Solved

Email not received by Exchange 2007

Posted on 2014-10-06
17
82 Views
Last Modified: 2014-10-29
Exchange 2007 Standard, I just took over this site and they are only on SP1 so I will update them as soon as I can. The issue They don't receive email from a particular domain, this is a mailing list. They only have Exchange's spam filtering enabled. I've checked the smtp receive logs and can find no trace of the sender's IP or domain and that log appears to show when someone is blocked due to being blacklisted, they don't show up there nor anywhere else. I have not gotten info from the sender that they received a bounce-back but since it's a mailing list so I'm not sure they have looked or bother with bounce-backs, I'm in the process of trying to find out. They sender's IP is not on a black list. The only thing I can see is that the sender does not have a reverse DNS setup. The documentation I read says 2007 uses that to increase the sender reputation level, it's doesn't say it blocks outright because of it but I'd like to verify that. Also, if I add their IP to the approved IP list will that bypass a reverse DNS check? Should a block due to reverse DNS show up in the receive log?
0
Comment
Question by:dpacheco
  • 11
  • 4
  • 2
17 Comments
 
LVL 1

Author Comment

by:dpacheco
Comment Utility
An update on this, I just checked the properties of an email I received from this mailing list and it doesn't look like the email was sent thru the server IP listed for their MX record so I think they use a service to send. Still not sure why they don't come thru.
0
 
LVL 27

Accepted Solution

by:
Steve earned 500 total points
Comment Utility
I've checked the smtp receive logs and can find no trace of the sender's IP or domain
That's the issue right there.
If your server has no record of a connection it suggests your mail server isn't the issue. Without logs at their end or a bounceback you are left with guesses as to why their system cannot see yours.

Things to consider:
Do you have any junk filters/smarthosts between the sender and your mail server?
Could be blocked by something other than Exchange.
is the senders IP anywhere near your external IP range?
Could be a config error on either side affecting the routing (eg someone's got their subnet masks wrong)
Ask the senders to check your MX records so you can confirm there isn't an issue with DNS propagation
Could be an issue at their end or just in propagation in general.
Is there any way to confirm the IP they send from, as it may not be the same as the MX you searched for.
0
 
LVL 1

Author Comment

by:dpacheco
Comment Utility
I'm thinking it's something on the sender's end as well.
I'm.waiting to hear back.from the sender about what bounce back message they get, so far they only say it bounced. The sender is a professional org so volunteers. I've asked to talk with their email support person. My client had name servers moved to Adobe on 8/16 by the marketing person who didn't know what she was doing. They were using trend micro hosted email but we're planning to drop that so I set them to go directly to.server. the TM console is still available but nothing there. That's been nearly 2 months. In the case of this email they haven't received from them since July.
I'll let you what I find out.
0
 
LVL 27

Expert Comment

by:Steve
Comment Utility
nice one. I think you're on the right track there.
Unless they provide the bounceback you currently have nothing to go on as you cannot see anything in your logs that matches up to them.
0
 
LVL 1

Author Comment

by:dpacheco
Comment Utility
The company that they send thru is just telling me to whitelist the domain and the domain of the hosting company. That's not going to do any good so I've asked to speak with them or give me the IP addresses the email is front from though I'm not sure that will do any good either if it's on their end. I'll be out of town starting tomorrow for a few days so probably won't hear anything on this until next week. Thanks!
0
 
LVL 1

Author Comment

by:dpacheco
Comment Utility
I finally got IP addresses I've added to the Exchange approved IP list, so will wait until another email for this organization is sent. I'm doubtful it's making it to the server at all but we'll see. The company that manages the organization's email will not talk to me directly, only to board members of the organization.
0
 
LVL 1

Author Comment

by:dpacheco
Comment Utility
I'm not sure this issue is solved but we had a couple other people have bounce-backs, which said the MX records point to non-existent hosts or to IP addresses. A couple of months ago the marketing person decided to change name servers so the MX record had to be re-entered, we also moved off Trend Micro hosted email so pointed to their Exchange server. I sent them the info to make changes, point the MX to an A record but instead they pointed the MX to an IP address. I have no idea whether this was the problem with the emails from this professional organization since they had not received emails from this group as far back as July, before MX record changes. Anyway, I'm going to close this question as client doesn't want me to spend any more time on it.
0
 
LVL 27

Expert Comment

by:Steve
Comment Utility
fair enough. You've done your best.

In response to the new info you have, with the IP mail is coming from you could now look in the logs to confirm if their server ever did successfully connect to your system (assuming your logs go back far enough)

Your concerns with your nameserver & MX record are definitely work checking into though as that was one of the options I mentioned above. If there is an issue with your MX records you could be missing messages from numerous companies without even knowing.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 1

Author Comment

by:dpacheco
Comment Utility
You're right totallytonto you did mention checking our MX records. Even though the issue is not resolved I think I should award you some points because it's likely that could be the issue. Also I think there's some good troubleshooting tips in this post.
0
 
LVL 24

Expert Comment

by:-MAS
Comment Utility
Did you try with https://testconnectivity.microsoft.com/
If not please test "Inbound SMTP Email" from the site and post the results.
It will help others understand the current setup.
0
 
LVL 1

Author Comment

by:dpacheco
Comment Utility
Yes, I did the connectivity test for inbound, this verified that the mx record was incorrectly pointing to the IP address instead of the A record.
0
 
LVL 24

Expert Comment

by:-MAS
Comment Utility
You will have to fix that first
0
 
LVL 1

Author Comment

by:dpacheco
Comment Utility
I have fixed it.
0
 
LVL 27

Expert Comment

by:Steve
Comment Utility
great stuff. glad it's sorted.
Was it the MX that caused it then?
0
 
LVL 1

Author Comment

by:dpacheco
Comment Utility
I don't know if it was the mx record because they started having a problem receiving from this organization in the beginning of July. The change to mx record happened at the end of August. These emails are sent automatically by a service so we have to wait for the next one, they won't send a test.
0
 
LVL 1

Author Comment

by:dpacheco
Comment Utility
So, yesterday the organization sent an email and it was received by 3 users. I still am not sure whether the MX record was the entire problem as they had not been able to receive from this org before MX record was set to IP address. At that time they were on Trend Micro Hosted email but since I no one mentioned an issue receiving I'm guessing it was being filtering by TM. Anyway, the problem looks to be solved.
0
 
LVL 1

Author Closing Comment

by:dpacheco
Comment Utility
The suggestion to check our MX record pointed me in the right direction and helped eliminate other things as the cause. Thanks!
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now