• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 656
  • Last Modified:

Email NDR Help

Hi everyone,

I need some help with an email problem.

I setup SBS 2011 (with Exchange 2010) about 6 weeks ago. Everything is working great and I am not having any problems.

I have 1 person and 1 person only that we used to be able to send emails to, that are now resulting in an NDR and are not being delivered.

I posted a question about DNS settings and Sembee made sure everything I was doing is correctly setup and it is.

So, now I am posting the NDR to see if anyone can provide me with help on figuring out why emails to this person cannot go through. FYI, when I send to this person from gmail they go right through.

************************************************
Reporting-MTA: dns;xxxxSRVR.dnsw.local
Received-From-MTA: dns;doctorssupplementstore.com
Arrival-Date: Fri, 11 Oct 2013 21:48:59 +0000

Final-Recipient: rfc822;drxxxxx@drxxxxx.com
Action: delayed
Status: 4.4.7
Diagnostic-Code: smtp;400 4.4.7 Message delayed
Will-Retry-Until: Sun, 13 Oct 2013 16:48:59 -0500
X-Display-Name: drxxxxx@drxxxxx.com
*************************************************

Thank you!
0
GenesisTech
Asked:
GenesisTech
  • 18
  • 11
  • 7
  • +1
3 Solutions
 
Ben HartCommented:
Do you get this NDR sending mail to another user at the same destination domain?

I did an SMTP test from MXtoolbox.com and got this:

smtp:24.182.228.74   Monitor This    smtp  
Register for a Free MxToolBox Account for access to more features.
220 remote.doctorssupplementstore.com Microsoft ESMTP MAIL Service ready at Tue, 22 Oct 2013 09:44:25 -0500

Test      Result      
      SMTP Reverse DNS Mismatch      Warning - Reverse DNS does not match SMTP Banner       More Info
      SMTP Transaction Time      8.128 seconds - Not good! on Transaction Time       More Info
      SMTP Reverse Banner Check      OK - 24.182.228.74 resolves to 24-182-228-74.static.stls.mo.charter.com
      SMTP TLS      OK - Supports TLS.      
      SMTP Connection Time      0.733 seconds - Good on Connection time      
      SMTP Open Relay      OK - Not an open relay.      
Session Transcript:


Looks to me they have a configuration issue that could easily cause a delivery delay.
0
 
Ben HartCommented:
I get the same results on both of their MX records: mail and dnswmail.doctorssupplementstore.com
0
 
GenesisTechAuthor Commented:
More complete NDR:

Received: from xxxxSRVR.xxxx.local ([fe80::196b:a37:66ff:e025]) by xxxxSRVR.xxxx.local ([fe80::196b:a37:66ff:e025%11]) with mapi id 14.01.0438.000; Fri, 11 Oct 2013 16:48:59 -0500 From: Dave XXXXX To: "drxxxxx@drxxxxx.com" Subject: RE: Brevail Thread-Topic: Brevail Thread-Index: AQHOxoKR1z0SFZUlwk6k0dPUUqBZIpnwCkaw Date: Fri, 11 Oct 2013 21:48:58 +0000 Message-ID: <1046A2449B4234488ADFB19E004777FB3E9A67@xxxxSRVR.xxxx.local> References: <1036759996-1381496728-cardhu_decombobulator_blackberry.rim.net-1930398418-@b16.c13.bise6.blackberry> In-Reply-To: <1036759996-1381496728-cardhu_decombobulator_blackberry.rim.net-1930398418-@b16.c13.bise6.blackberry> Accept-Language: en-US Content-Language: en-US X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 04 X-MS-Exchange-Organization-AuthSource: xxxxSRVR.xxxx.local X-MS-Has-Attach: X-MS-Exchange-Organization-SCL: -1 X-MS-TNEF-Correlator: x-ms-exchange-organization-originalsize: 5593 x-ms-exchange-organization-originalarrivaltime: 11 Oct 2013 21:48:58.7627 (UTC) x-ms-exchange-organization-messagesource: StoreDriver x-ms-exchange-organization-messagedirectionality: Originating x-ms-exchange-forest-messagescope: 00000000-0000-0000-0000-000000000000 x-ms-exchange-organization-messagescope: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Organization-BCC: x-ms-exchange-organization-originalclientipaddress: 192.168.XXX.XXX x-originating-ip: [192.168.XXX.XXX] x-ms-exchange-organization-originalserveripaddress: fe80::196b:a37:66ff:e025%11 x-ms-exchange-organization-messagelatency: SRV=xxxxSRVR.xxxx.local:TOTAL=0 x-ms-exchange-organization-hygienepolicy: Standard x-ms-exchange-organization-recipient-limit-verified: True x-ms-exchange-organization-processed-by-journaling: Journal Agent Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-MS-Exchange-Organization-ContentConversionOptions: False;00160000;True;;iso-8859-1 X-MS-Exchange-Organization-MessageLatencyInProgress: LSRV=xxxxSRVR.xxxx.local:TOTAL=0;2013-10-11T21:48:59.461Z
0
Fill in the form and get your FREE NFR key NOW!

