exchange 2010 receive connector FQDN

I have an exchange 2010 email server that has multiple domains.  the main domain that the server was created internally is with the main AD mail.xyz.com.   However I have another OU that has a domain of abcd.com.  That email sends and receives okay through out the internet.  However some email servers drop the emails because of mismatch smtp banners and reverse lookup dns.  I have the reverse lookup dns resolved but when I test my email server on mxtoolbox I get the smtp banner failed and I see the banner with the wrong domain.  The receive connector allows the enter to be null or just host name but I cannot change the FQDN to a domain that I would like nor could I define more that one domain.  

Does this mean that I will always be plagued with email servers that reject my emails?  

Most of the servers accept my emails, it just looks like some of the ones that check for relaying or think spam reject my emails.
Bulls-EyeAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Bulls-EyeAuthor Commented:
when a staff send emails to some people they get a error 550 please turn on SMTP authentication in your email client.  

it gives my external IP address is not permitted to relay 550 through this server without authentication.

received: from exchange.abc.com by mail.abc.com
Bulls-EyeAuthor Commented:
maybe this mail.abc.com needs to be mail.xyz.com?  is this all in the receive connectors?  
when I test the email server at mxtoolbox the only thing that fails is the smtp banner.
Jamie McKillopIT ManagerCommented:
Hello,

On the General page for each of your send connectors, there is a field for the FQDN. You need a DNS A record for this FQDN and that record needs to have the public IP of the source server(s) on the connector. If the connector has multiple source servers, either all those servers need to be NAT'ed out as the same IP or you will need to create separate send connectors for each source server. You then need to create a PTR record for each public IP that maps back to the A record.

Also, if you are using Sender ID, make sure you update your SPF records for each of your domains to include all your sending servers.

-JJ

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

Will SzymkowskiSenior Solution ArchitectCommented:
You also need to make sure that your MX records have the proper reverse (PTR) records in place (for all sending domains) to ensure that you are compliant on the internet and to avoide being flagged as a spammer.

As Jamie has stated as well making sure that an SPF record is in place to help ensure authenticity on the internet. But a MX record and reverse (PTR) record is a minimum.

Will.
Bulls-EyeAuthor Commented:
I believe my defined dns records are correct.  However, something is right that I am missing.  I am not sure about SPF records, I have not defined any.  

I have checked my dns entries for the domains.  The server is behind a firewall and have internal addresses.  I nat out for public IP's.  I also have my ISP put in reverse records for my public IP's.  When I use MXtool box everything checks out okay other than the banner.  

However when I do send myself an email to my private email I do see my main domain name in the header.  

In those 550 errors like I stated above "turn on SMTP authentication ... " what is the receiving server looking for that I am missing?  

also any one that I can call and get some remote consultation?
Bulls-EyeAuthor Commented:
I was missing SPF record in my domain service provider.  I entered a record and I will see if it works
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Email Servers

From novice to tech pro — start learning today.