Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 263
  • Last Modified:

Exchange Server 2007 being able to receive emails but other recipients reject ours

Exchange Server 2007 being able to receive emails but other recipients reject ours, SSL 3.0 has been disabled but same issue!

I am trying to find out why our Outlook 2007 accounts are being able to receive emails from outside but when we send emails to some clients. The emails are coming back as rejected.

I noticed the Application logs in our server are reporting warnings:

MSExchangeTransport Error 12015

I have disabled the the SSL 3.0 from the server an restarted it but same issue please help.
0
Alejandro Acevedo
Asked:
Alejandro Acevedo
  • 14
  • 6
  • 2
  • +2
3 Solutions
 
tshearonCommented:
Can you provide more information? Such as the NDR you are receiving?
0
 
Alejandro AcevedoSr. [.NET] Developer/Systems Analyst/ConsultantAuthor Commented:
Email are being returned with the following message:

Delivery has failed to these recipients or distribution list:

An Error occured while trying to deliver this message to the recipient's e-mail address, Microsoft Exchange will not try to redeliver this message for you...

The following organization rejected your message: server-???????....com
0
 
Alejandro AcevedoSr. [.NET] Developer/Systems Analyst/ConsultantAuthor Commented:
The organization rejecting the emails are random. I first was thinking they rejected because SSL 3.0 but i have disabled that already in the server [reg edit]
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
tshearonCommented:
Are they giving a reason for rejection? Have you checked blacklists for your mail domain?

http://mxtoolbox.com/blacklists.aspx
0
 
Gareth GudgerCommented:
Sounds like you are on a blacklist like tshearon mentioned.

Can you check the message queues in Exchange? There are probably some messages stuck in there right now. See if the messages have an error code under the Retry column.
0
 
Alejandro AcevedoSr. [.NET] Developer/Systems Analyst/ConsultantAuthor Commented:
Message count is zero in Submission Queue
0
 
Gareth GudgerCommented:
All other queues empty?
0
 
Alejandro AcevedoSr. [.NET] Developer/Systems Analyst/ConsultantAuthor Commented:
BlackListTollBox is all green with my mail.domain??.com
0
 
Alejandro AcevedoSr. [.NET] Developer/Systems Analyst/ConsultantAuthor Commented:
The only Qeue I see is Submission
0
 
Alejandro AcevedoSr. [.NET] Developer/Systems Analyst/ConsultantAuthor Commented:
The only Qeue I see is Submission
0
 
Gareth GudgerCommented:
Going  back to the error you posted, do you have an Edge server in the environment as well?

Check this article. Sounds like an internal transport certificate expired. They document creating a new self-signed certificate for transport.
http://www.microsoft.com/technet/support/ee/transform.aspx?ProdName=Exchange&ProdVer=8.0&EvtID=12015&EvtSrc=MSExchangeTransport
0
 
Alejandro AcevedoSr. [.NET] Developer/Systems Analyst/ConsultantAuthor Commented:
I run the command to renew the certificate. Should I restart the server after that?

I am also getting the following in Check Test SMTP BlackBox

      SMTP Reverse DNS Mismatch      Warning - Reverse DNS does not match SMTP Banner       More Info
      SMTP Transaction Time      7.691 seconds - Warning on Transaction Time
0
 
Gareth GudgerCommented:
I run the command to renew the certificate. Should I restart the server after that?

The document says to just restart the EdgeSync service, assuming you have an Edge server. If not, I would just restart the Hub Transport Service.


SMTP Reverse DNS Mismatch      Warning - Reverse DNS does not match SMTP Banner       More Info

Do you know what IP your mail server sends out on? It might be that whatever IP you send out on is not configured with the correct reverse DNS name. This is normally a change your ISP will need to make. Basically, the IP you send out on needs to have a reverse DNS record that matches your SMTP banner. So, for example, if your banner is mail.yourdomain.com, then you need to make sure this IP resolves back to mail.yourdomain.com as well.
0
 
ajeabCommented:
it's RDNS problem.  
you will need to contact your ISP to create reverse DNS record that match your email domain name.  (mail.company.com)
0
 
Alejandro AcevedoSr. [.NET] Developer/Systems Analyst/ConsultantAuthor Commented:
I have checked the banner with Time Warner and they confirmed the domain matches the current Static IP in use as gateway.
0
 
Alejandro AcevedoSr. [.NET] Developer/Systems Analyst/ConsultantAuthor Commented:
I have done a nslookup and DNS is timed out. "request to unknown timed-out"
0
 
Alejandro AcevedoSr. [.NET] Developer/Systems Analyst/ConsultantAuthor Commented:
DNS Stuff Report:

FAIL
SOA record check      No nameservers provided an SOA record for the zone. You should configure your nameservers to have a master slave relationship. The update of the zone information to the slave nameservers should be handled through the SOA record.
MX
Status      Test Name      Information

FAIL
MX records check      No MX records exist within the zone. This is legal, but if you want to receive E-mail on this domain, you should have MX record(s). The program can't continue in a case like this, so we are assuming you don't receive mail on this domain.

The funny part is that I can receive emails but ours are rejected.
0
 
Alejandro AcevedoSr. [.NET] Developer/Systems Analyst/ConsultantAuthor Commented:
I am doing a PTR Lookup in the IP and is not returning the mail.domain.com, is giving me a Time Warner domain instead. I will be calling TW again tomorrow to double check.

SMTP Reverse DNS Mismatch      Warning - Reverse DNS does not match SMTP Banner
0
 
Alejandro AcevedoSr. [.NET] Developer/Systems Analyst/ConsultantAuthor Commented:
I sent an email from one of the domain accounts to my google account. The email when to spam folder.

I am getting the following spf fail:

Authentication-Results: mx.google.com;
       spf=fail (google.com: domain of user@domain.com does not designate 99.99.999.999 as permitted sender) smtp.mail=user@domain.com

The domain is managed by GoDaddy. Any specify instruction to fix this spf issue and make my IP as permitted sender?
0
 
ajeabCommented:
go to godaddy and create spf on your domain dns

use following link as guide

http://www.mail-tester.com/spf/godaddy
http://technet.microsoft.com/en-us/library/dn789058%28v=exchg.150%29.aspx
0
 
Gareth GudgerCommented:
Log into GoDaddy.com and check your DNS zone with them. You will see a TXT record that starts SPF=. That record needs to permit your external IP to send email on.

Microsoft has a syntax wizard to help you build proper syntax for the SPF record here.
http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/

Lastly, you definitely need to get that RDNS record fixed with your ISP.
0
 
Alejandro AcevedoSr. [.NET] Developer/Systems Analyst/ConsultantAuthor Commented:
The wizard did not work, it is under maintenance. I was able to update the TXT record:

v=spf1 ip4:XX.XX.XXX.178 include:spf.XXXXXX.outlook.com -all

I hope it does not take much to broadcast new configuration!
0
 
Gareth GudgerCommented:
Just a matter of DNS propagation now. Could take up to 72 hours. Any luck getting that RDNS record created with your ISP? I notice you also list Outlook.com. Are you using Exchange Online Protection?
0
 
Alejandro AcevedoSr. [.NET] Developer/Systems Analyst/ConsultantAuthor Commented:
Thanks, you guys rock!!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 14
  • 6
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now