Solved

Verizonwireless not accepting emails.

Posted on 2013-05-14
29
368 Views
Last Modified: 2013-07-01
I have a windows 2008 R2 VM running Exchange 2010 std.

Email flow is working perfectly with the exception of verizonwireless.com. They just wont' accept our email.  This is the error from the mail queue. I'm so fed up with this.  I even called Microsoft and they had no answer. their answer was "It's either your ISP or your Smoothwall". so yesterday I removed the smoothwall from the network and problem still there.  ISP, of course, says "nope not us".

any ideas on this?

error:

451 4.4.0 primary target IP address responded with: "554 vanguard.verizonwireless.com." Attempted failover to alternate host, but that did not succeed. Either there are no alternate hosts, or delivery failed to all alternate hosts.
0
Comment
Question by:Anthony H.
  • 17
  • 12
29 Comments
 

Author Comment

by:Anthony H.
Comment Utility
I'ts not DNS, MX, Reverse DNS, or SPF.  all those have been checked off.
0
 
LVL 15

Expert Comment

by:weinberk
Comment Utility
I'm seeing two mx servers for verizonwireless.com:
verizonwireless.com     MX preference = 5, mail exchanger = pluto.verizonwireless.com
verizonwireless.com     MX preference = 5, mail exchanger = orion.verizonwireless.com

Is that what you're showing from your exchange server too.

I do not know where vanguard fits into the mix.

Here's an EX07 article that talks about your problem: http://support.microsoft.com/kb/951291
worth a shot?

Can you telnet to port 25 of whatever you're showing as the destination?
0
 

Author Comment

by:Anthony H.
Comment Utility
I can telnet from multiple locations, except site where the connection is refused.  Our IP/domain is not blacklisted either, so that's not it.

I'm running exc 2010 not 2007.
0
 
LVL 15

Expert Comment

by:weinberk
Comment Utility
Wait, so you can not telnet from the exchange box to port 25 of vanguard.verizonwireless.com?

Also, please see my questions about what MX records you show.
0
 

Author Comment

by:Anthony H.
Comment Utility
no, I cannot telnet to orion or pluto.verizonwireless.com.  But from other networks I CAN.

The exchange server error message has the "vanguard.verizonwireless.com" record.  But if I look up verizonwireless.com I get orion and pluto as you did.

I'm thinking I may be blacklisted with them. although I already explored that option. I'm going to try to change the public IP on the firewall and attempt telneting into pluto.... again see if that makes any different. maybe we're not listed on a blacklists but they're blocking our IP.
0
 

Author Comment

by:Anthony H.
Comment Utility
so I changed the ip address on the firewall - same results. so they're not blocking a specific IP address (vwz).
0
 
LVL 15

Expert Comment

by:weinberk
Comment Utility
Do the machines that you can telnet from go through that same firewall?

Did you try telnetting from the exchange box as soon as you changed the public ip, or did you go through exchange first?  VZ might be blocking the new IP because it's not a valid sender IP for your domain as defined by a SPF record or something.  Or maybe you don't have reverse dns setup for the new ip?  Maybe once their inbound array sees that happen then it blocks the IP?
0
 

Author Comment

by:Anthony H.
Comment Utility
no, I tried to telnet first and then send an email through exchange. telnetting didn't work and exchange didn't work.
0
 
LVL 15

Expert Comment

by:weinberk
Comment Utility
So maybe they're blocking your IP range?

I assume that you're talking about having changed the PUBLIC ip range on the firewall?

(you skipped some of my other questions)
Did the machines that you were able to telnet from use the same public IP?

Does your domain have an SPF record?  Candidly, I'm not sure how that could come into play with a changed public IP, but maybe VZ is doing some kind of filtering on that to block a range).
0
 

Author Comment

by:Anthony H.
Comment Utility
yes changed the public ip range on the firewall.

yes, machines on same public IP.

yes, my domain has SPF record, PTR, greeting fqdn ok, dns ok.
0
 
LVL 15

Expert Comment

by:weinberk
Comment Utility
Wait, so you can telnet from workstations using the same public IP to port 25 of the vz smtp server, but you can't telnet from your exchange box vz?
0
 

Author Comment

by:Anthony H.
Comment Utility
No. I Cannot telnet from any computer or server on the network.
0
 
LVL 15

Accepted Solution

by:
weinberk earned 500 total points
Comment Utility
Ah, ok.  I misread a previous post.

If you can't telnet from your network to their port 25, that only one of three things that I can think of:
1) your firewall is blocking that specific host
2) your ISP or somewhere along the way is blocking it (we know it's not blocking port 25 everywhere or you'd have bigger problems)
3) or, and most likely, vz doesn't like you.


Assuming it's #3, the question becomes why and how aggressively.  It sound like they're blocking a range.  Could it be because the next block of addresses after yours are sending spam?  There's no way of telling, but maybe check IP addresses above and below yours at various blacklists?

