Cannot send email to 1 specific domain...mail hangs in exchange queue and eventually gives 4.4.7 NDR

I am pulling my hair out with this one and have been troubleshooting for days. We are set up with SBS 2003 and we cannot send email to a certain domain nor can I tracert to it. The email hangs in the exchange queue for a few days before spitting out a 4.4.7 NDR. We can send email fine to everyone else and the failing domain can receive emails from everyone else. I have spoken with them as well as our ISP. Our ISP can send email and tracert to them fine so something is happening on my end. Tracert results are similar to this...
192.168.100.10 (router)
66.196.245.1 (external gateway)
10.100.0.1
10.100.3.45
10.100.4.10
10.100.9.106
10.100.12.242
10.100.9.122
10.100.9.100
It then does a lot of request timeouts and fails. When I tracert to any other domain, it does the first 3 routes and then connects so I am not sure why it is going through all those 10.100.x.x routes. I thought it was hung up for some reason at my router but after talking with the manufacturer and double and triple checking everything is set up properly as far as we can see. It is a SnapGear 300 device.

Also, I am not relaying nor and I do have reverse DNS.  If anyone can please help in any way it would be greatly appreciated!

Thanks,
Graham
graham0502Asked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
snurkerConnect With a Mentor Commented:
At least specify that domain in the addresses tab. This way not all email will go through the smarthost.
0
 
snurkerCommented:
What happens when you try to telnet into the remote server?
0
 
celazkonCommented:
This seems like routing error by your ISP. I had similar issue about a year ago.
I would recomend to contact your ISP and request the route check for the problematic domain (or since you need to send emails to the domain, check the MX records first and then request by your ISP to check routing to the mail exchanger hosts).
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
wolfcamelCommented:
as a work around it may pay to configure exchange to forward all mail to your isps smtp server as then your isp will resolve and deliver it.
however my guess is something wrong with your router setup, possibly netmasks but you may need to provide more info on your ip addressing etc
0
 
graham0502Author Commented:
I cannot telnet into the problematic domain (ftlegal.net 25)..."could not open connection." I also tried to send email from telnet and it hangs in the queue as well.

I was on the phone with my ISP for a couple of hours over the last 2 days and they swear all is correct and they are able to send email to them as well as tracert using the same DNS servers I am pointing to so I am not sure where they would have the route messed up. it seems like it's from me to them but I don't have problems with anyone else. MX records are all good too as far as I can tell.
0
 
snurkerCommented:
Out of curiosity, have you confirmed that you are not blacklisted?
0
 
graham0502Author Commented:
wolfcamel - I keep coming back to my router as well but have talked with their tech support as well since I have everything set up properly as far as I can tell. it just baffles me as to why this is the only domain that does this. What ip info are you wanting? Thanks.
0
 
graham0502Author Commented:
Yes - not on any blacklists...confirmed that too.
0
 
snurkerCommented:
I am assuming that you have checked your DNS to confirm this domain is no where in there... correct?
0
 
snurkerCommented:
Do you use your ISP's DNS servers or something like OpenDNS?
0
 
celazkonCommented:
Are you the responsible person for managing the external gateway 66.196.245.1?
0
 
graham0502Author Commented:
Yes, I use my ISP's DNS servers and they can email/telnet to them.
0
 
snurkerCommented:
Do you get the correct IP when you do a NSLookup?

NSLOOKUP
Set query=mx
mx.remoteserver.com
0
 
graham0502Author Commented:
The external gateway is managed by our ISP but what would cause this specific domain to have a problem? It seems if there was an issue there or at my router I would be having issues all over the place.
0
 
ComsycoCommented:
Try changing your servers DNS to 4.2.2.2 (or a forwarder on your DNS) Another option setup an SMTP connector to send out via an SMTP server or MX records if you are using your ISPs SMTP already. Hope this helps.
0
 
wolfcamelCommented:
ok -
so the results above are when you tracert to 74.213.50.82 or telnet to 74.213.50.82 port 25
0
 
graham0502Author Commented:
nslookup is all good on the mx record ip
0
 
graham0502Author Commented:
wolfcamel - 74.213.50.82
0
 
graham0502Author Commented:
comsyco - I am using the default virtual SMTP connector on my SBS 2003 server. What will changing my DNS server to point to 4.2.2.2 do instead of my ISP's DNS servers?
0
 
wolfcamelCommented:
it must be some sort of issue with your isp - i would send them a screen capture of the tracert as this show the trace getting out of your router to the isp - i dont like the isp using 10. ip addresses as these are often used for internal networks - but that is (possibly) another issue.

in the mean time - in exchange configure it to send mail via isps smtp server - this is in many respects a better option as it can reduce your outgoing traffic if you send large emails to multiple people as it will only leave your server once and the isp will relay to the multiple recipients.
0
 
ComsycoCommented:
4.2.2.2 is another DNS server if you ISP isn't updating the MX records or their routing is off changing your server to resolve names on another DNS server should hopefully help.

Does your ISP provide SMTP servers that you can use to relay emails?
0
 
wolfcamelCommented:
if you dont know where to do this..
smtp connection properties, general, forward all mail through this connector to the following smart hosts - put your isps smtp server in here.
0
 
wolfcamelCommented:
dns is obviously ok as it is resolving the correct ip
0
 
graham0502Author Commented:
I am calling my ISP now to see if they can give me their SMTP server info. Will I need to restart exchange after changing this?
0
 
ComsycoCommented:
no should be instant and will update any in the queues as well.
0
 
snurkerCommented:
wow... This is a lot of work for 1 domain.

If you setup the smarthost for all mail, then you will push all of your mail through this connector for just an issue with 1 domain. I cannot recommend setting up a smarthost for just this.

Did this just start or has it always been this way?
0
 
graham0502Author Commented:
Snurker - I agree, but it's a crucial domain that we need to send email to. Actually, it was working fine as of about a month ago and then stopped for whatever reason. I am beyond frustrated with this.
0
 
snurkerCommented:
Read my previous. Specify just that domain in the addresses tab.
0
 
snurkerCommented:
Also out of curiosity... you have confirmed that they have not blacklisted you on their servers... right?
0
 
graham0502Author Commented:
Snurker - I have also spoken directly with the problem domain's IT guy and they are not blocking us in any way nor are we on a blacklist anywhere that I can see.

Are you referring to the Address Space tab on the Small Business Server SMTP connector? Do I still select the forward all mail through this connector on the general tab? Sorry, but I haven't done this before and want to make sure I am doing the right thing.
0
 
snurkerCommented:
Yes. and Yes.

You will want to have it forward all mail to the smarthosts and delete the * under address space and add just that domain.
0
 
graham0502Author Commented:
Thanks - I will try that as soon as I get my ISP's SMTP server info and let you know.
0
 
graham0502Author Commented:
Another question - If I select to forward all mail thru my ISP's smarthost and then just specify the problem domain in the address tab, how is the rest of my mail being routed? I only have one SBS SMTP Connector set up with one virtual SMTP server.
0
 
snurkerCommented:
You created a new Connector correct? Once completed you should have 2. 1 for the smart host domain and 1 for the remaining traffic.
0
 
graham0502Author Commented:
I haven't done anything yet - waiting to hear from my ISP but that answers my question. I figured I needed to create another connector...just verifying. Thanks - if this works as a workaround I will be completely satisfied with that. I assume I need to get a full server name from my ISP and not an IP??
0
 
graham0502Author Commented:
All is fixed now by re-routing just that problematic domain thru our ISP's SMPT server. Thank you all for your help!
0
All Courses

From novice to tech pro — start learning today.