Solved

Exchange Server 2007 being able to receive emails but other recipients reject ours

Posted on 2014-12-17
25
232 Views
Last Modified: 2014-12-18
Exchange Server 2007 being able to receive emails but other recipients reject ours, SSL 3.0 has been disabled but same issue!

I am trying to find out why our Outlook 2007 accounts are being able to receive emails from outside but when we send emails to some clients. The emails are coming back as rejected.

I noticed the Application logs in our server are reporting warnings:

MSExchangeTransport Error 12015

I have disabled the the SSL 3.0 from the server an restarted it but same issue please help.
0
Comment
Question by:Alejandro Acevedo
  • 14
  • 6
  • 2
  • +2
25 Comments
 
LVL 8

Expert Comment

by:tshearon
ID: 40506060
Can you provide more information? Such as the NDR you are receiving?
0
 

Author Comment

by:Alejandro Acevedo
ID: 40506092
Email are being returned with the following message:

Delivery has failed to these recipients or distribution list:

An Error occured while trying to deliver this message to the recipient's e-mail address, Microsoft Exchange will not try to redeliver this message for you...

The following organization rejected your message: server-???????....com
0
 

Author Comment

by:Alejandro Acevedo
ID: 40506099
The organization rejecting the emails are random. I first was thinking they rejected because SSL 3.0 but i have disabled that already in the server [reg edit]
0
 
LVL 8

Expert Comment

by:tshearon
ID: 40506115
Are they giving a reason for rejection? Have you checked blacklists for your mail domain?

http://mxtoolbox.com/blacklists.aspx
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 40506166
Sounds like you are on a blacklist like tshearon mentioned.

Can you check the message queues in Exchange? There are probably some messages stuck in there right now. See if the messages have an error code under the Retry column.
0
 

Author Comment

by:Alejandro Acevedo
ID: 40506194
Message count is zero in Submission Queue
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 40506198
All other queues empty?
0
 

Author Comment

by:Alejandro Acevedo
ID: 40506199
BlackListTollBox is all green with my mail.domain??.com
0
 

Author Comment

by:Alejandro Acevedo
ID: 40506203
The only Qeue I see is Submission
0
 

Author Comment

by:Alejandro Acevedo
ID: 40506204
The only Qeue I see is Submission
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 40506205
Going  back to the error you posted, do you have an Edge server in the environment as well?

Check this article. Sounds like an internal transport certificate expired. They document creating a new self-signed certificate for transport.
http://www.microsoft.com/technet/support/ee/transform.aspx?ProdName=Exchange&ProdVer=8.0&EvtID=12015&EvtSrc=MSExchangeTransport
0
 

Author Comment

by:Alejandro Acevedo
ID: 40506211
I run the command to renew the certificate. Should I restart the server after that?

I am also getting the following in Check Test SMTP BlackBox

      SMTP Reverse DNS Mismatch      Warning - Reverse DNS does not match SMTP Banner       More Info
      SMTP Transaction Time      7.691 seconds - Warning on Transaction Time
0
Free book by J.Peter Bruzzese, Microsoft MVP

Are you using Office 365? Trying to set up email signatures but you’re struggling with transport rules and connectors? Let renowned Microsoft MVP J.Peter Bruzzese show you how in this exclusive e-book on Office 365 email signatures. Better yet, it’s free!

 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 40506218
I run the command to renew the certificate. Should I restart the server after that?

The document says to just restart the EdgeSync service, assuming you have an Edge server. If not, I would just restart the Hub Transport Service.


SMTP Reverse DNS Mismatch      Warning - Reverse DNS does not match SMTP Banner       More Info

Do you know what IP your mail server sends out on? It might be that whatever IP you send out on is not configured with the correct reverse DNS name. This is normally a change your ISP will need to make. Basically, the IP you send out on needs to have a reverse DNS record that matches your SMTP banner. So, for example, if your banner is mail.yourdomain.com, then you need to make sure this IP resolves back to mail.yourdomain.com as well.
0
 
LVL 6

Expert Comment

by:ajeab
ID: 40506263
it's RDNS problem.  
you will need to contact your ISP to create reverse DNS record that match your email domain name.  (mail.company.com)
0
 

Author Comment

by:Alejandro Acevedo
ID: 40506290
I have checked the banner with Time Warner and they confirmed the domain matches the current Static IP in use as gateway.
0
 

Author Comment

by:Alejandro Acevedo
ID: 40506292
I have done a nslookup and DNS is timed out. "request to unknown timed-out"
0
 

Author Comment

by:Alejandro Acevedo
ID: 40506318
DNS Stuff Report:

FAIL
SOA record check      No nameservers provided an SOA record for the zone. You should configure your nameservers to have a master slave relationship. The update of the zone information to the slave nameservers should be handled through the SOA record.
MX
Status      Test Name      Information

FAIL
MX records check      No MX records exist within the zone. This is legal, but if you want to receive E-mail on this domain, you should have MX record(s). The program can't continue in a case like this, so we are assuming you don't receive mail on this domain.

The funny part is that I can receive emails but ours are rejected.
0
 

Author Comment

by:Alejandro Acevedo
ID: 40506325
I am doing a PTR Lookup in the IP and is not returning the mail.domain.com, is giving me a Time Warner domain instead. I will be calling TW again tomorrow to double check.

SMTP Reverse DNS Mismatch      Warning - Reverse DNS does not match SMTP Banner
0
 
LVL 20

Accepted Solution

by:
Satya Pathak earned 166 total points
ID: 40506557
0
 

Author Comment

by:Alejandro Acevedo
ID: 40507247
I sent an email from one of the domain accounts to my google account. The email when to spam folder.

I am getting the following spf fail:

Authentication-Results: mx.google.com;
       spf=fail (google.com: domain of user@domain.com does not designate 99.99.999.999 as permitted sender) smtp.mail=user@domain.com

The domain is managed by GoDaddy. Any specify instruction to fix this spf issue and make my IP as permitted sender?
0
 
LVL 6

Assisted Solution

by:ajeab
ajeab earned 167 total points
ID: 40507471
go to godaddy and create spf on your domain dns

use following link as guide

http://www.mail-tester.com/spf/godaddy
http://technet.microsoft.com/en-us/library/dn789058%28v=exchg.150%29.aspx
0
 
LVL 31

Assisted Solution

by:Gareth Gudger
Gareth Gudger earned 167 total points
ID: 40507477
Log into GoDaddy.com and check your DNS zone with them. You will see a TXT record that starts SPF=. That record needs to permit your external IP to send email on.

Microsoft has a syntax wizard to help you build proper syntax for the SPF record here.
http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/

Lastly, you definitely need to get that RDNS record fixed with your ISP.
0
 

Author Comment

by:Alejandro Acevedo
ID: 40508284
The wizard did not work, it is under maintenance. I was able to update the TXT record:

v=spf1 ip4:XX.XX.XXX.178 include:spf.XXXXXX.outlook.com -all

I hope it does not take much to broadcast new configuration!
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 40508390
Just a matter of DNS propagation now. Could take up to 72 hours. Any luck getting that RDNS record created with your ISP? I notice you also list Outlook.com. Are you using Exchange Online Protection?
0
 

Author Closing Comment

by:Alejandro Acevedo
ID: 40508465
Thanks, you guys rock!!
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Utilizing an array to gracefully append to a list of EmailAddresses
MS Outlook is a world-class email client application that is mainly used for e-communication globally.  In this article, we will discuss the basic idea about MS Outlook, its advanced features, and types of MS Outlook File formats.
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

26 Experts available now in Live!

Get 1:1 Help Now