Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1056
  • Last Modified:

Cannot send to btinternet addresses from Exchange 2010

I have a Windows SBS 2011 with Exchange 2010. It's a new server and doesn't replace any previous Windows servers.
All emails, both internal and external are delivered successfully with the exception of anyone with a btinternet address. I have tested failed addresses from other Exchange servers and they send OK so it's just this server that seems to have something against BT.
I get failure messages like this:
"This message hasn't been delivered yet. Delivery will continue to be attempted.
The server will keep trying to deliver this message for the next 1 days, 19 hours and 55 minutes. You'll be notified if the message can't be delivered by that time"
I've used MX Lookup to check for any blacklisting and all is clear.
0
ClintonK
Asked:
ClintonK
  • 21
  • 17
  • +3
1 Solution
 
R--RCommented:
Are you able to resolve the mx record of the btinternet.
Enable logs on send connector and check the log.
Check if your domain have a reverse dns record created.
0
 
Alan HardistyCommented:
Please have a read of my article and make sure you are configurec properly, especially with Reverse DNS:

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/A_2427-Problems-sending-mail-to-one-or-more-external-domains.html

Alan
0
 
donnkCommented:
use your ISP's smarthost.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
Mahesh SharmaCommented:
Check your SPF record as well if it contains your newly added server or not.
0
 
Diwakar SharmaCommented:
Add this new server in Source Server tab in send connector and check.

Please also make an attempt to send email using telnet command from problem server and share the the result.

Diwakar
0
 
ClintonKAuthor Commented:
I am working my way through Alan's document and have now configured reverse DNS (as also suggested by R--R) and I thought that had sorted it as I was able to send to my test btinternet address. However, it seems that there are other addresses that are still rejected (not BT this time - it looks like I was not given the full story at the outset). The latest problem email was sent and then some hours later, a non-delivery report was received but it was still received a little while later.
Almost everything has now checked out except the spf record. When I run the Beveridge Hosting - SPF Test from http://tools.bevhost.com/spf/ and enter the Sender IP Address, Sender Email Address and Senders Computer Name the Senders Computer Name says "Unable to resolve <myservername> in the DNS". The DNS does have the correct entry for the server and when I ping it from a command prompt it responds (albeit with the IPv6 address).
0
 
Alan HardistyCommented:
If you want, fire an email to testmail @ sohomail.co.uk and I'll see what my Anti-Spam makes of your email, assuming it gets through my defences!!

Let me know if you send one and I'll keep an eye out for it.

Alan
0
 
ClintonKAuthor Commented:
Test email on its way.
0
 
Alan HardistyCommented:
Thanks.
0
 
Alan HardistyCommented:
Blacklisted by the SPF Test (sender forged per policy of "yourdomain.com", SPF result: SoftFail).

So - looks like your SPF record is tripping you up.  I'll have a look see why.

Alan
0
 
Alan HardistyCommented:
Mail sent from this IP address: 82.xxx.xxx.209
Mail from (Sender): you@yourdomain.com
Mail checked using this SPF policy: v=spf1 ~all
Results - softfail domain owner discourages use of this host

You need to amend your SPF record!!
0
 
Alan HardistyCommented:
This would make your SPF pass:

v=spf1 mx ~all
0
 
ClintonKAuthor Commented:
So I create a DNS TXT record with this as the Text?

Type=TXT Record=(v=spf1 mx ~all)

As you may have guessed, spf records are new to me
0
 
Alan HardistyCommented:
Yes - you already have an SPF record set, it just needs the MX bit adding to it.
0
 
Alan HardistyCommented:
Don't add the Brackets though.
0
 
ClintonKAuthor Commented:
I can't see a TXT record anywhere I'm afraid
0
 
Alan HardistyCommented:
Are you amending them at freeola.net?
0
 
ClintonKAuthor Commented:
no, locally on my server
0
 
Alan HardistyCommented:
You need to login to your Domain's Control Panel with Freeola.net and amend it there.  It's not going to be any help on your own DNS server.  Has to be done externally.

Alan
0
 
ClintonKAuthor Commented:
The domain name is registered with freeola.net but the broadband is provided by Eclipse and it's with Eclipse that I've set rDNS. Should it therefore be Eclipse where I set the spf record?
0
 
Alan HardistyCommented:
No - you need to add that via your Domain's DNS records, which appear to be with Freeola.net.

Do you have login / password details for them?
0
 
ClintonKAuthor Commented:
Yes, I think so. Just digging around for the login details now.
0
 
Alan HardistyCommented:
Okay - when you have added the record, let me know and I'll check if it can be seen.

