Exchange 2010 Requested #550 Requested action not taken: mailbox unavailable ##

We have our own Exchange Server (2010) installed on an Windows Small Business Server (2011).
This server used to be in our office, and everything worked fine. The server has been moved a few months ago to our datacenter and now we are having some problems.

When sending e-mail to a few domains we receive the error "Requested #550 Requested action not taken: mailbox unavailable ##".

It is not when sending to all domains, only a few that seem to be blocking our e-mails.

What can I do to troubleshoot this problem? I have sent an e-mail to verifier-feedback@port25.com, this came back with the following results:

==========================================================
Summary of Results
==========================================================
SPF check:          fail
DomainKeys check:   neutral
DKIM check:         neutral
Sender-ID check:    fail
SpamAssassin check: ham

==========================================================
Details:
==========================================================

HELO hostname:  mail.ourhostname.nl
Source IP:      82.94.167.182
mail-from:      test@ourhostname.nl

----------------------------------------------------------
SPF check details:
----------------------------------------------------------
Result:         fail (not permitted)
ID(s) verified: smtp.mailfrom=test@ourhostname.nl
DNS record(s):
    ourhostname.nl. SPF (no records)
    ourhostname.nl. 86400 IN TXT "v=spf1 a mx -all"
    ourhostname.nl. 86400 IN A 82.94.xxx.x
    ourhostname.nl. 86400 IN MX 10 mail.ourhostname.nl.
    ourhostname.nl. 86400 IN MX 20 bsmtp.leaseweb.com.
    mail.ourhostname.nl. 86400 IN A 82.94.xxx.x
    bsmtp.leaseweb.com. 3600 IN A 85.17.150.54

----------------------------------------------------------
DomainKeys check details:
----------------------------------------------------------
Result:         neutral (message not signed)
ID(s) verified: header.From=test@ourhostname.nl DNS record(s):

----------------------------------------------------------
DKIM check details:
----------------------------------------------------------
Result:         neutral (message not signed)
ID(s) verified:

NOTE: DKIM checking has been performed based on the latest DKIM specs (RFC 4871 or draft-ietf-dkim-base-10) and verification may fail for older versions.  If you are using Port25's PowerMTA, you need to use version 3.2r11 or later to get a compatible version of DKIM.

----------------------------------------------------------
Sender-ID check details:
----------------------------------------------------------
Result:         fail (not permitted)
ID(s) verified: header.From=test@ourhostname.nl DNS record(s):
    ourhostname.nl. SPF (no records)
    ourhostname.nl. 86400 IN TXT "v=spf1 a mx -all"
    ourhostname.nl. 86400 IN A 82.94.xxx.xxx
    ourhostname.nl. 86400 IN MX 10 mail.ourhostname.nl.
    ourhostname.nl. 86400 IN MX 20 bsmtp.leaseweb.com.
    mail.ourhostname.nl. 86400 IN A 82.94.xxx.xxx
    bsmtp.leaseweb.com. 3600 IN A 85.17.150.54

----------------------------------------------------------
SpamAssassin check details:
----------------------------------------------------------
SpamAssassin v3.3.1 (2010-03-16)

Result:         ham  (-1.9 points, 5.0 required)

 pts rule name              description
---- ---------------------- --------------------------------------------------
-0.0 T_RP_MATCHES_RCVD      Envelope sender domain matches handover relay
                            domain
-1.9 BAYES_00               BODY: Bayes spam probability is 0 to 1%
                            [score: 0.0000]
 0.0 HTML_MESSAGE           BODY: HTML included in message


It seems like I have to set an SPF record, but we already have this record;    
ourhostname.nl. 86400 IN TXT "v=spf1 a mx -all"

Any help is very much appreciated!
LVL 6
ingriTAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

PapertripCommented:
First off I want to say that since you edited your original question, the answer I'm about to give is now impossible to determine from the info provided.  I got an expert alert in my mail with your original question that was unedited, so in the future you should provide your domain info so that we can properly assist you.

The IP you are sending from (82.94.167.182) is not listed in your SPF record.  Even though you have the MX mechanism in your record, the outgoing IP of mail.ourhostname.nl does not match what you have as an A record for mail.ourhostname.nl, so it is not included in your SPF record.

All that needs to be in your SPF record is the sending IP(s) of your outgoing server(s).  You do not need to use the MX mechanism in your record unless your incoming mail server IP's also send mail.  

If the Source IP listed in your question is your only sending IP, then your SPF record should be:
"v=spf1 ip4:82.94.167.182 -all"

Open in new window


If bsmtp.leaseweb.com also sends mail for you, then adding the MX mechanism (as opposed to the actual IP) is recommended since I'm guessing you do not control DNS for leaseweb.com

"v=spf1 mx ip4:82.94.167.182 -all"

Open in new window

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ingriTAuthor Commented:
Thank you very much for your reponse!

If I have two IP's that may send the e-mail, should the record be like this then?

"v=spf1 ip4:82.94.167.182 ip4:82.94.205.9 -all"

Open in new window



bsmtp.leaseweb.com doesn't send our mail, we use this to retrieve our mail when our own mailserver was unavailable for some reason.
0
PapertripCommented:
Woops I usually put a 2 IP example, but yes you are correct!
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

ingriTAuthor Commented:
Oké, and I'm sorry for all the n00b questions, but why don't I need the mx and the a parameter anymore?
0
PapertripCommented:
Woops I didn't see the "a" mechanism at first (wasn't awake long), but it is also extraneous.  The "a" mechanism says that whatever your sending server's hostname resolves to is a valid sender, and the "mx" mechanism says that all MX records for the sending domain are valid senders.  In the end all these end up doing is requiring additional DNS lookups for each mechanism that is not an IP.  Most senders can get away with having a simple SPF record (like you have with 2 ip4 mechanisms), and that is the simplest and best approach.

If for example you could control the SPF record of your domain, but not the A or MX records for it, then you would use the "a" and "mx" mechanisms since the IP's could change for those A records (out of your control) without you knowing it and therefore making your record invalid.

http://www.ietf.org/rfc/rfc4408.txt

5.3.  "a"

   This mechanism matches if <ip> is one of the <target-name>'s IP
   addresses.

   A                = "a"      [ ":" domain-spec ] [ dual-cidr-length ]

   An address lookup is done on the <target-name>.  The <ip> is compared
   to the returned address(es).  If any address matches, the mechanism
   matches.

5.4.  "mx"

   This mechanism matches if <ip> is one of the MX hosts for a domain
   name.

   MX               = "mx"     [ ":" domain-spec ] [ dual-cidr-length ]

   check_host() first performs an MX lookup on the <target-name>.  Then
   it performs an address lookup on each MX name returned.  The <ip> is
   compared to each returned IP address.  To prevent Denial of Service
   (DoS) attacks, more than 10 MX names MUST NOT be looked up during the
   evaluation of an "mx" mechanism (see Section 10).  If any address
   matches, the mechanism matches.
0
ingriTAuthor Commented:
Thanks!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.