Solved

Cannot send to btinternet addresses from Exchange 2010

Posted on 2014-01-05
42
999 Views
Last Modified: 2014-01-14
I have a Windows SBS 2011 with Exchange 2010. It's a new server and doesn't replace any previous Windows servers.
All emails, both internal and external are delivered successfully with the exception of anyone with a btinternet address. I have tested failed addresses from other Exchange servers and they send OK so it's just this server that seems to have something against BT.
I get failure messages like this:
"This message hasn't been delivered yet. Delivery will continue to be attempted.
The server will keep trying to deliver this message for the next 1 days, 19 hours and 55 minutes. You'll be notified if the message can't be delivered by that time"
I've used MX Lookup to check for any blacklisting and all is clear.
0
Comment
Question by:ClintonK
  • 21
  • 17
  • +3
42 Comments
 
LVL 19

Expert Comment

by:R--R
ID: 39757583
Are you able to resolve the mx record of the btinternet.
Enable logs on send connector and check the log.
Check if your domain have a reverse dns record created.
0
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 500 total points
ID: 39757697
Please have a read of my article and make sure you are configurec properly, especially with Reverse DNS:

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/A_2427-Problems-sending-mail-to-one-or-more-external-domains.html

Alan
0
 
LVL 6

Expert Comment

by:donnk
ID: 39758612
use your ISP's smarthost.
0
 
LVL 9

Expert Comment

by:Mahesh Sharma
ID: 39758719
Check your SPF record as well if it contains your newly added server or not.
0
 
LVL 1

Expert Comment

by:Diwakar Sharma
ID: 39758960
Add this new server in Source Server tab in send connector and check.

Please also make an attempt to send email using telnet command from problem server and share the the result.

Diwakar
0
 

Author Comment

by:ClintonK
ID: 39769500
I am working my way through Alan's document and have now configured reverse DNS (as also suggested by R--R) and I thought that had sorted it as I was able to send to my test btinternet address. However, it seems that there are other addresses that are still rejected (not BT this time - it looks like I was not given the full story at the outset). The latest problem email was sent and then some hours later, a non-delivery report was received but it was still received a little while later.
Almost everything has now checked out except the spf record. When I run the Beveridge Hosting - SPF Test from http://tools.bevhost.com/spf/ and enter the Sender IP Address, Sender Email Address and Senders Computer Name the Senders Computer Name says "Unable to resolve <myservername> in the DNS". The DNS does have the correct entry for the server and when I ping it from a command prompt it responds (albeit with the IPv6 address).
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 39769536
If you want, fire an email to testmail @ sohomail.co.uk and I'll see what my Anti-Spam makes of your email, assuming it gets through my defences!!

Let me know if you send one and I'll keep an eye out for it.

Alan
0
 

Author Comment

by:ClintonK
ID: 39769581
Test email on its way.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 39769595
Thanks.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 39769600
Blacklisted by the SPF Test (sender forged per policy of "yourdomain.com", SPF result: SoftFail).

So - looks like your SPF record is tripping you up.  I'll have a look see why.

Alan
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 39769610
Mail sent from this IP address: 82.xxx.xxx.209
Mail from (Sender): you@yourdomain.com
Mail checked using this SPF policy: v=spf1 ~all
Results - softfail domain owner discourages use of this host

You need to amend your SPF record!!
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 39769615
This would make your SPF pass:

v=spf1 mx ~all
0
 

Author Comment

by:ClintonK
ID: 39769641
So I create a DNS TXT record with this as the Text?

Type=TXT Record=(v=spf1 mx ~all)

As you may have guessed, spf records are new to me
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 39769646
Yes - you already have an SPF record set, it just needs the MX bit adding to it.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 39769652
Don't add the Brackets though.
0
 

Author Comment

by:ClintonK
ID: 39769662
I can't see a TXT record anywhere I'm afraid
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 39769663
Are you amending them at freeola.net?
0
 

Author Comment

by:ClintonK
ID: 39769672
no, locally on my server
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 39769676
You need to login to your Domain's Control Panel with Freeola.net and amend it there.  It's not going to be any help on your own DNS server.  Has to be done externally.

Alan
0
 

Author Comment

by:ClintonK
ID: 39769704
The domain name is registered with freeola.net but the broadband is provided by Eclipse and it's with Eclipse that I've set rDNS. Should it therefore be Eclipse where I set the spf record?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 39769714
No - you need to add that via your Domain's DNS records, which appear to be with Freeola.net.

Do you have login / password details for them?
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 

Author Comment

by:ClintonK
ID: 39769717
Yes, I think so. Just digging around for the login details now.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 39769722
Okay - when you have added the record, let me know and I'll check if it can be seen.

