Solved

Email NDR Help

Posted on 2013-10-22
40
611 Views
Last Modified: 2013-10-29
Hi everyone,

I need some help with an email problem.

I setup SBS 2011 (with Exchange 2010) about 6 weeks ago. Everything is working great and I am not having any problems.

I have 1 person and 1 person only that we used to be able to send emails to, that are now resulting in an NDR and are not being delivered.

I posted a question about DNS settings and Sembee made sure everything I was doing is correctly setup and it is.

So, now I am posting the NDR to see if anyone can provide me with help on figuring out why emails to this person cannot go through. FYI, when I send to this person from gmail they go right through.

************************************************
Reporting-MTA: dns;xxxxSRVR.dnsw.local
Received-From-MTA: dns;doctorssupplementstore.com
Arrival-Date: Fri, 11 Oct 2013 21:48:59 +0000

Final-Recipient: rfc822;drxxxxx@drxxxxx.com
Action: delayed
Status: 4.4.7
Diagnostic-Code: smtp;400 4.4.7 Message delayed
Will-Retry-Until: Sun, 13 Oct 2013 16:48:59 -0500
X-Display-Name: drxxxxx@drxxxxx.com
*************************************************

Thank you!
0
Comment
Question by:GenesisTech
  • 18
  • 11
  • 7
  • +1
40 Comments
 
LVL 14

Expert Comment

by:Ben Hart
ID: 39591231
Do you get this NDR sending mail to another user at the same destination domain?

I did an SMTP test from MXtoolbox.com and got this:

smtp:24.182.228.74   Monitor This    smtp  
Register for a Free MxToolBox Account for access to more features.
220 remote.doctorssupplementstore.com Microsoft ESMTP MAIL Service ready at Tue, 22 Oct 2013 09:44:25 -0500

Test      Result      
      SMTP Reverse DNS Mismatch      Warning - Reverse DNS does not match SMTP Banner       More Info
      SMTP Transaction Time      8.128 seconds - Not good! on Transaction Time       More Info
      SMTP Reverse Banner Check      OK - 24.182.228.74 resolves to 24-182-228-74.static.stls.mo.charter.com
      SMTP TLS      OK - Supports TLS.      
      SMTP Connection Time      0.733 seconds - Good on Connection time      
      SMTP Open Relay      OK - Not an open relay.      
Session Transcript:


Looks to me they have a configuration issue that could easily cause a delivery delay.
0
 
LVL 14

Expert Comment

by:Ben Hart
ID: 39591237
I get the same results on both of their MX records: mail and dnswmail.doctorssupplementstore.com
0
 

Author Comment

by:GenesisTech
ID: 39591249
More complete NDR:

Received: from xxxxSRVR.xxxx.local ([fe80::196b:a37:66ff:e025]) by xxxxSRVR.xxxx.local ([fe80::196b:a37:66ff:e025%11]) with mapi id 14.01.0438.000; Fri, 11 Oct 2013 16:48:59 -0500 From: Dave XXXXX To: "drxxxxx@drxxxxx.com" Subject: RE: Brevail Thread-Topic: Brevail Thread-Index: AQHOxoKR1z0SFZUlwk6k0dPUUqBZIpnwCkaw Date: Fri, 11 Oct 2013 21:48:58 +0000 Message-ID: <1046A2449B4234488ADFB19E004777FB3E9A67@xxxxSRVR.xxxx.local> References: <1036759996-1381496728-cardhu_decombobulator_blackberry.rim.net-1930398418-@b16.c13.bise6.blackberry> In-Reply-To: <1036759996-1381496728-cardhu_decombobulator_blackberry.rim.net-1930398418-@b16.c13.bise6.blackberry> Accept-Language: en-US Content-Language: en-US X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 04 X-MS-Exchange-Organization-AuthSource: xxxxSRVR.xxxx.local X-MS-Has-Attach: X-MS-Exchange-Organization-SCL: -1 X-MS-TNEF-Correlator: x-ms-exchange-organization-originalsize: 5593 x-ms-exchange-organization-originalarrivaltime: 11 Oct 2013 21:48:58.7627 (UTC) x-ms-exchange-organization-messagesource: StoreDriver x-ms-exchange-organization-messagedirectionality: Originating x-ms-exchange-forest-messagescope: 00000000-0000-0000-0000-000000000000 x-ms-exchange-organization-messagescope: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Organization-BCC: x-ms-exchange-organization-originalclientipaddress: 192.168.XXX.XXX x-originating-ip: [192.168.XXX.XXX] x-ms-exchange-organization-originalserveripaddress: fe80::196b:a37:66ff:e025%11 x-ms-exchange-organization-messagelatency: SRV=xxxxSRVR.xxxx.local:TOTAL=0 x-ms-exchange-organization-hygienepolicy: Standard x-ms-exchange-organization-recipient-limit-verified: True x-ms-exchange-organization-processed-by-journaling: Journal Agent Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-MS-Exchange-Organization-ContentConversionOptions: False;00160000;True;;iso-8859-1 X-MS-Exchange-Organization-MessageLatencyInProgress: LSRV=xxxxSRVR.xxxx.local:TOTAL=0;2013-10-11T21:48:59.461Z
0
 

Author Comment

by:GenesisTech
ID: 39591257
ubadmin

Thank you for your response.

