Solved

Exchange 2010 issues

Posted on 2013-10-24
8
494 Views
Last Modified: 2013-10-24
I am getting this reply in when I try to send out.

"550 The host name specified in HELO does not match IP address"

I am unsure but we are getting allot of bounce back message from company and sometimes it turns out that we need to white-list them or tell them to white-list us.

If I run a Mxtoolbox on our domains it says:

SMTP Reverse DNS Mismatch      Warning - Reverse DNS does not match SMTP Banner...

Also we do not have a SPF record setup (do we really need this)?

Thank you any help is appreciated.

We are using Exchange 2010 with Forefront
Domains is gallery.ca
0
Comment
Question by:Pots
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
8 Comments
 
LVL 35

Accepted Solution

by:
Seth Simmons earned 500 total points
ID: 39597509
strongly suggest adding a TXT record defining your SPF
some sites will reject if it's missing or invalid
also verify your PTR record is correct

http://en.wikipedia.org/wiki/Sender_Policy_Framework

http://www.openspf.org/SPF_Record_Syntax
0
 
LVL 52

Expert Comment

by:Manpreet SIngh Khatra
ID: 39597634
SPF is more for safe guarding for spoofing and yes if done its for good :)

So your not blacklisted on any RBL - Right ?

- Rancy
0
 

Author Comment

by:Pots
ID: 39597740
Hi,

 The A and PTR record looks ok.

As for the TXT I am unsure and never set it up.

*and for the SPF does this make sence:

v=spf1 a mx ptr mx:ngcpost2.gallery.ca ~all

Thank you.
0
Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

 
LVL 35

Expert Comment

by:Seth Simmons
ID: 39597778
i've usually kept it simple by putting ip4:<address> so it doesn't cause additional directory lookups

with only one server you don't have to specify 4 different records; as long as it matches
some places will specify multiple records and/or ip addresses because of their setup
0
 

Author Comment

by:Pots
ID: 39598304
Ok I created the SPF but do I need a TXT record to make it work? I don't understand the relation between the 2.

But one thing I noticed and I am unsure is the SPF will help...

In the queue for exchange I get allot of

"451 4.4.0 Primary target IP address responded with: ""421 4.2.1 Unable to connect."" Attempted failover to alternate host, but that did not succeed. Either there are no alternate hosts, or delivery failed to all alternate hosts."

Have any idea what that is?

Thank you.
0
 
LVL 35

Expert Comment

by:Seth Simmons
ID: 39598342
SPF is what that is defined as - specifying what servers are allowed to send mail as your domain name.  it is a TXT record as far as DNS is concerned

as far as the queue errors, is it all mail or only some?  are you using a smarthost or going out directly?
0
 

Author Comment

by:Pots
ID: 39598380
Oh so TXT and SPF have the same content then... I see..

For the queue yes I am using exchange as a smart host with the send and receive connectors. But I have inherited the issues and there are:

4 received connectors including the client and default

and

2 send connectors (one for internet and other for internal application specific).

As for the Specify the FQDN this connector will provide in response to HELO of EHLO:
I have the internal FQDN.. shouldn't it be the external one?
0
 

Author Closing Comment

by:Pots
ID: 39598383
Well documented. Thank you.
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
After hours on line I found a solution which pointed to the inherited Active Directory permissions . You have to give/allow permissions to the "Exchange trusted subsystem" for the user in the Active Directory...
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
how to add IIS SMTP to handle application/Scanner relays into office 365.

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question