Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Exchange Server 2007 being able to receive emails but other recipients reject ours

Posted on 2014-12-17
25
Medium Priority
?
261 Views
Last Modified: 2014-12-18
Exchange Server 2007 being able to receive emails but other recipients reject ours, SSL 3.0 has been disabled but same issue!

I am trying to find out why our Outlook 2007 accounts are being able to receive emails from outside but when we send emails to some clients. The emails are coming back as rejected.

I noticed the Application logs in our server are reporting warnings:

MSExchangeTransport Error 12015

I have disabled the the SSL 3.0 from the server an restarted it but same issue please help.
0
Comment
Question by:Alejandro Acevedo
  • 14
  • 6
  • 2
  • +2
25 Comments
 
LVL 8

Expert Comment

by:tshearon
ID: 40506060
Can you provide more information? Such as the NDR you are receiving?
0
 

Author Comment

by:Alejandro Acevedo
ID: 40506092
Email are being returned with the following message:

Delivery has failed to these recipients or distribution list:

An Error occured while trying to deliver this message to the recipient's e-mail address, Microsoft Exchange will not try to redeliver this message for you...

The following organization rejected your message: server-???????....com
0
 

Author Comment

by:Alejandro Acevedo
ID: 40506099
The organization rejecting the emails are random. I first was thinking they rejected because SSL 3.0 but i have disabled that already in the server [reg edit]
0
Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

 
LVL 8

Expert Comment

by:tshearon
ID: 40506115
Are they giving a reason for rejection? Have you checked blacklists for your mail domain?

http://mxtoolbox.com/blacklists.aspx
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 40506166
Sounds like you are on a blacklist like tshearon mentioned.

Can you check the message queues in Exchange? There are probably some messages stuck in there right now. See if the messages have an error code under the Retry column.
0
 

Author Comment

by:Alejandro Acevedo
ID: 40506194
Message count is zero in Submission Queue
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 40506198
All other queues empty?
0
 

Author Comment

by:Alejandro Acevedo
ID: 40506199
BlackListTollBox is all green with my mail.domain??.com
0
 

Author Comment

by:Alejandro Acevedo
ID: 40506203
The only Qeue I see is Submission
0
 

Author Comment

by:Alejandro Acevedo
ID: 40506204
The only Qeue I see is Submission
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 40506205
Going  back to the error you posted, do you have an Edge server in the environment as well?

Check this article. Sounds like an internal transport certificate expired. They document creating a new self-signed certificate for transport.
http://www.microsoft.com/technet/support/ee/transform.aspx?ProdName=Exchange&ProdVer=8.0&EvtID=12015&EvtSrc=MSExchangeTransport
0
 

Author Comment

by:Alejandro Acevedo
ID: 40506211
I run the command to renew the certificate. Should I restart the server after that?

I am also getting the following in Check Test SMTP BlackBox

      SMTP Reverse DNS Mismatch      Warning - Reverse DNS does not match SMTP Banner       More Info
      SMTP Transaction Time      7.691 seconds - Warning on Transaction Time
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 40506218
I run the command to renew the certificate. Should I restart the server after that?

The document says to just restart the EdgeSync service, assuming you have an Edge server. If not, I would just restart the Hub Transport Service.


SMTP Reverse DNS Mismatch      Warning - Reverse DNS does not match SMTP Banner       More Info

Do you know what IP your mail server sends out on? It might be that whatever IP you send out on is not configured with the correct reverse DNS name. This is normally a change your ISP will need to make. Basically, the IP you send out on needs to have a reverse DNS record that matches your SMTP banner. So, for example, if your banner is mail.yourdomain.com, then you need to make sure this IP resolves back to mail.yourdomain.com as well.
0
 
LVL 6

Expert Comment

by:ajeab
ID: 40506263
it's RDNS problem.  
you will need to contact your ISP to create reverse DNS record that match your email domain name.  (mail.company.com)
0
 

Author Comment

by:Alejandro Acevedo
ID: 40506290
I have checked the banner with Time Warner and they confirmed the domain matches the current Static IP in use as gateway.
0
 

Author Comment

by:Alejandro Acevedo
ID: 40506292
I have done a nslookup and DNS is timed out. "request to unknown timed-out"
0
 

Author Comment

by:Alejandro Acevedo
ID: 40506318
DNS Stuff Report:

FAIL
SOA record check      No nameservers provided an SOA record for the zone. You should configure your nameservers to have a master slave relationship. The update of the zone information to the slave nameservers should be handled through the SOA record.
MX
Status      Test Name      Information

FAIL
MX records check      No MX records exist within the zone. This is legal, but if you want to receive E-mail on this domain, you should have MX record(s). The program can't continue in a case like this, so we are assuming you don't receive mail on this domain.

The funny part is that I can receive emails but ours are rejected.
0
 

Author Comment

by:Alejandro Acevedo
ID: 40506325
I am doing a PTR Lookup in the IP and is not returning the mail.domain.com, is giving me a Time Warner domain instead. I will be calling TW again tomorrow to double check.

SMTP Reverse DNS Mismatch      Warning - Reverse DNS does not match SMTP Banner
0
 
LVL 20

Accepted Solution

by:
Satya Pathak earned 664 total points
ID: 40506557
0
 

Author Comment

by:Alejandro Acevedo
ID: 40507247
I sent an email from one of the domain accounts to my google account. The email when to spam folder.

I am getting the following spf fail:

Authentication-Results: mx.google.com;
       spf=fail (google.com: domain of user@domain.com does not designate 99.99.999.999 as permitted sender) smtp.mail=user@domain.com

The domain is managed by GoDaddy. Any specify instruction to fix this spf issue and make my IP as permitted sender?
0
 
LVL 6

Assisted Solution

by:ajeab
ajeab earned 668 total points
ID: 40507471
go to godaddy and create spf on your domain dns

use following link as guide

http://www.mail-tester.com/spf/godaddy
http://technet.microsoft.com/en-us/library/dn789058%28v=exchg.150%29.aspx
0
 
LVL 31

Assisted Solution

by:Gareth Gudger
Gareth Gudger earned 668 total points
ID: 40507477
Log into GoDaddy.com and check your DNS zone with them. You will see a TXT record that starts SPF=. That record needs to permit your external IP to send email on.

Microsoft has a syntax wizard to help you build proper syntax for the SPF record here.
http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/

Lastly, you definitely need to get that RDNS record fixed with your ISP.
0
 

Author Comment

by:Alejandro Acevedo
ID: 40508284
The wizard did not work, it is under maintenance. I was able to update the TXT record:

v=spf1 ip4:XX.XX.XXX.178 include:spf.XXXXXX.outlook.com -all

I hope it does not take much to broadcast new configuration!
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 40508390
Just a matter of DNS propagation now. Could take up to 72 hours. Any luck getting that RDNS record created with your ISP? I notice you also list Outlook.com. Are you using Exchange Online Protection?
0
 

Author Closing Comment

by:Alejandro Acevedo
ID: 40508465
Thanks, you guys rock!!
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

On September 18, Experts Exchange launched the first installment of the Help Bell, a new feature for Premium Members, Team Accounts, and Qualified Experts. The Help Bell will serve as an additional tool to help teams increase question visibility.
Steps to fix “Unable to mount database. (hr=0x80004005, ec=1108)”.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Suggested Courses

926 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question