GenesisTech
asked on
Email NDR Help
Hi everyone,
I need some help with an email problem.
I setup SBS 2011 (with Exchange 2010) about 6 weeks ago. Everything is working great and I am not having any problems.
I have 1 person and 1 person only that we used to be able to send emails to, that are now resulting in an NDR and are not being delivered.
I posted a question about DNS settings and Sembee made sure everything I was doing is correctly setup and it is.
So, now I am posting the NDR to see if anyone can provide me with help on figuring out why emails to this person cannot go through. FYI, when I send to this person from gmail they go right through.
************************** ********** ********** **
Reporting-MTA: dns;xxxxSRVR.dnsw.local
Received-From-MTA: dns;doctorssupplementstore .com
Arrival-Date: Fri, 11 Oct 2013 21:48:59 +0000
Final-Recipient: rfc822;drxxxxx@drxxxxx.com
Action: delayed
Status: 4.4.7
Diagnostic-Code: smtp;400 4.4.7 Message delayed
Will-Retry-Until: Sun, 13 Oct 2013 16:48:59 -0500
X-Display-Name: drxxxxx@drxxxxx.com
************************** ********** ********** ***
Thank you!
I need some help with an email problem.
I setup SBS 2011 (with Exchange 2010) about 6 weeks ago. Everything is working great and I am not having any problems.
I have 1 person and 1 person only that we used to be able to send emails to, that are now resulting in an NDR and are not being delivered.
I posted a question about DNS settings and Sembee made sure everything I was doing is correctly setup and it is.
So, now I am posting the NDR to see if anyone can provide me with help on figuring out why emails to this person cannot go through. FYI, when I send to this person from gmail they go right through.
**************************
Reporting-MTA: dns;xxxxSRVR.dnsw.local
Received-From-MTA: dns;doctorssupplementstore
Arrival-Date: Fri, 11 Oct 2013 21:48:59 +0000
Final-Recipient: rfc822;drxxxxx@drxxxxx.com
Action: delayed
Status: 4.4.7
Diagnostic-Code: smtp;400 4.4.7 Message delayed
Will-Retry-Until: Sun, 13 Oct 2013 16:48:59 -0500
X-Display-Name: drxxxxx@drxxxxx.com
**************************
Thank you!
I get the same results on both of their MX records: mail and dnswmail.doctorssupplement store.com
ASKER
More complete NDR:
Received: from xxxxSRVR.xxxx.local ([fe80::196b:a37:66ff:e025 ]) by xxxxSRVR.xxxx.local ([fe80::196b:a37:66ff:e025 %11]) with mapi id 14.01.0438.000; Fri, 11 Oct 2013 16:48:59 -0500 From: Dave XXXXX To: "drxxxxx@drxxxxx.com" Subject: RE: Brevail Thread-Topic: Brevail Thread-Index: AQHOxoKR1z0SFZUlwk6k0dPUUq BZIpnwCkaw Date: Fri, 11 Oct 2013 21:48:58 +0000 Message-ID: <1046A2449B4234488ADFB19E0 04777FB3E9 A67@xxxxSR VR.xxxx.lo cal> References: <1036759996-1381496728-car dhu_decomb obulator_b lackberry. rim.net-19 30398418-@ b16.c13.bi se6.blackb erry> In-Reply-To: <1036759996-1381496728-car dhu_decomb obulator_b lackberry. rim.net-19 30398418-@ b16.c13.bi se6.blackb erry> Accept-Language: en-US Content-Language: en-US X-MS-Exchange-Organization -AuthAs: Internal X-MS-Exchange-Organization -AuthMecha nism: 04 X-MS-Exchange-Organization -AuthSourc e: xxxxSRVR.xxxx.local X-MS-Has-Attach: X-MS-Exchange-Organization -SCL: -1 X-MS-TNEF-Correlator: x-ms-exchange-organization -originals ize: 5593 x-ms-exchange-organization -originala rrivaltime : 11 Oct 2013 21:48:58.7627 (UTC) x-ms-exchange-organization -messageso urce: StoreDriver x-ms-exchange-organization -messagedi rectionali ty: Originating x-ms-exchange-forest-messa gescope: 00000000-0000-0000-0000-00 0000000000 x-ms-exchange-organization -messagesc ope: 00000000-0000-0000-0000-00 0000000000 X-MS-Exchange-Organization -BCC: x-ms-exchange-organization -originalc lientipadd ress: 192.168.XXX.XXX x-originating-ip: [192.168.XXX.XXX] x-ms-exchange-organization -originals erveripadd ress: fe80::196b:a37:66ff:e025%1 1 x-ms-exchange-organization -messagela tency: SRV=xxxxSRVR.xxxx.local:TO TAL=0 x-ms-exchange-organization -hygienepo licy: Standard x-ms-exchange-organization -recipient -limit-ver ified: True x-ms-exchange-organization -processed -by-journa ling: Journal Agent Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-MS-Exchange-Organization -ContentCo nversionOp tions: False;00160000;True;;iso-8 859-1 X-MS-Exchange-Organization -MessageLa tencyInPro gress: LSRV=xxxxSRVR.xxxx.local:T OTAL=0;201 3-10-11T21 :48:59.461 Z
Received: from xxxxSRVR.xxxx.local ([fe80::196b:a37:66ff:e025
ASKER
ubadmin
Thank you for your response.
