Solved

Exchange Server 2007 being able to receive emails but other recipients reject ours

Posted on 2014-12-17
25
244 Views
Last Modified: 2014-12-18
Exchange Server 2007 being able to receive emails but other recipients reject ours, SSL 3.0 has been disabled but same issue!

I am trying to find out why our Outlook 2007 accounts are being able to receive emails from outside but when we send emails to some clients. The emails are coming back as rejected.

I noticed the Application logs in our server are reporting warnings:

MSExchangeTransport Error 12015

I have disabled the the SSL 3.0 from the server an restarted it but same issue please help.
0
Comment
Question by:Alejandro Acevedo
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 14
  • 6
  • 2
  • +2
25 Comments
 
LVL 8

Expert Comment

by:tshearon
ID: 40506060
Can you provide more information? Such as the NDR you are receiving?
0
 

Author Comment

by:Alejandro Acevedo
ID: 40506092
Email are being returned with the following message:

Delivery has failed to these recipients or distribution list:

An Error occured while trying to deliver this message to the recipient's e-mail address, Microsoft Exchange will not try to redeliver this message for you...

The following organization rejected your message: server-???????....com
0
 

Author Comment

by:Alejandro Acevedo
ID: 40506099
The organization rejecting the emails are random. I first was thinking they rejected because SSL 3.0 but i have disabled that already in the server [reg edit]
0
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

 
LVL 8

Expert Comment

by:tshearon
ID: 40506115
Are they giving a reason for rejection? Have you checked blacklists for your mail domain?

http://mxtoolbox.com/blacklists.aspx
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 40506166
Sounds like you are on a blacklist like tshearon mentioned.

Can you check the message queues in Exchange? There are probably some messages stuck in there right now. See if the messages have an error code under the Retry column.
0
 

Author Comment

by:Alejandro Acevedo
ID: 40506194
Message count is zero in Submission Queue
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 40506198
All other queues empty?
0
 

Author Comment

by:Alejandro Acevedo
ID: 40506199
BlackListTollBox is all green with my mail.domain??.com
0
 

Author Comment

by:Alejandro Acevedo
ID: 40506203
The only Qeue I see is Submission
0
 

Author Comment

by:Alejandro Acevedo
ID: 40506204
The only Qeue I see is Submission
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 40506205
Going  back to the error you posted, do you have an Edge server in the environment as well?

Check this article. Sounds like an internal transport certificate expired. They document creating a new self-signed certificate for transport.
http://www.microsoft.com/technet/support/ee/transform.aspx?ProdName=Exchange&ProdVer=8.0&EvtID=12015&EvtSrc=MSExchangeTransport
0
 

Author Comment

by:Alejandro Acevedo
ID: 40506211
I run the command to renew the certificate. Should I restart the server after that?

I am also getting the following in Check Test SMTP BlackBox

      SMTP Reverse DNS Mismatch      Warning - Reverse DNS does not match SMTP Banner       More Info
      SMTP Transaction Time      7.691 seconds - Warning on Transaction Time
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 40506218
I run the command to renew the certificate. Should I restart the server after that?

The document says to just restart the EdgeSync service, assuming you have an Edge server. If not, I would just restart the Hub Transport Service.


SMTP Reverse DNS Mismatch      Warning - Reverse DNS does not match SMTP Banner       More Info

Do you know what IP your mail server sends out on? It might be that whatever IP you send out on is not configured with the correct reverse DNS name. This is normally a change your ISP will need to make. Basically, the IP you send out on needs to have a reverse DNS record that matches your SMTP banner. So, for example, if your banner is mail.yourdomain.com, then you need to make sure this IP resolves back to mail.yourdomain.com as well.
0
 
LVL 6

Expert Comment

by:ajeab
ID: 40506263
it's RDNS problem.  
you will need to contact your ISP to create reverse DNS record that match your email domain name.  (mail.company.com)
0
 

Author Comment

by:Alejandro Acevedo
ID: 40506290
I have checked the banner with Time Warner and they confirmed the domain matches the current Static IP in use as gateway.
0
 

Author Comment

by:Alejandro Acevedo
ID: 40506292
I have done a nslookup and DNS is timed out. "request to unknown timed-out"
0
 

Author Comment

by:Alejandro Acevedo
ID: 40506318
DNS Stuff Report:

FAIL
SOA record check      No nameservers provided an SOA record for the zone. You should configure your nameservers to have a master slave relationship. The update of the zone information to the slave nameservers should be handled through the SOA record.
MX
Status      Test Name      Information

FAIL
MX records check      No MX records exist within the zone. This is legal, but if you want to receive E-mail on this domain, you should have MX record(s). The program can't continue in a case like this, so we are assuming you don't receive mail on this domain.

The funny part is that I can receive emails but ours are rejected.
0
 

Author Comment

by:Alejandro Acevedo
ID: 40506325
I am doing a PTR Lookup in the IP and is not returning the mail.domain.com, is giving me a Time Warner domain instead. I will be calling TW again tomorrow to double check.

SMTP Reverse DNS Mismatch      Warning - Reverse DNS does not match SMTP Banner
0
 
LVL 20

Accepted Solution

by:
Satya Pathak earned 166 total points
ID: 40506557
0
 

Author Comment

by:Alejandro Acevedo
ID: 40507247
I sent an email from one of the domain accounts to my google account. The email when to spam folder.

I am getting the following spf fail:

Authentication-Results: mx.google.com;
       spf=fail (google.com: domain of user@domain.com does not designate 99.99.999.999 as permitted sender) smtp.mail=user@domain.com

The domain is managed by GoDaddy. Any specify instruction to fix this spf issue and make my IP as permitted sender?
0
 
LVL 6

Assisted Solution

by:ajeab
ajeab earned 167 total points
ID: 40507471
go to godaddy and create spf on your domain dns

use following link as guide

http://www.mail-tester.com/spf/godaddy
http://technet.microsoft.com/en-us/library/dn789058%28v=exchg.150%29.aspx
0
 
LVL 31

Assisted Solution

by:Gareth Gudger
Gareth Gudger earned 167 total points
ID: 40507477
Log into GoDaddy.com and check your DNS zone with them. You will see a TXT record that starts SPF=. That record needs to permit your external IP to send email on.

Microsoft has a syntax wizard to help you build proper syntax for the SPF record here.
http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/

Lastly, you definitely need to get that RDNS record fixed with your ISP.
0
 

Author Comment

by:Alejandro Acevedo
ID: 40508284
The wizard did not work, it is under maintenance. I was able to update the TXT record:

v=spf1 ip4:XX.XX.XXX.178 include:spf.XXXXXX.outlook.com -all

I hope it does not take much to broadcast new configuration!
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 40508390
Just a matter of DNS propagation now. Could take up to 72 hours. Any luck getting that RDNS record created with your ISP? I notice you also list Outlook.com. Are you using Exchange Online Protection?
0
 

Author Closing Comment

by:Alejandro Acevedo
ID: 40508465
Thanks, you guys rock!!
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
As tax season makes its return, so does the increase in cyber crime and tax refund phishing that comes with it
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question