Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

exchange 2010 FQDN problem in Message-id

Posted on 2016-09-06
3
Medium Priority
?
95 Views
Last Modified: 2016-09-11
Something happened to my exchange 2010-server, and we're getting "sender IP must resolve" -errors from all over.

The problem is, that I have FQDN set as mail.mydomain.com, but nevertheless in message it shows as servername.mydomain.local (you can see from attached picture and the message header below)

Whatever I put there, it simply keeps pushing out the .local in message-id, and we keep being blocked in antispam.

How do I change that? I'm pretty positive that the root cause for the error message is this .local thing.

Our MX-records for the domain:

mx 1 mail.mydomain.com
mx 10 mail.backupdomain.com
TXT       mydomain.com.       v=spf1 a mx


And here's the message header


Received: from myserver.mydomain.local ([fe80::a9ff:d115:132c:5db3]) by
 myserver.mydomain.local ([fe80::a9ff:d115:132c:5db3%28]) with mapi id
 14.03.0123.003; Wed, 7 Sep 2016 00:52:42 +0300
From: "Me" <address>
To: "TestDude" <address>
Subject: test
Thread-Topic: test
Thread-Index: AdIIiPoMQiQ24arUSU2tIVQ6ZGSnZQ==
Date: Tue, 6 Sep 2016 21:52:41 +0000
Message-ID: <3766E2CABFB74944ACC400AC41D1AAACAF6442E2@myserver2.mydomain.local>
Accept-Language: fi-FI, en-US
Content-Language: fi-FI
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [92.159.55.22]
Content-Type: multipart/alternative;
 boundary="_000_3766E2CABFB74944ACC400AC41D1AAACAF6442E2myserverre_"
MIME-Version: 1.0
fqdnconf.png
0
Comment
Question by:Jarkko Jokelainen
  • 2
3 Comments
 
LVL 44

Accepted Solution

by:
Adam Brown earned 2000 total points
ID: 41787126
The @myserver.mydomain.local stuff in there is Exchange Specific internal routing data that spam filters will ignore.

"Sender IP must resolve" means that you don't have Reverse DNS PTR record associated with the public IP address of your Exchange server. You have to contact your ISP and request that they create a PTR record for your IP address that resolves to mydomain.com or mail.mydomain.com.

Many spam filters are set to require a Reverse DNS lookup on any IP addresses that send messages to them. They don't generally pay attention to EHLO or HELO FQDNs because that information is very easily spoofed. The only data that can't be easily spoofed is the IP source, so the filters will attempt to do a Reverse DNS lookup against the IP address. If the lookup doesn't resolve a host name that matches the email domain, the message will be blocked if the spam filter is set to do so.

Edit to add: You can do a reverse DNS lookup by running nslookup <ip address> in CMD. The IP in your post 92.159.55.22 resolves to aaubervilliers-791-1-8-22.w92-159.abo.wanadoo.fr, which is the ISP's default PTR record. You have to get them to change that to match your mail domain.
0
 

Author Comment

by:Jarkko Jokelainen
ID: 41793556
The IP I gave in this description was just a random one, not the one the server uses.
HOWEVER: I decided to check one more time. External IP address was changed slightly, without me knowing it ... Was damn sure the PTR record existed, because I had requested it myself ... Oh well.
0
 

Author Closing Comment

by:Jarkko Jokelainen
ID: 41793557
IP was changed without my knowledge
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There can be many situations demanding the conversion of Outlook OST files to PST format and as such, there is no shortage of automated tools to perform this conversion. However, what makes Stellar OST to PST converter stand above the rest? Let us e…
This article will help to fix the below errors for MS Exchange Server 2016 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…
Suggested Courses

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question