I AM Doctors Supplement Store.
Do I have something setup wrong?
Thank you for your response.
I AM Doctors Supplement Store.
Do I have something setup wrong?
ASKER
Do you want me to try and send to a different user at the destination domain?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Awesome link - looks like this may be the problem.
Let me implement the changes and report back as to whether this fixed the problem.
Thanks!
Let me implement the changes and report back as to whether this fixed the problem.
Thanks!
The SMTP banner tests from services like MXToolbox will not correctly report a problem with Exchange 2007, 2010, 2013. This is because they test the receive connector. It is the send connector that you need to be concerned about. To test the outbound SMTP banner, you can use the info on the following link.
http://cbl.abuseat.org/helocheck.html
http://cbl.abuseat.org/helocheck.html
The tests from MX Toolbox and the like are giving you false results.
They are making an inbound connection attempt and are then presuming that the same banner is used for outbound email. With Exchange 2007 and higher that is not the case.
The only FQDN that matters is the one on the SEND Connector. That means you cannot pass the Reverse DNS test on sites like MX Toolbox.
To see what banner the rest of the world will see when you send email, use the technique outlined on this page:
http://cbl.abuseat.org/helocheck.html
The NDR that you posted isn't really an NDR - it is just a delay message and has nothing of any use for diagnostics on it. You need to look in the queue viewer to see if the remote site is rejecting your message for another reason - it will say there. It could be that you are blacklisted but the remote server isn't rejecting the message outright, but giving you a chance to get off the blacklist.
Simon.
They are making an inbound connection attempt and are then presuming that the same banner is used for outbound email. With Exchange 2007 and higher that is not the case.
The only FQDN that matters is the one on the SEND Connector. That means you cannot pass the Reverse DNS test on sites like MX Toolbox.
To see what banner the rest of the world will see when you send email, use the technique outlined on this page:
http://cbl.abuseat.org/helocheck.html
The NDR that you posted isn't really an NDR - it is just a delay message and has nothing of any use for diagnostics on it. You need to look in the queue viewer to see if the remote site is rejecting your message for another reason - it will say there. It could be that you are blacklisted but the remote server isn't rejecting the message outright, but giving you a chance to get off the blacklist.
Simon.
ASKER
Simon -
You said ... "You need to look in the queue viewer to see if the remote site is rejecting"
Can you give me the steps for Exchange 2010 and I will post what I find?
Thanks!
You said ... "You need to look in the queue viewer to see if the remote site is rejecting"
Can you give me the steps for Exchange 2010 and I will post what I find?
Thanks!
Queue viewer is in the toolbox within EMC.
Or in Run, enter the following:
%ProgramFiles%\Microsoft\E xchange Server\V14\Bin\Exchange Queue Viewer.msc
Simon.
Or in Run, enter the following:
%ProgramFiles%\Microsoft\E
Simon.
Good call Simon. I've always configured my servers to never show an error on MxToolbox, even if it is false to some extent.
ASKER
Simon,
I am in the viewer and can see the "delayed" message. Where do you want me to go to get information about why it is delayed? Into the properties?
I am in the viewer and can see the "delayed" message. Where do you want me to go to get information about why it is delayed? Into the properties?