I AM Doctors Supplement Store.

Do I have something setup wrong?
0
 

Author Comment

by:GenesisTech
ID: 39591261
Do you want me to try and send to a different user at the destination domain?
0
 
LVL 14

Assisted Solution

by:Ben Hart
Ben Hart earned 166 total points
ID: 39591297
Ahh ok.  Yes it looks like your end needs a correct SMTP Banner, take a look here: http://social.technet.microsoft.com/Forums/exchange/en-US/fdbc68de-8ad9-4eae-963b-5ded5c5849ca/reverse-dns-does-not-match-smtp-banner

Yes can you test with another user at the same destination domain?  If you get the same NDR then I'd bet $5 they are delaying delivery because of the banner mismatch.
0
 

Author Comment

by:GenesisTech
ID: 39591452
Awesome link - looks like this may be the problem.

Let me implement the changes and report back as to whether this fixed the problem.

Thanks!
0
 
LVL 39

Expert Comment

by:footech
ID: 39591510
The SMTP banner tests from services like MXToolbox will not correctly report a problem with Exchange 2007, 2010, 2013.  This is because they test the receive connector.  It is the send connector that you need to be concerned about.  To test the outbound SMTP banner, you can use the info on the following link.
http://cbl.abuseat.org/helocheck.html
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39591522
The tests from MX Toolbox and the like are giving you false results.
They are making an inbound connection attempt and are then presuming that the same banner is used for outbound email. With Exchange 2007 and higher that is not the case.

The only FQDN that matters is the one on the SEND Connector. That means you cannot pass the Reverse DNS test on sites like MX Toolbox.

To see what banner the rest of the world will see when you send email, use the technique outlined on this page:

http://cbl.abuseat.org/helocheck.html

The NDR that you posted isn't really an NDR - it is just a delay message and has nothing of any use for diagnostics on it. You need to look in the queue viewer to see if the remote site is rejecting your message for another reason - it will say there. It could be that you are blacklisted but the remote server isn't rejecting the message outright, but giving you a chance to get off the blacklist.

Simon.
0
 

Author Comment

by:GenesisTech
ID: 39591713
Simon -

You said ... "You need to look in the queue viewer to see if the remote site is rejecting"

Can you give me the steps for Exchange 2010 and I will post what I find?

Thanks!
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39591732
Queue viewer is in the toolbox within EMC.

Or in Run, enter the following:
%ProgramFiles%\Microsoft\Exchange Server\V14\Bin\Exchange Queue Viewer.msc

Simon.
0
 
LVL 14

Expert Comment

by:Ben Hart
ID: 39592144
Good call Simon.  I've always configured my servers to never show an error on MxToolbox, even if it is false to some extent.
0
 

Author Comment

by:GenesisTech
ID: 39592186
Simon,

I am in the viewer and can see the "delayed" message. Where do you want me to go to get information about why it is delayed? Into the properties?
0
 

Author Comment

by:GenesisTech
ID: 39592194
I see a lot of talk about connectors.

Since I am using SBS 2011 (wizards) and I set up my domain using a .Local setup, there is a very good chance that my FQDN is wrong in my connectors.

Can someone tell me where I should look?
0
 

Author Comment

by:GenesisTech
ID: 39592205
Simon,

I followed the instructions at abuseat and here is what I got back. I suspect this is where my problem is. I don't think it should be responding with "remote.doctorssupplementstore.com". I think this is what SBS server put in. Should this be changed?

**********************************************************
Diagnostic information for administrators:

Generating server: DNSWSRVR.dnsw.local

helocheck@helocheck.abuseat.org
helocheck.abuseat.org #550 *** The HELO for IP address 24.182.228.74 was 'remote.doctorssupplementstore.com' (valid syntax) *** ##

Original message headers:

