Solved

Exchange Server 2007 being able to receive emails but other recipients reject ours

Posted on 2014-12-17
25
231 Views
Last Modified: 2014-12-18
Exchange Server 2007 being able to receive emails but other recipients reject ours, SSL 3.0 has been disabled but same issue!

I am trying to find out why our Outlook 2007 accounts are being able to receive emails from outside but when we send emails to some clients. The emails are coming back as rejected.

I noticed the Application logs in our server are reporting warnings:

MSExchangeTransport Error 12015

I have disabled the the SSL 3.0 from the server an restarted it but same issue please help.
0
Comment
Question by:Alejandro Acevedo
  • 14
  • 6
  • 2
  • +2
25 Comments
 
LVL 8

Expert Comment

by:tshearon
Comment Utility
Can you provide more information? Such as the NDR you are receiving?
0
 

Author Comment

by:Alejandro Acevedo
Comment Utility
Email are being returned with the following message:

Delivery has failed to these recipients or distribution list:

An Error occured while trying to deliver this message to the recipient's e-mail address, Microsoft Exchange will not try to redeliver this message for you...

The following organization rejected your message: server-???????....com
0
 

Author Comment

by:Alejandro Acevedo
Comment Utility
The organization rejecting the emails are random. I first was thinking they rejected because SSL 3.0 but i have disabled that already in the server [reg edit]
0
 
LVL 8

Expert Comment

by:tshearon
Comment Utility
Are they giving a reason for rejection? Have you checked blacklists for your mail domain?

http://mxtoolbox.com/blacklists.aspx
0
 
LVL 30

Expert Comment

by:Gareth Gudger
Comment Utility
Sounds like you are on a blacklist like tshearon mentioned.

Can you check the message queues in Exchange? There are probably some messages stuck in there right now. See if the messages have an error code under the Retry column.
0
 

Author Comment

by:Alejandro Acevedo
Comment Utility
Message count is zero in Submission Queue
0
 
LVL 30

Expert Comment

by:Gareth Gudger
Comment Utility
All other queues empty?
0
 

Author Comment

by:Alejandro Acevedo
Comment Utility
BlackListTollBox is all green with my mail.domain??.com
0
 

Author Comment

by:Alejandro Acevedo
Comment Utility
The only Qeue I see is Submission
0
 

Author Comment

by:Alejandro Acevedo
Comment Utility
The only Qeue I see is Submission
0
 
LVL 30

Expert Comment

by:Gareth Gudger
Comment Utility
Going  back to the error you posted, do you have an Edge server in the environment as well?

Check this article. Sounds like an internal transport certificate expired. They document creating a new self-signed certificate for transport.
http://www.microsoft.com/technet/support/ee/transform.aspx?ProdName=Exchange&ProdVer=8.0&EvtID=12015&EvtSrc=MSExchangeTransport
0
 

Author Comment

by:Alejandro Acevedo
Comment Utility
I run the command to renew the certificate. Should I restart the server after that?

I am also getting the following in Check Test SMTP BlackBox

      SMTP Reverse DNS Mismatch      Warning - Reverse DNS does not match SMTP Banner       More Info
      SMTP Transaction Time      7.691 seconds - Warning on Transaction Time
0
Shouldn't all users have the same email signature?

You wouldn't let your users design their own business cards, would you? So, why do you let them design their own email signatures? Think of the damage they could be doing to your brand reputation! Choose the easy way to manage set up and add email signatures for all users.

 
LVL 30

Expert Comment

by:Gareth Gudger
Comment Utility
I run the command to renew the certificate. Should I restart the server after that?

The document says to just restart the EdgeSync service, assuming you have an Edge server. If not, I would just restart the Hub Transport Service.


