Milord
asked on
Mail server Reverse DNS issues
I've got a customer that has multiple domain names. They wanted their primary domain changed. I followed a guide and made the appropriate changes to the Exchange server. Emails come and go properly for the most part but they can't send to some domains and mxtoolbox says: Warning - Reverse DNS does not match SMTP Banner.
I'm no DNS or Exchange expert so I need some help.
FQDN: x64exchserver.abc.123.com
Original primary email domain:
mx record: mail.123.com
A record: 111.111.111.111
New email domain:
mx record mail.456.com
A record: 111.111.111.111
What do I have the ISP setup for reverse DNS? The smtp banner is the FQDN: x64exchserver.abc.123.com but there isn't a DNS entry anywhere that matches that externally. Just mail.123.com.
Utterly confused.
Thank you.
I'm no DNS or Exchange expert so I need some help.
FQDN: x64exchserver.abc.123.com
Original primary email domain:
mx record: mail.123.com
A record: 111.111.111.111
New email domain:
mx record mail.456.com
A record: 111.111.111.111
What do I have the ISP setup for reverse DNS? The smtp banner is the FQDN: x64exchserver.abc.123.com but there isn't a DNS entry anywhere that matches that externally. Just mail.123.com.
Utterly confused.
Thank you.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I'd be happy to help see if I can figure out why if you have tried and given up.
Have you tried a manual telnet session to their mail server from your mail server to see what response you get? It might reveal something interesting.
Have you tried a manual telnet session to their mail server from your mail server to see what response you get? It might reveal something interesting.
ASKER
Thanks Alan.
I just tried that. I get no response from their first mail server. They have 3 mail servers that show up when I do an smtp test on mxtoolbox. I get the expected response from the other 2 servers.
I just tried that. I get no response from their first mail server. They have 3 mail servers that show up when I do an smtp test on mxtoolbox. I get the expected response from the other 2 servers.
Have you tried setting up a new SEND connector, adding the problem domain to that connector, then enabling Verbose Logging and setting up a folder to store those logs?
That way you will be able to readily run through the logs and see what is happening (assuming you speak SMTP)!!
That way you will be able to readily run through the logs and see what is happening (assuming you speak SMTP)!!
ASKER
Nope, that is above my Exchange knowledge. I'm a small town jack of all trades master of none IT guy. LOL. I'm not afraid to try though.
Okay - add a new SEND Connector using the Wizard in the Exchange Management Console> Organization Config> Hub Transport> Send Connectors> New Send Connector.
Run through the Wizard - Name it something like {ProblemDomainName} (replace that with the name of the problem domain) and leave Custom as the Connector Type, In the Address Space, add whatever.com (the problem domain name itself), use DNS to route the mail and then finish the wizard.
Then edit the SEND Connector, on the General Tab, change Protocol Logging Level to Verbose, and change the Maximum Send Size if you need to so that it matches your other SEND Connector.
Create a new folder (for example c:\smtp send logs) and then run the following Exchange Shell Command, replacing ServerName with the name of your Exchange Server:
Set-TransportServer “ServerName” -SendProtocolLogPath “c:\smtp send logs” -SendProtocolLogMaxFileSiz
This will allow 5mb logs to be created in a folder with a maximum size of 100Mb (before files get overwritten) and will keep 30 days worth of info maximum - tweak accordingly if you want more or less time.
Then restart the Microsoft Exchange Transport Service, send a few test emails and then after a few minutes, check the log folder and open up the log and see what you can make of the logs.
Run through the Wizard - Name it something like {ProblemDomainName} (replace that with the name of the problem domain) and leave Custom as the Connector Type, In the Address Space, add whatever.com (the problem domain name itself), use DNS to route the mail and then finish the wizard.
Then edit the SEND Connector, on the General Tab, change Protocol Logging Level to Verbose, and change the Maximum Send Size if you need to so that it matches your other SEND Connector.
Create a new folder (for example c:\smtp send logs) and then run the following Exchange Shell Command, replacing ServerName with the name of your Exchange Server:
Set-TransportServer “ServerName” -SendProtocolLogPath “c:\smtp send logs” -SendProtocolLogMaxFileSiz
This will allow 5mb logs to be created in a folder with a maximum size of 100Mb (before files get overwritten) and will keep 30 days worth of info maximum - tweak accordingly if you want more or less time.
Then restart the Microsoft Exchange Transport Service, send a few test emails and then after a few minutes, check the log folder and open up the log and see what you can make of the logs.
ASKER
Thank you for the detailed instructions Alan. I will follow them tomorrow and see what happens. I appreciate your help.
No problems - shout if you get stuck anywhere. I will be zapping the CryptoLocker viruse tomorrow, so will have plenty of opportunity to help you as it isn't desperately challenging!
ASKER
Dealing with that particular virus right now! Actually ended up wiping the machine as it encrypted all kinds of files, even files on network shares. Backups saved the day.
Yes - thank heavens for backups.
I wrote a few lines about cleaning it up here if you fancy a read:
http://alanhardisty.wordpress.com/2013/10/22/cryptolocker-ransom-virus-cleanup/
I wrote a few lines about cleaning it up here if you fancy a read:
http://alanhardisty.wordpress.com/2013/10/22/cryptolocker-ransom-virus-cleanup/
ASKER
Nice right up Alan. I've just received my second call about that damn virus.
Anyway, back to my original problem. The mail host from the other company got back to us and this is what they said:
Our spam protection system employs fake MX`s. Servers MX02.NICMAIL.ru and MX03.NICMAIL.ru always reject connections. Only MX01.NICMAIL.ru receives mail.
To solve your problem, you need to change settings in the outgoing mail servers.
Inability to connect with MX02.NICMAIL.ru and reply by MX03.NICMAIL.ru with the error code 4XX should not be treated as fatal, instead, attempts to send mail should continue to other servers listed in MX records.
What do I need to change in Exchange to have it continue sending to other servers in the MX records?
Anyway, back to my original problem. The mail host from the other company got back to us and this is what they said:
Our spam protection system employs fake MX`s. Servers MX02.NICMAIL.ru and MX03.NICMAIL.ru always reject connections. Only MX01.NICMAIL.ru receives mail.
To solve your problem, you need to change settings in the outgoing mail servers.
Inability to connect with MX02.NICMAIL.ru and reply by MX03.NICMAIL.ru with the error code 4XX should not be treated as fatal, instead, attempts to send mail should continue to other servers listed in MX records.
What do I need to change in Exchange to have it continue sending to other servers in the MX records?
You can use the SEND Connector I suggested creating above and edit it to send direct to the valid (working MX Record) directly, rather than use DNS to figure it out. That way you can cut out the false MX records and go straight to the working one.
Alan
Alan
ASKER
I created the connector, under Network I picked Route mail through the following smart hosts and used MX01.NICMAIL.ru as the FQDN. Is that the correct setup?
Yep - that perfect.
Restart the Microsoft Exchange Transport Service to force the settings to be applied too.
Alan
Restart the Microsoft Exchange Transport Service to force the settings to be applied too.
Alan
ASKER
Thanks Alan, I really appreciate your help. Now we'll see if it works!
Fingers crossed. Shout if it doesn't help, then at least we can look at the logs and find a reason.
Alan
Alan
ASKER
It worked Alan, you are the man. Thank you very much.
James
James
Excellent - long may it continue to do so ;)
Best wishes
Alan
Best wishes
Alan
ASKER