ASKER
I see a lot of talk about connectors.
Since I am using SBS 2011 (wizards) and I set up my domain using a .Local setup, there is a very good chance that my FQDN is wrong in my connectors.
Can someone tell me where I should look?
Since I am using SBS 2011 (wizards) and I set up my domain using a .Local setup, there is a very good chance that my FQDN is wrong in my connectors.
Can someone tell me where I should look?
ASKER
Simon,
I followed the instructions at abuseat and here is what I got back. I suspect this is where my problem is. I don't think it should be responding with "remote.doctorssupplements tore.com". I think this is what SBS server put in. Should this be changed?
************************** ********** ********** ********** **
Diagnostic information for administrators:
Generating server: DNSWSRVR.dnsw.local
helocheck@helocheck.abusea t.org
helocheck.abuseat.org #550 *** The HELO for IP address 24.182.228.74 was 'remote.doctorssupplements tore.com' (valid syntax) *** ##
Original message headers:
Received: from DNSWSRVR.dnsw.local ([fe80::196b:a37:66ff:e025 ]) by
DNSWSRVR.dnsw.local ([fe80::196b:a37:66ff:e025 %11]) with mapi id
14.01.0438.000; Tue, 22 Oct 2013 14:38:22 -0500
From: David Lockwood <DLockwood@doctorssuppleme ntstore.co m>
To: "'helocheck@helocheck.abus eat.org'" <helocheck@helocheck.abuse at.org>
Subject: Test
Thread-Topic: Test
Thread-Index: Ac7PXkLOFjVtip3ZR7aySrrFM4 WRpw==
Date: Tue, 22 Oct 2013 19:38:21 +0000
Message-ID: <1B4EDF1EE5ECDC43844750254 5DBE0491E5 369@DNSWSR VR.dnsw.lo cal>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [192.168.1.100]
Content-Type: multipart/related;
boundary="_004_1B4EDF1EE5E CDC4384475 02545DBE04 91E5369DNS WSRVRdnswl ocal_";
type="multipart/alternativ e"
MIME-Version: 1.0
I followed the instructions at abuseat and here is what I got back. I suspect this is where my problem is. I don't think it should be responding with "remote.doctorssupplements
**************************
Diagnostic information for administrators:
Generating server: DNSWSRVR.dnsw.local
helocheck@helocheck.abusea
helocheck.abuseat.org #550 *** The HELO for IP address 24.182.228.74 was 'remote.doctorssupplements
Original message headers:
Received: from DNSWSRVR.dnsw.local ([fe80::196b:a37:66ff:e025
DNSWSRVR.dnsw.local ([fe80::196b:a37:66ff:e025
14.01.0438.000; Tue, 22 Oct 2013 14:38:22 -0500
From: David Lockwood <DLockwood@doctorssuppleme
To: "'helocheck@helocheck.abus
Subject: Test
Thread-Topic: Test
Thread-Index: Ac7PXkLOFjVtip3ZR7aySrrFM4
Date: Tue, 22 Oct 2013 19:38:21 +0000
Message-ID: <1B4EDF1EE5ECDC43844750254
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [192.168.1.100]
Content-Type: multipart/related;
boundary="_004_1B4EDF1EE5E
type="multipart/alternativ
MIME-Version: 1.0
That SMTP banner is fine. A problem I see is that a reverse lookup of the IP does not resolve back to "remote.doctorssupplements tore.com". Your PTR record for that IP needs to be changed with your ISP.
Check this: http://www.petenetlive.com/KB/Article/0000327.htm
Also verify what your MX records should be.
Also verify what your MX records should be.
If you want to change your SMTP banner to something else for whatever reason (for example, "mail.doctorssupplementsto re.com"), then you need an A record for "mail.doctorssupplementsto re.com" pointing at the IP you're sending mail from, and a PTR record for that IP which points back at "mail.doctorssupplementsto re.com".
ASKER
gentlemen,
This is getting rather confusing. Can we simplify it some?
Here is some more info for you.....
My DNS is hosted by GoDaddy and I do not think they let me set PTR records.
I currently have 2 MX records as follows:
Priority Host Points To TTL
0 @ dnswmail.doctorssupplement store.com 1 Hour
1 @ mail.doctorssupplementstor e.com 1 Hour
Then I have A records as follows:
dnswmail 24.182.228.74 1 Hour
mail 24.182.228.74 1 Hour
remote 24.182.228.74 1 Hour
What do I need to do to fix my problem?
