email to aol.com held in Exchange 2010 queue

We have a single Microsoft SBS2011 running Exchange 2010, using DNS rather than a smart host for communications. All was working well.

We have just changed our public ip address, which we thought we had configured correctly, however, we find that whenever we send mail to *@aol.com the mail just sits in a queue in the exchange server with READY status.

The messages are just building up.

Can anyone advise why this would happen after an IP address change, and what we need to resolve it?

Any help would be very much appreciated.

Many thanks
LVL 1
nigelbeatsonAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Mark BillExchange, AD, SQL, VMware, HPE, 3PAR, FUD, Anti MS Tekhnet, Pro EE, #1Commented:
This is the wrong Exchange configuration for your server, its actually a huge hole in your network im going to post a solution i posted for another guy with the same question below.
0
Mark BillExchange, AD, SQL, VMware, HPE, 3PAR, FUD, Anti MS Tekhnet, Pro EE, #1Commented:
http://www.experts-exchange.com/questions/28692421/DNS-Query-failed.html

Would like to reiterate what I said in the above thread, mail servers need to be sending and receiving through a smart host, preferably a third party smart host like the ones mentioned in the above link, if you are going to insist on using a different way of sending and receiving mail use your ISP smart host would be my recommendation.(although I would not recommend this to a 3 man business keep that in mind)

hope this helps.
0
HariomExchange ExpertsCommented:
First find the mx of aol.com then send e-mail to aol.com using telnet from your server and check the results.

steps from exchange server :-

nslookup
set q=mx
aol.com
you will get domain mx of aol.com

telnet to aol mx server on 25 port (telnet mailin-01.mx.aol.com 25)
try to send test e-mail and post the results.

Also following tool is available to test your server smtp.

If you are facing issues where your outgoing Emails are consistently rejected by other servers or land up in Junk Email or SPAM folders of the recipient mail box, this test can help you in identifying the problems.

Testing Process

Send an Email to test@allaboutspam.com
That email will bounce with a URL in the bounce messge.
Either click on the URL or Copy/paste the URL in a browser.
You will see report on your Email Server.
0
What were the top attacks of Q1 2018?

The Threat Lab team analyzes data from WatchGuard’s Firebox Feed, internal and partner threat intelligence, and a research honeynet, to provide insightful analysis about the top threats on the Internet. Check out our Q1 2018 report for smart, practical security advice today!

nigelbeatsonAuthor Commented:
Many thanks, Here are the results :-

> set q=mx
> aol.com
Server:  UnKnown
Address:  fe80::1ed6:a39c:830a:4c92

Non-authoritative answer:
aol.com MX preference = 15, mail exchanger = mailin-02.mx.aol.com
aol.com MX preference = 15, mail exchanger = mailin-03.mx.aol.com
aol.com MX preference = 15, mail exchanger = mailin-04.mx.aol.com
aol.com MX preference = 15, mail exchanger = mailin-01.mx.aol.com

mailin-02.mx.aol.com    internet address = 152.163.0.99
mailin-02.mx.aol.com    internet address = 152.163.0.100
mailin-02.mx.aol.com    internet address = 64.12.88.163
mailin-02.mx.aol.com    internet address = 64.12.88.164
mailin-02.mx.aol.com    internet address = 64.12.91.195
mailin-02.mx.aol.com    internet address = 152.163.0.68
mailin-03.mx.aol.com    internet address = 152.163.0.100
mailin-03.mx.aol.com    internet address = 64.12.88.163
mailin-03.mx.aol.com    internet address = 64.12.88.164
mailin-03.mx.aol.com    internet address = 64.12.91.196
mailin-03.mx.aol.com    internet address = 152.163.0.67
mailin-03.mx.aol.com    internet address = 152.163.0.99
mailin-04.mx.aol.com    internet address = 152.163.0.67
mailin-04.mx.aol.com    internet address = 152.163.0.68
mailin-04.mx.aol.com    internet address = 152.163.0.100
mailin-04.mx.aol.com    internet address = 64.12.88.131
mailin-04.mx.aol.com    internet address = 64.12.88.132
mailin-04.mx.aol.com    internet address = 64.12.91.196
>



Hope that helps thanks
0
nigelbeatsonAuthor Commented:
Just had this bounce back from a test mail sent earlier....

username@aol.com
avasout06 #550 <username@aol.com> recipient rejected - relay denied ##

Does this help.

Will aol reject email because we have changed our public IP? Do we need to switch from using dns to a smart host instead?


Many thanks
0
HariomExchange ExpertsCommented:
I think because of your public ip change your e-mails are stucking on queue

Since AOL does reverse DNS lookup on the mail server sending the email you need to make sure your reverse lookup is ok

To check you can use following tool and make sure your reverse lookup is set correcly

http://mxtoolbox.com/diagnostic.aspx

Ref : http://arstechnica.com/civis/viewtopic.php?t=104719
0
HariomExchange ExpertsCommented:
There is no need at all to switch to smarthost using DNS we can safely send e-mails without issues.
0
Mark BillExchange, AD, SQL, VMware, HPE, 3PAR, FUD, Anti MS Tekhnet, Pro EE, #1Commented:
I disagree with Viralr and refer to my link I initially posted. It is highly insecure to send and receive mail directly over the internet.
0
nigelbeatsonAuthor Commented:
I am a little confused gentlemen. Not sure what to think about this.