Can you try temporarily using another ISP altogether (like a cellular modem or a backup line)?
0
 

Author Comment

by:Anthony H.
Comment Utility
actually, you're on the right path.  Charter is giving me a new set of static IP's and I'm reconfiguring the firewall and repointing the email server to the new IP, new PTR records, etc...

really crossing my fingers. And yes, I agree with your theories listed above.
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 
LVL 15

Expert Comment

by:weinberk
Comment Utility
Take a look at http://www.senderbase.org/

It's a Cisco site.  Some anti spam systems use their database (we do and love it).  Even if VZ doesn't, it can give you some idea as to how your domain and sending IP's reputation appears to recipient servers.  it also has a listing of some of the blacklists.
0
 

Author Comment

by:Anthony H.
Comment Utility
oh wow. great tool.  looks like an IP close to my range is being blacklisted. could that be the culprit?
0
 
LVL 15

Expert Comment

by:weinberk
Comment Utility
Who knows?  We wouldn't run our antispam system like that, but VZ is a giant and doesn't have the time to mess around....

With Cable Internet providers, we've found that lots of times business customers get assigned an IP block that was previous in a residential DHCP range.  Sometimes antispam systems block those ranges (We do) and aren't updated frequently enough.
0
 

Author Comment

by:Anthony H.
Comment Utility
we're changing the IP range on Friday. will let you know.
0
 

Author Comment

by:Anthony H.
Comment Utility
got a whole new set of IP's and problem persists... scratching my head now.   i'll have to get a hold of Verizon. hah wish me luck!
0
 
LVL 15

Expert Comment

by:weinberk
Comment Utility
How about if you VPN out from a workstation to another location on a different network (something other than charter)?  Can you telnet to port 25 then?  Also, are you able to telnet to pluto.verizonwireless.com port 25?  That's what we're showing would be the primary server based on the mx record.
0
 

Author Comment

by:Anthony H.
Comment Utility
Yes. I can connect through my phone and I can telnet fine. from any location I can telnet except from this network.  No I could not telnet to pluto.

maybe the router? remember I completely removed the firewall once already.
0
 
LVL 15

Expert Comment

by:weinberk
Comment Utility
OK, how about if you (just for a second) have your exchange server do an outbound vpn before trying to telnet (or tether through your phone)?

Know anyone else on charter?  Could charter either be blocking verizonwireless port 25 or vz be blocking verizon?

I suppose your router could be the issue, but why??
0
 

Author Comment

by:Anthony H.
Comment Utility
OK, how about if you (just for a second) have your exchange server do an outbound vpn before trying to telnet (or tether through your phone)? - TELNET WORKS FINE THIS WAY.

Know anyone else on charter?  Could charter either be blocking verizonwireless port 25 or vz be blocking verizon? - DON'T KNOW ANYONE ELSE USING CHARTER BUSINESS SERVICE.

I suppose your router could be the issue, but why?? - I DON'T KNOW.

I've made contact with vzw, they've opened a ticket for this issue. hopefully they can tell me why.
0
 
LVL 15

Expert Comment

by:weinberk
Comment Utility
Sure does sound like either charter's blocking your connection or VZ is rejecting you.

I guess you should try removing the firewall from the equation, but that seems like an unlikely culprit.

As a workaround, could you route mail to vz through a relay outside of your network? Not optimal, but what choice do you have?
0
 

Author Comment

by:Anthony H.
Comment Utility
Firewall already ruled out - it was completely removed.  Would it be possible to route ONLY VZ traffic through a relay? If so, how do I do that?

You think charter is blocking connection to verizonwireless.com?  OR VZ rejecting? But how? Already got a complete new range of IP's.
0
 
LVL 15

Expert Comment

by:weinberk
Comment Utility
(first let me say that this is all odd - and at this point I'm just giving possibilities which aren't particularly likely)

1) Does charter not allow port 25 access to vz?  (why they would restrict that but not others is beyond me)

2) VZ block potentials:
   a) They don't allow ANY charter ip - they incorrectly think that it's all residential and shouldn't be sending smtp messages
   b) They first blocked your exchange server with the old range.  When the new Ip range was activated, vz blocked the range immediately based on the reversed domain name or the helo or something

I can tell you that I AM able to telnet to port 25 from my residential dhcp assigned ip from comcast.


I think you might be able to set routing (getting out of my area) in Exchange to route mail destined for verizonwireless.com to another server, say one in a datacenter somewhere.  That server would need to be setup to then forward that mail onto the real smtp server.  Not pretty and should be unnecessary.  

I think you need to keep working with VZ to see why their server is rejecting connections from your ip range. (which is what the problem sounds like to me)
0
 

Author Comment

by:Anthony H.
Comment Utility
no word from vzw yet.
0
 

Author Comment

by:Anthony H.
Comment Utility
finally got a call yesterday. supposedly they will look into this on Monday june 17th.
0
 

Author Comment

by:Anthony H.
Comment Utility
Looks like it was a problem on their end. Things "magically" started working after nagging to them for a while.
0

Featured Post

Free Gift Card with Acronis Backup Purchase!

Backup any data in any location: local and remote systems, physical and virtual servers, private and public clouds, Macs and PCs, tablets and mobile devices, & more! For limited time only, buy any Acronis backup products and get a FREE Amazon/Best Buy gift card worth up to $200!

Join & Write a Comment

Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
Local Continuous Replication is a cost effective and quick way of backing up Exchange server data. The following article describes the steps required to configure Local Continuous Replication. Also, the article tells you how to restore from a backup…
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now