Exchange 2010 - Non Delivery Reports - Reporting-MTA isn't the same as Received-From-MTA
Posted on 2013-01-24
Getting NDR's from a few recipients on email we send out. A typical one would be:
p3pismtp01-004.prod.phx3.secureserver.net gave this error:
#5.1.0 Address rejected.
A problem occurred during the delivery of this message to this e-mail address. Try sending this message again. If the problem continues, please contact your helpdesk.
Diagnostic information for administrators:
Generating server: APAMAIL.APAOffice.org
p3pismtp01-004.prod.phx3.secureserver.net #550 #5.1.0 Address rejected. ##
Original message headers:
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=apa1224.org;
s=DKIM; t=1358985252; h=From:Subject:Date:Message-ID:To:MIME-Version
:Content-Type; bh=bxLfClczBDqfj1WjiV8pyOb4F9MqPeIvR9J9jqPL6LU=; b=nju2opf
Received: from APAMAIL.APAOffice.org ([fe80::3802:b8c6:bcc:c647]) by
apamail.APAOffice.org ([fe80::3802:b8c6:bcc:c647%11]) with mapi id
14.01.0438.000; Wed, 23 Jan 2013 18:54:12 -0500
Received-From-MTA: dns;apa1224.orgArrival-Date: Wed, 23 Jan 2013 23:54:12 +0000
Diagnostic-Code: smtp;550 #5.1.0 Address rejected.
X-Display-Name: Some One
Both the "Generating Server" and the "Reporting-MTA" show APAMAIL.APAOffice.org which is the INTERNAL local domain name of the Exchange 2010 server. The "Received-From-MTA" is apa1224.org which is our external domain name and where we have all our DNS SPF and DKIM, MX, A records setup. I thinking that some receiving email servers are doing rDNS and getting tripped up on the APAMAIL.APAOffice.org internal domain name. How can I setup Exchange 2010 to only use the External domain name which would be mail.apa1224.org?
APAOffice.org is registered as an external domain as well when we needed to get an SSL certificate that would would work with APAOffice.org for some internal uses. But I don't have any DNS pointing related to APAMail.APAOffice.org setup in it and would like to not have to duplicate the DKIM stuff there as well. A, MX, SPF records could be setup in external DNS, but the DIM might be a little tricker.
I think that all of this could be resolved if outbound email from us showed mail.apa1224.org rather than APAMail.APAOffice.org. The Send connector does have mail.apa1224.org listed as the FQDN, but we are running all Exchange 2010 roles on one server and I've seen indications that the FQDN is ignored in that case.
Anyone have a way to get APAMail.APAOffice.org converted to mail.apa1224.org in all our outbound email headers?