Thanks,
This is getting rather confusing. Can we simplify it some?
Here is some more info for you.....
My DNS is hosted by GoDaddy and I do not think they let me set PTR records.
I currently have 2 MX records as follows:
Priority Host Points To TTL
0 @ dnswmail.doctorssupplement
1 @ mail.doctorssupplementstor
Then I have A records as follows:
dnswmail 24.182.228.74 1 Hour
mail 24.182.228.74 1 Hour
remote 24.182.228.74 1 Hour
What do I need to do to fix my problem?
Thanks,
Remove the remote host. And which hostname is on your banner or your Send Connector, dnswmail or mail? Set whichever one that's on your server to the primary.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Hmm reason #42 why I won't use SBS ever.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Simon,
Change them in the MX or A records?
Change them in the MX or A records?
ASKER
Simon,
Here is what is in my DNS now...
I currently have 1 MX records as follows:
Priority Host Points To TTL
0 @ remote.doctorssupplementst ore.com 1 Hour
Then I have 1 A record as follows:
remote 24.182.228.74 1 Hour
Is this correct?
Here is what is in my DNS now...
I currently have 1 MX records as follows:
Priority Host Points To TTL
0 @ remote.doctorssupplementst
Then I have 1 A record as follows:
remote 24.182.228.74 1 Hour
Is this correct?
That will work just fine.
Now just contact your ISP and have them change your PTR record.
Now just contact your ISP and have them change your PTR record.
ASKER
footech,
As I stated before, my DNS is managed by GoDaddy.
You are correct that my ISP is Charter, but my DNS records are managed by GoDaddy and you cannot set a PTR record with them. I have created an SPF record.
At this point do I need to do anything else?
As I stated before, my DNS is managed by GoDaddy.
You are correct that my ISP is Charter, but my DNS records are managed by GoDaddy and you cannot set a PTR record with them. I have created an SPF record.
At this point do I need to do anything else?
It doesn't matter that your DNS is managed by GoDaddy. Your PTR record is (generally) managed by the entity which leases your IP to you. In your case that would be Charter. So you need to contact Charter to get the PTR record changed.
ASKER
OK. I will contact Charter.
When I speak to them, what do I tell them in terms of configuring it?
When I speak to them, what do I tell them in terms of configuring it?
1) Which IP the record is for; and
2) What FQDN it should refer to (in your case "remote.doctorssupplements tore.com")
2) What FQDN it should refer to (in your case "remote.doctorssupplements
Just as an FYI - as you are finding out, different companies filter incoming email based on different criteria. Some don't care about a PTR, some only care if a PTR record exists for the IP you're sending from but don't care what it is set to, others check if the name referenced by PTR points back at the same IP (this is know as forward-confirmed reverse DNS), some don't care what the SMTP banner is set to, for others the SMTP banner must be valid and match the PTR record, etc., etc.
ASKER
Charter has now set my PTR record.
Now what? Wait 3 days and try to send email to that address again?
Now what? Wait 3 days and try to send email to that address again?
It all depends on how long various servers cache DNS records, but I would say most will have it updated in 24 hours, and some in less.
ASKER
I will try to email tomorrow and see if it goes through.
Thanks until tomorrow!
Thanks until tomorrow!
ASKER
Thank you everyone for your help. I think we have straightened out a lot of my DNS records and issues, but the problem does not seem to fixed. In fairness to all of you, I am accepting 3 answers that helped me the most in "fixing" my DNS.
I will now post the full NDR record in a new questions and try again to resolve the issue.
Thanks again!
I will now post the full NDR record in a new questions and try again to resolve the issue.
Thanks again!
I don't want to make too big a deal about it, but I really disagree with the way this was closed.
The accepted answer by ubadmin is in fact false, as I explained in my post http:#a39591510 along with information on how to really test the SMTP banner that is sent out, information that was echoed by Sembee2 in the following post.
Then I pointed out that your existing SMTP banner was fine, again backed up by Sembee2 in http:#a39592362.
Then I helped with getting your PTR record configured correctly.
All that and not even an assist? C'mon!