Veeam is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

 
GenesisTechAuthor Commented:
ubadmin

Thank you for your response.

I AM Doctors Supplement Store.

Do I have something setup wrong?
0
 
GenesisTechAuthor Commented:
Do you want me to try and send to a different user at the destination domain?
0
 
Ben HartCommented:
Ahh ok.  Yes it looks like your end needs a correct SMTP Banner, take a look here: http://social.technet.microsoft.com/Forums/exchange/en-US/fdbc68de-8ad9-4eae-963b-5ded5c5849ca/reverse-dns-does-not-match-smtp-banner

Yes can you test with another user at the same destination domain?  If you get the same NDR then I'd bet $5 they are delaying delivery because of the banner mismatch.
0
 
GenesisTechAuthor Commented:
Awesome link - looks like this may be the problem.

Let me implement the changes and report back as to whether this fixed the problem.

Thanks!
0
 
footechCommented:
The SMTP banner tests from services like MXToolbox will not correctly report a problem with Exchange 2007, 2010, 2013.  This is because they test the receive connector.  It is the send connector that you need to be concerned about.  To test the outbound SMTP banner, you can use the info on the following link.
http://cbl.abuseat.org/helocheck.html
0
 
Simon Butler (Sembee)ConsultantCommented:
The tests from MX Toolbox and the like are giving you false results.
They are making an inbound connection attempt and are then presuming that the same banner is used for outbound email. With Exchange 2007 and higher that is not the case.

The only FQDN that matters is the one on the SEND Connector. That means you cannot pass the Reverse DNS test on sites like MX Toolbox.

To see what banner the rest of the world will see when you send email, use the technique outlined on this page:

http://cbl.abuseat.org/helocheck.html

The NDR that you posted isn't really an NDR - it is just a delay message and has nothing of any use for diagnostics on it. You need to look in the queue viewer to see if the remote site is rejecting your message for another reason - it will say there. It could be that you are blacklisted but the remote server isn't rejecting the message outright, but giving you a chance to get off the blacklist.

Simon.
0
 
GenesisTechAuthor Commented:
Simon -

You said ... "You need to look in the queue viewer to see if the remote site is rejecting"

Can you give me the steps for Exchange 2010 and I will post what I find?

Thanks!
0
 
Simon Butler (Sembee)ConsultantCommented:
Queue viewer is in the toolbox within EMC.

Or in Run, enter the following:
%ProgramFiles%\Microsoft\Exchange Server\V14\Bin\Exchange Queue Viewer.msc

Simon.
0
 
Ben HartCommented:
Good call Simon.  I've always configured my servers to never show an error on MxToolbox, even if it is false to some extent.
0
 
GenesisTechAuthor Commented:
Simon,

I am in the viewer and can see the "delayed" message. Where do you want me to go to get information about why it is delayed? Into the properties?
0
 
GenesisTechAuthor Commented:
I see a lot of talk about connectors.

Since I am using SBS 2011 (wizards) and I set up my domain using a .Local setup, there is a very good chance that my FQDN is wrong in my connectors.

Can someone tell me where I should look?
0
 
GenesisTechAuthor Commented:
Simon,

I followed the instructions at abuseat and here is what I got back. I suspect this is where my problem is. I don't think it should be responding with "remote.doctorssupplementstore.com". I think this is what SBS server put in. Should this be changed?

