no smarthost is currently in place, but will try to find the ISP mail server info.  I coincidentally did find this article today ( I have been trying to research this prob on and off for 3 days!!), but was not feeling 100% confident about setting up. What's the chance this might affect any other mail being sent?

If all goes well, I will report back and close case..... Thanks again
0
 
Alan HardistyCommented:
None - it will only send mail destined for google.com via your ISP and all other mail will go via your other SMTP Connector, assuming you have one.

If you don't have one, set one up to use DNS and * as the Address Space and all other mail will be sent via that connector.

If you are unsure of any step, or get stuck / go wrong, let me know.
0
 
luckyluke2Author Commented:
1 point which I may not have been clear enough about here, the email addresses we are sending to don't all have @gmail.com or @google.com, they can be something like @mytime.com (not real example of problem address/server), but when I telnet from the server to these other problem addresses, it is mx.google.com that answers as ready. Interestingly, I think I am getting a bit different result for the replying telnet server whilst at home, than at work.  Something not right!!!
0
 
Alan HardistyCommented:
Telnetting will give them your IP Address, so you will see different results if you are at a different IP Address.

You can add whatever domain names to the Address Space - if you have problems, add the domain name and then send that domains mail via your ISP until you get off their lists.

I wouldn't waste more time testing.  If you have filled in the forms, wait for confirmation and in the mean-time, set up a new connector using your ISP's mail server and leave it at that.  Then when you get confirmation, you can remove the connector and all mail will revert back to using DNS.
0
 
marcustechCommented:
FYI If nytime.com's MX server responds as mx.google.com it just means nytime.com are using Google Apps for their email hosting, which is fairly common these days.
0
 
Radhakrishnan RITCommented:
Just a thought, can you try enable Annonymous access and check whether you able to send mails gmail. I may be wrong here but worth to try once.
0
 
Alan HardistyCommented:
@radhakrishnan2007 - What do you suggest anonymous access is enabled on exactly?
0
 
luckyluke2Author Commented:
Thanks for all suggestions/comments.  Thanks alanhardisty. Adding a temporary SMTP connector linked to our ISP smarthost has certainly fixed the problem.  Following the instructions in the link was quite easy. I did have to create a company wide SMTP connector firstly linked to DNS, then create the secondary SMTP connector linked to ISP smarthost for the problem emails.  I was reassured to hear that I couldn't do too much damage!! Thanks. Very pleased
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now