Received: from DNSWSRVR.dnsw.local ([fe80::196b:a37:66ff:e025]) by
 DNSWSRVR.dnsw.local ([fe80::196b:a37:66ff:e025%11]) with mapi id
 14.01.0438.000; Tue, 22 Oct 2013 14:38:22 -0500
From: David Lockwood <DLockwood@doctorssupplementstore.com>
To: "'helocheck@helocheck.abuseat.org'" <helocheck@helocheck.abuseat.org>
Subject: Test
Thread-Topic: Test
Thread-Index: Ac7PXkLOFjVtip3ZR7aySrrFM4WRpw==
Date: Tue, 22 Oct 2013 19:38:21 +0000
Message-ID: <1B4EDF1EE5ECDC438447502545DBE0491E5369@DNSWSRVR.dnsw.local>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [192.168.1.100]
Content-Type: multipart/related;
      boundary="_004_1B4EDF1EE5ECDC438447502545DBE0491E5369DNSWSRVRdnswlocal_";
      type="multipart/alternative"
MIME-Version: 1.0
0
 
LVL 39

Expert Comment

by:footech
ID: 39592255
That SMTP banner is fine.  A problem I see is that a reverse lookup of the IP does not resolve back to "remote.doctorssupplementstore.com".  Your PTR record for that IP needs to be changed with your ISP.
0
 
LVL 14

Expert Comment

by:Ben Hart
ID: 39592263
Check this: http://www.petenetlive.com/KB/Article/0000327.htm

Also verify what your MX records should be.
0
 
LVL 39

Expert Comment

by:footech
ID: 39592270
If you want to change your SMTP banner to something else for whatever reason (for example, "mail.doctorssupplementstore.com"), then you need an A record for "mail.doctorssupplementstore.com" pointing at the IP you're sending mail from, and a PTR record for that IP which points back at "mail.doctorssupplementstore.com".
0
 

Author Comment

by:GenesisTech
ID: 39592320
gentlemen,

This is getting rather confusing. Can we simplify it some?

Here is some more info for you.....

My DNS is hosted by GoDaddy and I do not think they let me set PTR records.

I currently have 2 MX records as follows:
Priority      Host      Points To      TTL
0      @      dnswmail.doctorssupplementstore.com      1 Hour
1      @      mail.doctorssupplementstore.com      1 Hour

Then I have A records as follows:
dnswmail      24.182.228.74      1 Hour
mail      24.182.228.74      1 Hour
remote      24.182.228.74      1 Hour

What do I need to do to fix my problem?

Thanks,
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 14

Expert Comment

by:Ben Hart
ID: 39592334
Remove the remote host.  And which hostname is on your banner or your Send Connector, dnswmail or mail?  Set whichever one that's on your server to the primary.
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 167 total points
ID: 39592362
I will have to disagree about removing the "remote" host.
SBS 2011 wants to use remote.example.com everywhere, that is what the wizards will have configured and it will be throughout the Exchange configuration.
You would be best off switching to that, not using mail at all, as that will keep everything as SBS wants and allow you to follow any examples.

That is why your SMTP banner is remote, and could well be why some email isn't being delivered.

The record that I think is causing the problems is dnswmail - that should be removed. Change the mail to remote.

Do you have a UC type SSL certificate or a single name certificate?
If single name, while in the GoDaddy system, add an SRV record for Autodiscover.

http://semb.ee/srv

On the subject of clearing the MXTOOLBOX error - if you do that by changing the receive connector, that can interfere with communications with other Exchange servers (in a migration), will throw errors and could get corrected at another time by an Exchange update or the SBS wizards.

Simon.
0
 
LVL 14

Expert Comment

by:Ben Hart
ID: 39592373
Hmm reason #42 why I won't use SBS ever.
0
 
LVL 39

Assisted Solution

by:footech
footech earned 167 total points
ID: 39592378
All your MX records point to the same IP.  What you choose for your SMTP banner has no relation to anything to do with your MX records.

For simplicity's sake, there is no reason to change your SMTP banner on the send connector, you can leave it at "remote.doctorssupplementstore.com".
Your ISP is NOT GoDaddy.  From the current PTR record I would say that it is Charter.  Contact them and have them change the PTR record for your IP to "remote.doctorssupplementstore.com".
0
 

Author Comment

by:GenesisTech
ID: 39592396
Simon,

Change them in the MX or A records?
0
 

Author Comment

by:GenesisTech
ID: 39592413
Simon,

Here is what is in my DNS now...

I currently have 1 MX records as follows:
Priority      Host      Points To      TTL
0      @      remote.doctorssupplementstore.com      1 Hour

Then I have 1 A record as follows:
remote      24.182.228.74      1 Hour

Is this correct?
0
 
LVL 39

Expert Comment

by:footech
ID: 39592436
That will work just fine.
Now just contact your ISP and have them change your PTR record.
0
 

Author Comment

by:GenesisTech
ID: 39592527
footech,

As I stated before, my DNS is managed by GoDaddy.

You are correct that my ISP is Charter, but my DNS records are managed by GoDaddy and you cannot set a PTR record with them. I have created an SPF record.