**********************************************************
Diagnostic information for administrators:

Generating server: DNSWSRVR.dnsw.local

helocheck@helocheck.abuseat.org
helocheck.abuseat.org #550 *** The HELO for IP address 24.182.228.74 was 'remote.doctorssupplementstore.com' (valid syntax) *** ##

Original message headers:

Received: from DNSWSRVR.dnsw.local ([fe80::196b:a37:66ff:e025]) by
 DNSWSRVR.dnsw.local ([fe80::196b:a37:66ff:e025%11]) with mapi id
 14.01.0438.000; Tue, 22 Oct 2013 14:38:22 -0500
From: David Lockwood <DLockwood@doctorssupplementstore.com>
To: "'helocheck@helocheck.abuseat.org'" <helocheck@helocheck.abuseat.org>
Subject: Test
Thread-Topic: Test
Thread-Index: Ac7PXkLOFjVtip3ZR7aySrrFM4WRpw==
Date: Tue, 22 Oct 2013 19:38:21 +0000
Message-ID: <1B4EDF1EE5ECDC438447502545DBE0491E5369@DNSWSRVR.dnsw.local>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [192.168.1.100]
Content-Type: multipart/related;
      boundary="_004_1B4EDF1EE5ECDC438447502545DBE0491E5369DNSWSRVRdnswlocal_";
      type="multipart/alternative"
MIME-Version: 1.0
0
 
footechCommented:
That SMTP banner is fine.  A problem I see is that a reverse lookup of the IP does not resolve back to "remote.doctorssupplementstore.com".  Your PTR record for that IP needs to be changed with your ISP.
0
 
Ben HartCommented:
Check this: http://www.petenetlive.com/KB/Article/0000327.htm

Also verify what your MX records should be.
0
 
footechCommented:
If you want to change your SMTP banner to something else for whatever reason (for example, "mail.doctorssupplementstore.com"), then you need an A record for "mail.doctorssupplementstore.com" pointing at the IP you're sending mail from, and a PTR record for that IP which points back at "mail.doctorssupplementstore.com".
0
 
GenesisTechAuthor Commented:
gentlemen,

This is getting rather confusing. Can we simplify it some?

Here is some more info for you.....

My DNS is hosted by GoDaddy and I do not think they let me set PTR records.

I currently have 2 MX records as follows:
Priority      Host      Points To      TTL
0      @      dnswmail.doctorssupplementstore.com      1 Hour
1      @      mail.doctorssupplementstore.com      1 Hour

Then I have A records as follows:
dnswmail      24.182.228.74      1 Hour
mail      24.182.228.74      1 Hour
remote      24.182.228.74      1 Hour

What do I need to do to fix my problem?

Thanks,
0
 
Ben HartCommented:
Remove the remote host.  And which hostname is on your banner or your Send Connector, dnswmail or mail?  Set whichever one that's on your server to the primary.
0
 
Simon Butler (Sembee)ConsultantCommented:
I will have to disagree about removing the "remote" host.
SBS 2011 wants to use remote.example.com everywhere, that is what the wizards will have configured and it will be throughout the Exchange configuration.
You would be best off switching to that, not using mail at all, as that will keep everything as SBS wants and allow you to follow any examples.

That is why your SMTP banner is remote, and could well be why some email isn't being delivered.

The record that I think is causing the problems is dnswmail - that should be removed. Change the mail to remote.

Do you have a UC type SSL certificate or a single name certificate?
If single name, while in the GoDaddy system, add an SRV record for Autodiscover.

http://semb.ee/srv

On the subject of clearing the MXTOOLBOX error - if you do that by changing the receive connector, that can interfere with communications with other Exchange servers (in a migration), will throw errors and could get corrected at another time by an Exchange update or the SBS wizards.

Simon.
0
 
Ben HartCommented:
Hmm reason #42 why I won't use SBS ever.
0
 
footechCommented:
All your MX records point to the same IP.  What you choose for your SMTP banner has no relation to anything to do with your MX records.

For simplicity's sake, there is no reason to change your SMTP banner on the send connector, you can leave it at "remote.doctorssupplementstore.com".
Your ISP is NOT GoDaddy.  From the current PTR record I would say that it is Charter.  Contact them and have them change the PTR record for your IP to "remote.doctorssupplementstore.com".
0
 
GenesisTechAuthor Commented:
Simon,

Change them in the MX or A records?
0
 
GenesisTechAuthor Commented:
Simon,

Here is what is in my DNS now...

I currently have 1 MX records as follows:
Priority      Host      Points To      TTL
0      @      remote.doctorssupplementstore.com      1 Hour

Then I have 1 A record as follows:
remote      24.182.228.74      1 Hour

Is this correct?
0
 
footechCommented:
That will work just fine.
Now just contact your ISP and have them change your PTR record.
0
 
GenesisTechAuthor Commented:
footech,

As I stated before, my DNS is managed by GoDaddy.

