?
Solved

Exchange 2010 Requested #550 Requested action not taken: mailbox unavailable ##

Posted on 2012-03-27
6
Medium Priority
?
2,639 Views
Last Modified: 2012-03-27
We have our own Exchange Server (2010) installed on an Windows Small Business Server (2011).
This server used to be in our office, and everything worked fine. The server has been moved a few months ago to our datacenter and now we are having some problems.

When sending e-mail to a few domains we receive the error "Requested #550 Requested action not taken: mailbox unavailable ##".

It is not when sending to all domains, only a few that seem to be blocking our e-mails.

What can I do to troubleshoot this problem? I have sent an e-mail to verifier-feedback@port25.com, this came back with the following results:

==========================================================
Summary of Results
==========================================================
SPF check:          fail
DomainKeys check:   neutral
DKIM check:         neutral
Sender-ID check:    fail
SpamAssassin check: ham

==========================================================
Details:
==========================================================

HELO hostname:  mail.ourhostname.nl
Source IP:      82.94.167.182
mail-from:      test@ourhostname.nl

----------------------------------------------------------
SPF check details:
----------------------------------------------------------
Result:         fail (not permitted)
ID(s) verified: smtp.mailfrom=test@ourhostname.nl
DNS record(s):
    ourhostname.nl. SPF (no records)
    ourhostname.nl. 86400 IN TXT "v=spf1 a mx -all"
    ourhostname.nl. 86400 IN A 82.94.xxx.x
    ourhostname.nl. 86400 IN MX 10 mail.ourhostname.nl.
    ourhostname.nl. 86400 IN MX 20 bsmtp.leaseweb.com.
    mail.ourhostname.nl. 86400 IN A 82.94.xxx.x
    bsmtp.leaseweb.com. 3600 IN A 85.17.150.54

----------------------------------------------------------
DomainKeys check details:
----------------------------------------------------------
Result:         neutral (message not signed)
ID(s) verified: header.From=test@ourhostname.nl DNS record(s):

----------------------------------------------------------
DKIM check details:
----------------------------------------------------------
Result:         neutral (message not signed)
ID(s) verified:

NOTE: DKIM checking has been performed based on the latest DKIM specs (RFC 4871 or draft-ietf-dkim-base-10) and verification may fail for older versions.  If you are using Port25's PowerMTA, you need to use version 3.2r11 or later to get a compatible version of DKIM.

----------------------------------------------------------
Sender-ID check details:
----------------------------------------------------------
Result:         fail (not permitted)
ID(s) verified: header.From=test@ourhostname.nl DNS record(s):
    ourhostname.nl. SPF (no records)
    ourhostname.nl. 86400 IN TXT "v=spf1 a mx -all"
    ourhostname.nl. 86400 IN A 82.94.xxx.xxx
    ourhostname.nl. 86400 IN MX 10 mail.ourhostname.nl.
    ourhostname.nl. 86400 IN MX 20 bsmtp.leaseweb.com.
    mail.ourhostname.nl. 86400 IN A 82.94.xxx.xxx
    bsmtp.leaseweb.com. 3600 IN A 85.17.150.54

----------------------------------------------------------
SpamAssassin check details:
----------------------------------------------------------
SpamAssassin v3.3.1 (2010-03-16)

Result:         ham  (-1.9 points, 5.0 required)

 pts rule name              description
---- ---------------------- --------------------------------------------------
-0.0 T_RP_MATCHES_RCVD      Envelope sender domain matches handover relay
                            domain
-1.9 BAYES_00               BODY: Bayes spam probability is 0 to 1%
                            [score: 0.0000]
 0.0 HTML_MESSAGE           BODY: HTML included in message


It seems like I have to set an SPF record, but we already have this record;    
ourhostname.nl. 86400 IN TXT "v=spf1 a mx -all"

Any help is very much appreciated!
0
Comment
Question by:ingriT
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 21

Accepted Solution

by:
Papertrip earned 2000 total points
ID: 37772085
First off I want to say that since you edited your original question, the answer I'm about to give is now impossible to determine from the info provided.  I got an expert alert in my mail with your original question that was unedited, so in the future you should provide your domain info so that we can properly assist you.

The IP you are sending from (82.94.167.182) is not listed in your SPF record.  Even though you have the MX mechanism in your record, the outgoing IP of mail.ourhostname.nl does not match what you have as an A record for mail.ourhostname.nl, so it is not included in your SPF record.

All that needs to be in your SPF record is the sending IP(s) of your outgoing server(s).  You do not need to use the MX mechanism in your record unless your incoming mail server IP's also send mail.  

If the Source IP listed in your question is your only sending IP, then your SPF record should be:
"v=spf1 ip4:82.94.167.182 -all"

Open in new window


If bsmtp.leaseweb.com also sends mail for you, then adding the MX mechanism (as opposed to the actual IP) is recommended since I'm guessing you do not control DNS for leaseweb.com

"v=spf1 mx ip4:82.94.167.182 -all"

Open in new window

0
 
LVL 6

Author Comment

by:ingriT
ID: 37772219
Thank you very much for your reponse!

If I have two IP's that may send the e-mail, should the record be like this then?

"v=spf1 ip4:82.94.167.182 ip4:82.94.205.9 -all"

Open in new window



bsmtp.leaseweb.com doesn't send our mail, we use this to retrieve our mail when our own mailserver was unavailable for some reason.
0
 
LVL 21

Expert Comment

by:Papertrip
ID: 37772322
Woops I usually put a 2 IP example, but yes you are correct!
0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 
LVL 6

Author Comment

by:ingriT
ID: 37772336
Oké, and I'm sorry for all the n00b questions, but why don't I need the mx and the a parameter anymore?
0
 
LVL 21

Expert Comment

by:Papertrip
ID: 37772398
Woops I didn't see the "a" mechanism at first (wasn't awake long), but it is also extraneous.  The "a" mechanism says that whatever your sending server's hostname resolves to is a valid sender, and the "mx" mechanism says that all MX records for the sending domain are valid senders.  In the end all these end up doing is requiring additional DNS lookups for each mechanism that is not an IP.  Most senders can get away with having a simple SPF record (like you have with 2 ip4 mechanisms), and that is the simplest and best approach.

If for example you could control the SPF record of your domain, but not the A or MX records for it, then you would use the "a" and "mx" mechanisms since the IP's could change for those A records (out of your control) without you knowing it and therefore making your record invalid.

http://www.ietf.org/rfc/rfc4408.txt

5.3.  "a"

   This mechanism matches if <ip> is one of the <target-name>'s IP
   addresses.

   A                = "a"      [ ":" domain-spec ] [ dual-cidr-length ]

   An address lookup is done on the <target-name>.  The <ip> is compared
   to the returned address(es).  If any address matches, the mechanism
   matches.

5.4.  "mx"

   This mechanism matches if <ip> is one of the MX hosts for a domain
   name.

   MX               = "mx"     [ ":" domain-spec ] [ dual-cidr-length ]

   check_host() first performs an MX lookup on the <target-name>.  Then
   it performs an address lookup on each MX name returned.  The <ip> is
   compared to each returned IP address.  To prevent Denial of Service
   (DoS) attacks, more than 10 MX names MUST NOT be looked up during the
   evaluation of an "mx" mechanism (see Section 10).  If any address
   matches, the mechanism matches.
0
 
LVL 6

Author Comment

by:ingriT
ID: 37772468
Thanks!
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
A couple of months ago we ran into an issue that necessitated re-creating our Edge Subscriptions. However, when we attempted to execute the command: New-EdgeSubscription -filename C:\NewEdgeSub_01.xml we received an error indicating that the LDAP se…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question