Once it can be, try sending another test email over and see if you get another rejection or if it passes.
0
 
ClintonKAuthor Commented:
Got myself logged into freeola and found the bit to update the spf record.
When I type "v=spf1 mx ~all" it says it's invalid.
0
 
Alan HardistyCommented:
Just type:

v=spf1 mx ~all

Nothing more.

If you are and it doesn't like it, there is nothing wrong with it, so kick Freeola's butt in the morning.
0
 
ClintonKAuthor Commented:
Yes, that's what I'm entering so it's butt kicking time in the morning. Thanks
0
 
ClintonKAuthor Commented:
Seems Freeola do it a special way. This is the text of the option to amend the spf record...

"Create/Change SPF Records (Advanced)
 
SPF records are used in an effort to identify spam mail by specifying mail servers which are allowed to send mail from your domain name. Although SPF records are written as a TXT record, our systems are set to create them seperately to ensure all mail sent via Freeola services is sent correctly, so this option must be used. "
0
 
Alan HardistyCommented:
Alternatively try this:

v=spf1 ip4:82.xxx.xxx.209 ~all

Change the xxx.xxx bit to reflect the rest of your IP Address.
0
 
ClintonKAuthor Commented:
It doesn't like that either. Just in case it's of use, this is the blurb they have for the screen. I realise it's what you already know but I've just included it in case it has some clue as to what they're doing differently to the norm.

"Below you can specify additional mail servers which you send mail from. Although SPF records are not required, checking SPF records is becoming an increasingly popular way to filter mail.

All Freeola domain names will already have SPF records set up for our SMTP servers (smtp.freeola.net and smtp-auth.freeola.net), as such you do not need to enter records for these below.

Most ISP's will provide you with an SPF record that looks like the following:

v=spf1 a:smtp-auth.freeola.net ~all
For this record, you would need to enter 'smtp-auth.freeola.net' as the value, select 'A' as the record type and select 'Softfail (~)' as the default action for unmatched domains.

Another example:

v=spf1 include:_spf.google.com ~all
For this record you would provide '_spf.google.com' as the record's value, select 'Include' as the record type and select 'Softfail (~)' again as the default action for unmatched domains.
"
0
 
Alan HardistyCommented:
So try selecting IP4 as the type and your IP as the value and Softfail.

See if it likes that.

I'm lights out now, so if not, talk to them in the morning and I'm around all day UK time.

Alan
0
 
ClintonKAuthor Commented:
I think I've just got it. It's a special freeola thing. I just entered the value I set for my reverse DNS entry. So instead of entering v=spf1 mx ~all, I entered mx-delivery11.<mydomain.com> and it's taken it.
Hopefully that's correct.
0
 
ClintonKAuthor Commented:
Our posts have just crossed. Maybe speak tomorrow. Cheers
0
 
Alan HardistyCommented:
Yep - that worked and I get the following:

Mail sent from this IP address: 82.xxx.xxx.209
Mail from (Sender): you@yourdomain.com
Mail checked using this SPF policy: v=spf1 a:mx-delivery11.yourdomain.com ~all
Results - PASS sender SPF authorized

I'm using the following site to test this by the way:

http://www.kitterman.com/spf/validate.html

Try another test email now to BT or another one that fails and to my test address and see what happens.

Alan
0
 
ClintonKAuthor Commented:
I've sent a test email to your test address Alan but unable to send to one that normally fails because they are customers of the company so I'll need to wait until later when the boss returns so he can send a test to a chosen friendly contact.
0
 
Alan HardistyCommented:
Ah - understood!

Checking my anti-spam logs.  BRB
0
 
Alan HardistyCommented:
Nothing yet.
0
 
ClintonKAuthor Commented:
All gone quiet from the problem email server so I guess no news is good news. Just pinged an email asking for an update.
0
 
Alan HardistyCommented:
Fingers crossed ;)
0
 
ClintonKAuthor Commented:
I got an update this afternoon and the news is good. There have been no rejections since I made the changes. I think we'll call this fixed.
0
 
ClintonKAuthor Commented:
An excellent document which included the fix for the problem. Being new to spf records I was a little confused as to where to apply the DNS change so perhaps this could be clarified in the document just to help those like me. As usual EE saved the day. Particular thanks to Alan Hardisty.
Cheers
0
 
Alan HardistyCommented:
Glad the problem is resolved and thanks for your comments.

I'll see if I can amend my article to make it clearer.

Best wishes

Alan

P.S.  Don't forget to update your SPF record if you make any changes to your IP / server etc.  Better not to have an SPF record, than to have an incorrect one too!!
0
 
Alan HardistyCommented:
FYI - article amended and some extra bonus material added!!

Hopefully it makes it a bit clearer.

Alan ;)
0

Featured Post

Microsoft Certification Exam 74-409

VeeamĀ® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

  • 21
  • 17
  • +3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now