You are correct that my ISP is Charter, but my DNS records are managed by GoDaddy and you cannot set a PTR record with them. I have created an SPF record.

At this point do I need to do anything  else?
0
 
footechCommented:
It doesn't matter that your DNS is managed by GoDaddy.  Your PTR record is (generally) managed by the entity which leases your IP to you.  In your case that would be Charter.  So you need to contact Charter to get the PTR record changed.
0
 
GenesisTechAuthor Commented:
OK. I will contact Charter.

When I speak to them, what do I tell them in terms of configuring it?
0
 
footechCommented:
1) Which IP the record is for; and
2) What FQDN it should refer to (in your case "remote.doctorssupplementstore.com")
0
 
footechCommented:
Just as an FYI - as you are finding out, different companies filter incoming email based on different criteria.  Some don't care about a PTR, some only care if a PTR record exists for the IP you're sending from but don't care what it is set to, others check if the name referenced by PTR points back at the same IP (this is know as forward-confirmed reverse DNS), some don't care what the SMTP banner is set to, for others the SMTP banner must be valid and match the PTR record, etc., etc.
0
 
GenesisTechAuthor Commented:
Charter has now set my PTR record.

Now what? Wait 3 days and try to send email to that address again?
0
 
footechCommented:
It all depends on how long various servers cache DNS records, but I would say most will have it updated in 24 hours, and some in less.
0
 
GenesisTechAuthor Commented:
I will try to email tomorrow and see if it goes through.

Thanks until tomorrow!
0
 
GenesisTechAuthor Commented:
Thank you everyone for your help. I think we have straightened out a lot of my DNS records and issues, but the problem does not seem to fixed. In fairness to all of you, I am accepting 3 answers that helped me the most in "fixing" my DNS.

I will now post the full NDR record in a new questions and try again to resolve the issue.

Thanks again!
0
 
footechCommented:
I don't want to make too big a deal about it, but I really disagree with the way this was closed.
The accepted answer by ubadmin is in fact false, as I explained in my post http:#a39591510 along with information on how to really test the SMTP banner that is sent out, information that was echoed by Sembee2 in the following post.
Then I pointed out that your existing SMTP banner was fine, again backed up by Sembee2 in http:#a39592362.
Then I helped with getting your PTR record configured correctly.
All that and not even an assist?  C'mon!
I won't for a second hesitate to acknowledge that Simon is far more knowledgeable about Exchange than I am, but the points distribution hardly seems fair.  Sometimes I am awarded points that I didn't deserve, and sometimes the opposite is true, so I figure it all balances out, but this is a time where I felt it needed to be pointed out.

Just something to keep in mind in the future.
0
 
GenesisTechAuthor Commented:
footech,

Please accept a SINCERE apology from me and forgive me for my "rookie" distribution of the points.

Honestly I was (am still am) very confused by most of the answers. I did my best to follow all of the instructions to try and get everything setup correctly and then "tried" to go back and distribute points to the people that had put in effort to help me. Obviously I blew it.

Is there a way to adjust the points now and make it right? I really do want all the people who put in real effort to help me to earn some points.

Thanks - David
0
 
footechCommented:
Hi David,

I appreciate your taking the time to respond, and the apology.  As I said, I don't want to make a big deal about it.  In my mind the matter is settled without any hard feelings in the slightest.  If you ever want to re-assign points the only way to do so is to request attention to the question so that the moderators can assist.  I'm not feeling any great need for that though.

If you're ever confused about some of the answers you get, please post back about specific parts that you don't understand (I know it can be difficult when you're receiving conflicting advice).  Most experts will be glad to try to clarify.

Cheers!
0
 
GenesisTechAuthor Commented:
Gentlemen (ubadmin, footech, & sembee2),
Thank you again for all of your help on this issue. You all contributed to me achieving 2 very important things.
(1) I am now quit sure my dns records are all correct.
(2) I ultimately resolved the issue and mail is now flowing again to the 1 domain that was blocked.

FYI, it turned out that the user was hosted at GoDaddy and they had blocked my IP even though it was not sending an NDR back to me.

Thanks again!
0

Featured Post

Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

  • 18
  • 11
  • 7
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now