Once it can be, try sending another test email over and see if you get another rejection or if it passes.
0
 

Author Comment

by:ClintonK
ID: 39769763
Got myself logged into freeola and found the bit to update the spf record.
When I type "v=spf1 mx ~all" it says it's invalid.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 39769773
Just type:

v=spf1 mx ~all

Nothing more.

If you are and it doesn't like it, there is nothing wrong with it, so kick Freeola's butt in the morning.
0
 

Author Comment

by:ClintonK
ID: 39769777
Yes, that's what I'm entering so it's butt kicking time in the morning. Thanks
0
 

Author Comment

by:ClintonK
ID: 39769784
Seems Freeola do it a special way. This is the text of the option to amend the spf record...

"Create/Change SPF Records (Advanced)
 
SPF records are used in an effort to identify spam mail by specifying mail servers which are allowed to send mail from your domain name. Although SPF records are written as a TXT record, our systems are set to create them seperately to ensure all mail sent via Freeola services is sent correctly, so this option must be used. "
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 39769789
Alternatively try this:

v=spf1 ip4:82.xxx.xxx.209 ~all

Change the xxx.xxx bit to reflect the rest of your IP Address.
0
 

Author Comment

by:ClintonK
ID: 39769800
It doesn't like that either. Just in case it's of use, this is the blurb they have for the screen. I realise it's what you already know but I've just included it in case it has some clue as to what they're doing differently to the norm.

"Below you can specify additional mail servers which you send mail from. Although SPF records are not required, checking SPF records is becoming an increasingly popular way to filter mail.

All Freeola domain names will already have SPF records set up for our SMTP servers (smtp.freeola.net and smtp-auth.freeola.net), as such you do not need to enter records for these below.

Most ISP's will provide you with an SPF record that looks like the following:

v=spf1 a:smtp-auth.freeola.net ~all
For this record, you would need to enter 'smtp-auth.freeola.net' as the value, select 'A' as the record type and select 'Softfail (~)' as the default action for unmatched domains.

Another example:

v=spf1 include:_spf.google.com ~all
For this record you would provide '_spf.google.com' as the record's value, select 'Include' as the record type and select 'Softfail (~)' again as the default action for unmatched domains.
"
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 39769810
So try selecting IP4 as the type and your IP as the value and Softfail.

See if it likes that.

I'm lights out now, so if not, talk to them in the morning and I'm around all day UK time.

Alan
0
 

Author Comment

by:ClintonK
ID: 39769812
I think I've just got it. It's a special freeola thing. I just entered the value I set for my reverse DNS entry. So instead of entering v=spf1 mx ~all, I entered mx-delivery11.<mydomain.com> and it's taken it.
Hopefully that's correct.
0
 

Author Comment

by:ClintonK
ID: 39769814
Our posts have just crossed. Maybe speak tomorrow. Cheers
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 39770427
Yep - that worked and I get the following:

Mail sent from this IP address: 82.xxx.xxx.209
Mail from (Sender): you@yourdomain.com
Mail checked using this SPF policy: v=spf1 a:mx-delivery11.yourdomain.com ~all
Results - PASS sender SPF authorized

I'm using the following site to test this by the way:

http://www.kitterman.com/spf/validate.html

Try another test email now to BT or another one that fails and to my test address and see what happens.

Alan
0
 

Author Comment

by:ClintonK
ID: 39770438
I've sent a test email to your test address Alan but unable to send to one that normally fails because they are customers of the company so I'll need to wait until later when the boss returns so he can send a test to a chosen friendly contact.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 39770481
Ah - understood!

Checking my anti-spam logs.  BRB
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 39770483
Nothing yet.
0
 

Author Comment

by:ClintonK
ID: 39777985
All gone quiet from the problem email server so I guess no news is good news. Just pinged an email asking for an update.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 39779177
Fingers crossed ;)
0
 

Author Comment

by:ClintonK
ID: 39779557
I got an update this afternoon and the news is good. There have been no rejections since I made the changes. I think we'll call this fixed.
0
 

Author Closing Comment

by:ClintonK
ID: 39779586
An excellent document which included the fix for the problem. Being new to spf records I was a little confused as to where to apply the DNS change so perhaps this could be clarified in the document just to help those like me. As usual EE saved the day. Particular thanks to Alan Hardisty.
Cheers
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 39780477
Glad the problem is resolved and thanks for your comments.

I'll see if I can amend my article to make it clearer.

Best wishes

Alan

P.S.  Don't forget to update your SPF record if you make any changes to your IP / server etc.  Better not to have an SPF record, than to have an incorrect one too!!
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 39780575
FYI - article amended and some extra bonus material added!!

Hopefully it makes it a bit clearer.

Alan ;)
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

"Migrate" an SMTP relay receive connector to a new server using info from an old server.
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now