At this point do I need to do anything  else?
0
 
LVL 39

Expert Comment

by:footech
ID: 39592550
It doesn't matter that your DNS is managed by GoDaddy.  Your PTR record is (generally) managed by the entity which leases your IP to you.  In your case that would be Charter.  So you need to contact Charter to get the PTR record changed.
0
 

Author Comment

by:GenesisTech
ID: 39592567
OK. I will contact Charter.

When I speak to them, what do I tell them in terms of configuring it?
0
 
LVL 39

Expert Comment

by:footech
ID: 39592587
1) Which IP the record is for; and
2) What FQDN it should refer to (in your case "remote.doctorssupplementstore.com")
0
 
LVL 39

Expert Comment

by:footech
ID: 39592595
Just as an FYI - as you are finding out, different companies filter incoming email based on different criteria.  Some don't care about a PTR, some only care if a PTR record exists for the IP you're sending from but don't care what it is set to, others check if the name referenced by PTR points back at the same IP (this is know as forward-confirmed reverse DNS), some don't care what the SMTP banner is set to, for others the SMTP banner must be valid and match the PTR record, etc., etc.
0
 

Author Comment

by:GenesisTech
ID: 39592613
Charter has now set my PTR record.

Now what? Wait 3 days and try to send email to that address again?
0
 
LVL 39

Expert Comment

by:footech
ID: 39592645
It all depends on how long various servers cache DNS records, but I would say most will have it updated in 24 hours, and some in less.
0
 

Author Comment

by:GenesisTech
ID: 39592663
I will try to email tomorrow and see if it goes through.

Thanks until tomorrow!
0
 

Author Comment

by:GenesisTech
ID: 39600662
Thank you everyone for your help. I think we have straightened out a lot of my DNS records and issues, but the problem does not seem to fixed. In fairness to all of you, I am accepting 3 answers that helped me the most in "fixing" my DNS.

I will now post the full NDR record in a new questions and try again to resolve the issue.

Thanks again!
0
 
LVL 39

Expert Comment

by:footech
ID: 39600799
I don't want to make too big a deal about it, but I really disagree with the way this was closed.
The accepted answer by ubadmin is in fact false, as I explained in my post http:#a39591510 along with information on how to really test the SMTP banner that is sent out, information that was echoed by Sembee2 in the following post.
Then I pointed out that your existing SMTP banner was fine, again backed up by Sembee2 in http:#a39592362.
Then I helped with getting your PTR record configured correctly.
All that and not even an assist?  C'mon!
I won't for a second hesitate to acknowledge that Simon is far more knowledgeable about Exchange than I am, but the points distribution hardly seems fair.  Sometimes I am awarded points that I didn't deserve, and sometimes the opposite is true, so I figure it all balances out, but this is a time where I felt it needed to be pointed out.

Just something to keep in mind in the future.
0
 

Author Comment

by:GenesisTech
ID: 39605582
footech,

Please accept a SINCERE apology from me and forgive me for my "rookie" distribution of the points.

Honestly I was (am still am) very confused by most of the answers. I did my best to follow all of the instructions to try and get everything setup correctly and then "tried" to go back and distribute points to the people that had put in effort to help me. Obviously I blew it.

Is there a way to adjust the points now and make it right? I really do want all the people who put in real effort to help me to earn some points.

Thanks - David
0
 
LVL 39

Expert Comment

by:footech
ID: 39606208
Hi David,

I appreciate your taking the time to respond, and the apology.  As I said, I don't want to make a big deal about it.  In my mind the matter is settled without any hard feelings in the slightest.  If you ever want to re-assign points the only way to do so is to request attention to the question so that the moderators can assist.  I'm not feeling any great need for that though.

If you're ever confused about some of the answers you get, please post back about specific parts that you don't understand (I know it can be difficult when you're receiving conflicting advice).  Most experts will be glad to try to clarify.

Cheers!
0
 

Author Closing Comment

by:GenesisTech
ID: 39609069
Gentlemen (ubadmin, footech, & sembee2),
Thank you again for all of your help on this issue. You all contributed to me achieving 2 very important things.
(1) I am now quit sure my dns records are all correct.
(2) I ultimately resolved the issue and mail is now flowing again to the 1 domain that was blocked.

FYI, it turned out that the user was hosted at GoDaddy and they had blocked my IP even though it was not sending an NDR back to me.

Thanks again!
0

Featured Post

Free book by J.Peter Bruzzese, Microsoft MVP

Are you using Office 365? Trying to set up email signatures but you’re struggling with transport rules and connectors? Let renowned Microsoft MVP J.Peter Bruzzese show you how in this exclusive e-book on Office 365 email signatures. Better yet, it’s free!

Join & Write a Comment

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now