However, one thing is apparent, we do need to change our reverse DNS at is still set to our old public IP

Many thanks
0
Andy MInternal Systems ManagerCommented:
AOL rejects connections any email server that doesn't have a valid reverse dns -I've had to sort this out for a number of our clients. As you've already noted that your reverse dns points to your old IP this will likely be the case for the problem and getting that changed would be the first step.

Regarding other comments, yes, sending email through a dedicated 3rd party filtering system is preferable these days (as they can do spam and anti-virus filtering) but this should not be confused with a bog-standard smart host and is no excuse to not secure your own system against possible virus and spam intrusion.
Some smart hosts are just literally someone who forwards your emails onto the internet, no filtering, no AV scanning, etc and when something goes wrong at that side, you are at their mercy to get emails working again - these are no more secure than having your own email server setup correctly to send emails out to the internet.
If you decide to use a smart host you should look at what features they offer and what sort of support/uptime they have.  Generally I avoid using ISP smart hosts if possible because they rarely offer any additional protection to emails than sending out to the internet directly.
0
Simon Butler (Sembee)ConsultantCommented:
"It is highly insecure to send and receive mail directly over the internet. "

"Would like to reiterate what I said in the above thread, mail servers need to be sending and receiving through a smart host, preferably a third party smart host like the ones mentioned in the above link, if you are going to insist on using a different way of sending and receiving mail use your ISP smart host would be my recommendation"

I don't think I have ever seen such poor advice posted on this site for such a long time.

The only time it is good to use a smart host is if you are using a host spam filtering service. And only then if they actually do anything with the traffic (for example to learn about your email flow).

Otherwise why is it dangerous? What is different between me sending email directly from a correctly configured server and connection and sending via a smart host?

Shall I tell one of my clients - one of the major UK banks that they are sending their email wrong? What about a major fast food retailer? How about a premium car brand? Are they doing it wrong as well?

As for the advice to send via the ISPs smart host - I have had more problems with ISP smart hosts than anything else. You loose complete control over your email flow, have no troubleshooting and cannot prove the email was delivered. For most ISPs their smart host is a bolt on service. I have seen what they do for email and I would never trust an ISP with an email ever again. I know of an ISP where their smart host server is backed up by a UPS and generator and the admin will admit that if the server goes down, it will not come back again.

It is always best practise to send email directly, has been for many years and that has not changed. It allows you to use TLS, whether opportunist or as increasingly required in the finance and health industries, mandatory TLS, without depending on another service to use TLS for both parts and crucially for internal email flow.

To the OP - check that you have a valid PTR on the external IP address, that resolves to the correct A record. Check the AOL postmaster site at http://postmaster.aol.com/ for more information. AOL are very picky on who they accept email from.

If you are stuck with a dynamic IP (or are in a range that the ISP claims is dynamic even though you have a static) then you will have to use a smart host for delivery. I would use a third party one and be selective with it using a dedicated connector.

Simon.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
nigelbeatsonAuthor Commented:
Thanks to all
0
Mark BillExchange, AD, SQL, VMware, HPE, 3PAR, FUD, Anti MS Tekhnet, Pro EE, #1Commented:
"It is highly insecure to send and receive mail directly over the internet. "

"Would like to reiterate what I said in the above thread, mail servers need to be sending and receiving through a smart host, preferably a third party smart host like the ones mentioned in the above link, if you are going to insist on using a different way of sending and receiving mail use your ISP smart host would be my recommendation"

I don't think I have ever seen such poor advice posted on this site for such a long time.

The only time it is good to use a smart host is if you are using a host spam filtering service. And only then if they actually do anything with the traffic (for example to learn about your email flow).

Otherwise why is it dangerous? What is different between me sending email directly from a correctly configured server and connection and sending via a smart host?

------

I think the bolded line is particularly hillarious tbh.

Ok, so you think companies should be sending mails directly in and out of there firewall? I dont, plenty of people agree.

What about companies getting blacklisted? viruses coming in through your firewall? what about the facts this prevents spambots many of which are undetectable? you do know that right?
Im sure the only reason a bank are sending email straight over the internet

your arrogant and petulant response is pretty awful tbh. Leaves a poor taste in ones mouth for someone who is one of the best on here technically shame that.

Customers and companies should not be sending mail straight out of there network onto the internet, your reasoning for this is domain resolution ok. From the pro and con list of mine vs yours I win. Might want to check your reading comprehension to mate, I never advised using isp smarthosts primarilty so you can come down of your high horse or mouse whichever one your on.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.