SMTP Reverse DNS Mismatch      Warning - Reverse DNS does not match SMTP Banner       More Info

Do you know what IP your mail server sends out on? It might be that whatever IP you send out on is not configured with the correct reverse DNS name. This is normally a change your ISP will need to make. Basically, the IP you send out on needs to have a reverse DNS record that matches your SMTP banner. So, for example, if your banner is mail.yourdomain.com, then you need to make sure this IP resolves back to mail.yourdomain.com as well.
0
 
LVL 6

Expert Comment

by:ajeab
Comment Utility
it's RDNS problem.  
you will need to contact your ISP to create reverse DNS record that match your email domain name.  (mail.company.com)
0
 

Author Comment

by:Alejandro Acevedo
Comment Utility
I have checked the banner with Time Warner and they confirmed the domain matches the current Static IP in use as gateway.
0
 

Author Comment

by:Alejandro Acevedo
Comment Utility
I have done a nslookup and DNS is timed out. "request to unknown timed-out"
0
 

Author Comment

by:Alejandro Acevedo
Comment Utility
DNS Stuff Report:

FAIL
SOA record check      No nameservers provided an SOA record for the zone. You should configure your nameservers to have a master slave relationship. The update of the zone information to the slave nameservers should be handled through the SOA record.
MX
Status      Test Name      Information

FAIL
MX records check      No MX records exist within the zone. This is legal, but if you want to receive E-mail on this domain, you should have MX record(s). The program can't continue in a case like this, so we are assuming you don't receive mail on this domain.

The funny part is that I can receive emails but ours are rejected.
0
 

Author Comment

by:Alejandro Acevedo
Comment Utility
I am doing a PTR Lookup in the IP and is not returning the mail.domain.com, is giving me a Time Warner domain instead. I will be calling TW again tomorrow to double check.

SMTP Reverse DNS Mismatch      Warning - Reverse DNS does not match SMTP Banner
0
 
LVL 20

Accepted Solution

by:
SatyaPathak earned 166 total points
Comment Utility
0
 

Author Comment

by:Alejandro Acevedo
Comment Utility
I sent an email from one of the domain accounts to my google account. The email when to spam folder.

I am getting the following spf fail:

Authentication-Results: mx.google.com;
       spf=fail (google.com: domain of user@domain.com does not designate 99.99.999.999 as permitted sender) smtp.mail=user@domain.com

The domain is managed by GoDaddy. Any specify instruction to fix this spf issue and make my IP as permitted sender?
0
 
LVL 6

Assisted Solution

by:ajeab
ajeab earned 167 total points
Comment Utility
go to godaddy and create spf on your domain dns

use following link as guide

http://www.mail-tester.com/spf/godaddy
http://technet.microsoft.com/en-us/library/dn789058%28v=exchg.150%29.aspx
0
 
LVL 30

Assisted Solution

by:Gareth Gudger
Gareth Gudger earned 167 total points
Comment Utility
Log into GoDaddy.com and check your DNS zone with them. You will see a TXT record that starts SPF=. That record needs to permit your external IP to send email on.

Microsoft has a syntax wizard to help you build proper syntax for the SPF record here.
http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/

Lastly, you definitely need to get that RDNS record fixed with your ISP.
0
 

Author Comment

by:Alejandro Acevedo
Comment Utility
The wizard did not work, it is under maintenance. I was able to update the TXT record:

v=spf1 ip4:XX.XX.XXX.178 include:spf.XXXXXX.outlook.com -all

I hope it does not take much to broadcast new configuration!
0
 
LVL 30

Expert Comment

by:Gareth Gudger
Comment Utility
Just a matter of DNS propagation now. Could take up to 72 hours. Any luck getting that RDNS record created with your ISP? I notice you also list Outlook.com. Are you using Exchange Online Protection?
0
 

Author Closing Comment

by:Alejandro Acevedo
Comment Utility
Thanks, you guys rock!!
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Not sure what the best email signature size is? Are you worried about email signature image size? Follow this best practice guide.
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
Familiarize people with the process of utilizing SQL Server stored procedures from within Microsoft Access. Microsoft Access is a very powerful client/server development tool. One of the SQL Server objects that you can interact with from within Micr…
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now