Solved

Exchange 2010 Requested #550 Requested action not taken: mailbox unavailable ##

Posted on 2012-03-27
6
2,323 Views
Last Modified: 2012-03-27
We have our own Exchange Server (2010) installed on an Windows Small Business Server (2011).
This server used to be in our office, and everything worked fine. The server has been moved a few months ago to our datacenter and now we are having some problems.

When sending e-mail to a few domains we receive the error "Requested #550 Requested action not taken: mailbox unavailable ##".

It is not when sending to all domains, only a few that seem to be blocking our e-mails.

What can I do to troubleshoot this problem? I have sent an e-mail to verifier-feedback@port25.com, this came back with the following results:

==========================================================
Summary of Results
==========================================================
SPF check:          fail
DomainKeys check:   neutral
DKIM check:         neutral
Sender-ID check:    fail
SpamAssassin check: ham

==========================================================
Details:
==========================================================

HELO hostname:  mail.ourhostname.nl
Source IP:      82.94.167.182
mail-from:      test@ourhostname.nl

----------------------------------------------------------
SPF check details:
----------------------------------------------------------
Result:         fail (not permitted)
ID(s) verified: smtp.mailfrom=test@ourhostname.nl
DNS record(s):
    ourhostname.nl. SPF (no records)
    ourhostname.nl. 86400 IN TXT "v=spf1 a mx -all"
    ourhostname.nl. 86400 IN A 82.94.xxx.x
    ourhostname.nl. 86400 IN MX 10 mail.ourhostname.nl.
    ourhostname.nl. 86400 IN MX 20 bsmtp.leaseweb.com.
    mail.ourhostname.nl. 86400 IN A 82.94.xxx.x
    bsmtp.leaseweb.com. 3600 IN A 85.17.150.54

----------------------------------------------------------
DomainKeys check details:
----------------------------------------------------------
Result:         neutral (message not signed)
ID(s) verified: header.From=test@ourhostname.nl DNS record(s):

----------------------------------------------------------
DKIM check details:
----------------------------------------------------------
Result:         neutral (message not signed)
ID(s) verified:

NOTE: DKIM checking has been performed based on the latest DKIM specs (RFC 4871 or draft-ietf-dkim-base-10) and verification may fail for older versions.  If you are using Port25's PowerMTA, you need to use version 3.2r11 or later to get a compatible version of DKIM.

----------------------------------------------------------
Sender-ID check details:
----------------------------------------------------------
Result:         fail (not permitted)
ID(s) verified: header.From=test@ourhostname.nl DNS record(s):
    ourhostname.nl. SPF (no records)
    ourhostname.nl. 86400 IN TXT "v=spf1 a mx -all"
    ourhostname.nl. 86400 IN A 82.94.xxx.xxx
    ourhostname.nl. 86400 IN MX 10 mail.ourhostname.nl.
    ourhostname.nl. 86400 IN MX 20 bsmtp.leaseweb.com.
    mail.ourhostname.nl. 86400 IN A 82.94.xxx.xxx
    bsmtp.leaseweb.com. 3600 IN A 85.17.150.54

----------------------------------------------------------
SpamAssassin check details:
----------------------------------------------------------
SpamAssassin v3.3.1 (2010-03-16)

Result:         ham  (-1.9 points, 5.0 required)

 pts rule name              description
---- ---------------------- --------------------------------------------------
-0.0 T_RP_MATCHES_RCVD      Envelope sender domain matches handover relay
                            domain
-1.9 BAYES_00               BODY: Bayes spam probability is 0 to 1%
                            [score: 0.0000]
 0.0 HTML_MESSAGE           BODY: HTML included in message


It seems like I have to set an SPF record, but we already have this record;    
ourhostname.nl. 86400 IN TXT "v=spf1 a mx -all"

Any help is very much appreciated!
0
Comment
Question by:ingriT
  • 3
  • 3
6 Comments
 
LVL 21

Accepted Solution

by:
Papertrip earned 500 total points
ID: 37772085
First off I want to say that since you edited your original question, the answer I'm about to give is now impossible to determine from the info provided.  I got an expert alert in my mail with your original question that was unedited, so in the future you should provide your domain info so that we can properly assist you.