I won't for a second hesitate to acknowledge that Simon is far more knowledgeable about Exchange than I am, but the points distribution hardly seems fair. Sometimes I am awarded points that I didn't deserve, and sometimes the opposite is true, so I figure it all balances out, but this is a time where I felt it needed to be pointed out.
Just something to keep in mind in the future.
The accepted answer by ubadmin is in fact false, as I explained in my post http:#a39591510 along with information on how to really test the SMTP banner that is sent out, information that was echoed by Sembee2 in the following post.
Then I pointed out that your existing SMTP banner was fine, again backed up by Sembee2 in http:#a39592362.
Then I helped with getting your PTR record configured correctly.
All that and not even an assist? C'mon!
I won't for a second hesitate to acknowledge that Simon is far more knowledgeable about Exchange than I am, but the points distribution hardly seems fair. Sometimes I am awarded points that I didn't deserve, and sometimes the opposite is true, so I figure it all balances out, but this is a time where I felt it needed to be pointed out.
Just something to keep in mind in the future.
ASKER
footech,
Please accept a SINCERE apology from me and forgive me for my "rookie" distribution of the points.
Honestly I was (am still am) very confused by most of the answers. I did my best to follow all of the instructions to try and get everything setup correctly and then "tried" to go back and distribute points to the people that had put in effort to help me. Obviously I blew it.
Is there a way to adjust the points now and make it right? I really do want all the people who put in real effort to help me to earn some points.
Thanks - David
Please accept a SINCERE apology from me and forgive me for my "rookie" distribution of the points.
Honestly I was (am still am) very confused by most of the answers. I did my best to follow all of the instructions to try and get everything setup correctly and then "tried" to go back and distribute points to the people that had put in effort to help me. Obviously I blew it.
Is there a way to adjust the points now and make it right? I really do want all the people who put in real effort to help me to earn some points.
Thanks - David
Hi David,
I appreciate your taking the time to respond, and the apology. As I said, I don't want to make a big deal about it. In my mind the matter is settled without any hard feelings in the slightest. If you ever want to re-assign points the only way to do so is to request attention to the question so that the moderators can assist. I'm not feeling any great need for that though.
If you're ever confused about some of the answers you get, please post back about specific parts that you don't understand (I know it can be difficult when you're receiving conflicting advice). Most experts will be glad to try to clarify.
Cheers!
I appreciate your taking the time to respond, and the apology. As I said, I don't want to make a big deal about it. In my mind the matter is settled without any hard feelings in the slightest. If you ever want to re-assign points the only way to do so is to request attention to the question so that the moderators can assist. I'm not feeling any great need for that though.
If you're ever confused about some of the answers you get, please post back about specific parts that you don't understand (I know it can be difficult when you're receiving conflicting advice). Most experts will be glad to try to clarify.
Cheers!
ASKER
Gentlemen (ubadmin, footech, & sembee2),
Thank you again for all of your help on this issue. You all contributed to me achieving 2 very important things.
(1) I am now quit sure my dns records are all correct.
(2) I ultimately resolved the issue and mail is now flowing again to the 1 domain that was blocked.
FYI, it turned out that the user was hosted at GoDaddy and they had blocked my IP even though it was not sending an NDR back to me.
Thanks again!
Thank you again for all of your help on this issue. You all contributed to me achieving 2 very important things.
(1) I am now quit sure my dns records are all correct.
(2) I ultimately resolved the issue and mail is now flowing again to the 1 domain that was blocked.
FYI, it turned out that the user was hosted at GoDaddy and they had blocked my IP even though it was not sending an NDR back to me.
Thanks again!
I did an SMTP test from MXtoolbox.com and got this:
smtp:24.182.228.74 Monitor This smtp
Register for a Free MxToolBox Account for access to more features.
220 remote.doctorssupplementst
Test Result
SMTP Reverse DNS Mismatch Warning - Reverse DNS does not match SMTP Banner More Info
SMTP Transaction Time 8.128 seconds - Not good! on Transaction Time More Info
SMTP Reverse Banner Check OK - 24.182.228.74 resolves to 24-182-228-74.static.stls.
SMTP TLS OK - Supports TLS.
SMTP Connection Time 0.733 seconds - Good on Connection time
SMTP Open Relay OK - Not an open relay.
Session Transcript:
Looks to me they have a configuration issue that could easily cause a delivery delay.