The IP you are sending from (82.94.167.182) is not listed in your SPF record.  Even though you have the MX mechanism in your record, the outgoing IP of mail.ourhostname.nl does not match what you have as an A record for mail.ourhostname.nl, so it is not included in your SPF record.

All that needs to be in your SPF record is the sending IP(s) of your outgoing server(s).  You do not need to use the MX mechanism in your record unless your incoming mail server IP's also send mail.  

If the Source IP listed in your question is your only sending IP, then your SPF record should be:
"v=spf1 ip4:82.94.167.182 -all"

Open in new window


If bsmtp.leaseweb.com also sends mail for you, then adding the MX mechanism (as opposed to the actual IP) is recommended since I'm guessing you do not control DNS for leaseweb.com

"v=spf1 mx ip4:82.94.167.182 -all"

Open in new window

0
 
LVL 6

Author Comment

by:ingriT
ID: 37772219
Thank you very much for your reponse!

If I have two IP's that may send the e-mail, should the record be like this then?

"v=spf1 ip4:82.94.167.182 ip4:82.94.205.9 -all"

Open in new window



bsmtp.leaseweb.com doesn't send our mail, we use this to retrieve our mail when our own mailserver was unavailable for some reason.
0
 
LVL 21

Expert Comment

by:Papertrip
ID: 37772322
Woops I usually put a 2 IP example, but yes you are correct!
0
The problems with reply email signatures

Do you wish that you could place an email signature under a reply? Well, unfortunately, you can't. That great Exchange/Office 365 signature you've created will just appear at the bottom of an email chain. What a pain! Is there really no way to solve this? Well, there might be...

 
LVL 6

Author Comment

by:ingriT
ID: 37772336
Oké, and I'm sorry for all the n00b questions, but why don't I need the mx and the a parameter anymore?
0
 
LVL 21

Expert Comment

by:Papertrip
ID: 37772398
Woops I didn't see the "a" mechanism at first (wasn't awake long), but it is also extraneous.  The "a" mechanism says that whatever your sending server's hostname resolves to is a valid sender, and the "mx" mechanism says that all MX records for the sending domain are valid senders.  In the end all these end up doing is requiring additional DNS lookups for each mechanism that is not an IP.  Most senders can get away with having a simple SPF record (like you have with 2 ip4 mechanisms), and that is the simplest and best approach.

If for example you could control the SPF record of your domain, but not the A or MX records for it, then you would use the "a" and "mx" mechanisms since the IP's could change for those A records (out of your control) without you knowing it and therefore making your record invalid.

http://www.ietf.org/rfc/rfc4408.txt

5.3.  "a"

   This mechanism matches if <ip> is one of the <target-name>'s IP
   addresses.

   A                = "a"      [ ":" domain-spec ] [ dual-cidr-length ]

   An address lookup is done on the <target-name>.  The <ip> is compared
   to the returned address(es).  If any address matches, the mechanism
   matches.

5.4.  "mx"

   This mechanism matches if <ip> is one of the MX hosts for a domain
   name.

   MX               = "mx"     [ ":" domain-spec ] [ dual-cidr-length ]

   check_host() first performs an MX lookup on the <target-name>.  Then
   it performs an address lookup on each MX name returned.  The <ip> is
   compared to each returned IP address.  To prevent Denial of Service
   (DoS) attacks, more than 10 MX names MUST NOT be looked up during the
   evaluation of an "mx" mechanism (see Section 10).  If any address
   matches, the mechanism matches.
0
 
LVL 6

Author Comment

by:ingriT
ID: 37772468
Thanks!
0

Featured Post

Too many email signature updates to deal with?

Do you feel like you are taking up all of your time constantly visiting users’ desks to make changes to email signatures? Wish you could manage all signatures from one central location, easily design them and deploy them quickly to users? Well, there is an easy way!

Join & Write a Comment

"Migrate" an SMTP relay receive connector to a new server using info from an old server.
Check out this infographic on what you need to make a good email signature that will work perfectly for your organization.
In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now