Geforce
asked on
Unable to deliver message to Google..
Hi,
We are using web server to send emails to different users (gmail/hotmail/yahoo and other domains). Email related to daily stock exchange rate.
Everything is working fine except few (20 out of 150) gmail user didn't receive email and we received below NDR.
Domain (exacmple: abc.com.au) is configure on Exchange server 2016. When we send those emails via exchange server we didn't face any issue but when sending via web server we received below NDR.
More Information:
Exchange server have public IP and WebServer server also have public IP. Both servers are not same network. Exchange server in office and Web server on cloud {dedicated server (VPS)}. Please review the SPF record is fine? Kindly review the attach image from mxtoolbox related to SPF record.
v=spf1 ip4:exchange public IP/27 ip4:webserver public IP mx:abc.com.au ~all
Note:
I replace the exchange public IP, Same with Webserver public IP and domain name with abc.com.au
NDR:
This is an automatically generated Delivery Status Notification.
Unable to deliver message to the following recipients, due to being unable to connect successfully to the destination mail server.
user@gmail.com
Logs:
We are using web server to send emails to different users (gmail/hotmail/yahoo and other domains). Email related to daily stock exchange rate.
Everything is working fine except few (20 out of 150) gmail user didn't receive email and we received below NDR.
Domain (exacmple: abc.com.au) is configure on Exchange server 2016. When we send those emails via exchange server we didn't face any issue but when sending via web server we received below NDR.
More Information:
Exchange server have public IP and WebServer server also have public IP. Both servers are not same network. Exchange server in office and Web server on cloud {dedicated server (VPS)}. Please review the SPF record is fine? Kindly review the attach image from mxtoolbox related to SPF record.
v=spf1 ip4:exchange public IP/27 ip4:webserver public IP mx:abc.com.au ~all
Note:
I replace the exchange public IP, Same with Webserver public IP and domain name with abc.com.au
NDR:
This is an automatically generated Delivery Status Notification.
Unable to deliver message to the following recipients, due to being unable to connect successfully to the destination mail server.
user@gmail.com
Logs:
2019-01-16 00:16:17 74.125.129.26 OutboundConnectionCommand SMTPSVC1 SFWEBSERVER - 25 MAIL - FROM:<user@abc.com.au>+SIZE=6949 0 0 375 - -
2019-01-16 00:16:17 74.125.129.26 OutboundConnectionResponse SMTPSVC1 SFWEBSERVER - 25 - - 250+2.1.0+OK+d19si2567563iom.84+-+gsmtp 0 0 563 - -
2019-01-16 00:16:17 74.125.129.26 OutboundConnectionCommand SMTPSVC1 SFWEBSERVER - 25 RCPT - TO:<user@gmail.com> 0 0 563 - -
2019-01-16 00:16:18 74.125.129.26 OutboundConnectionResponse SMTPSVC1 SFWEBSERVER - 25 - - 250+2.1.5+OK+d19si2567563iom.84+-+gsmtp 0 0 907 - -
2019-01-16 00:16:18 74.125.129.26 OutboundConnectionCommand SMTPSVC1 SFWEBSERVER - 25 BDAT - 6949+LAST 0 0 907 - -
2019-01-16 00:16:18 74.125.129.26 OutboundConnectionResponse SMTPSVC1 SFWEBSERVER - 25 - - 421-4.7.0+This+message+does+not+have+authentication+information+or+fails+to+pass 0 0 1313 - -
2019-01-16 00:16:18 108.177.104.26 OutboundConnectionResponse SMTPSVC1 SFWEBSERVER - 25 - - 421-4.7.0+This+message+does+not+have+authentication+information+or+fails+to+pass 0 0 1968 - -
Are you signing outbound mail with DKIM? If so, is your key length greater than 512?
ASKER
Hi Mahesh,
Thanks for the reply. Yes from address is domain address that is info@abc.com.au (I replace actual domain name with abc).
Emails directly forward to Gmail. There is no smart host.
web server public IP is not blacklisted.
Thanks for the reply. Yes from address is domain address that is info@abc.com.au (I replace actual domain name with abc).
Emails directly forward to Gmail. There is no smart host.
web server public IP is not blacklisted.
ASKER
We are not signing outbound mail with DKIM. We didn't configure DKIM.
can you send one test email from exchange server to gmail ID and post gmail header here
also paste here complete NDR you received when you send email from web server to troubleshoot further
also paste here complete NDR you received when you send email from web server to troubleshoot further
ASKER
In Exchange server we are using smart host (barracuda). This is the complete NDR that I received. Email remain in the Queue and finally received the NDR. Please review the logs that i posted above so you will get the idea. Also not all email to Google are failed. 20-25 emails are Failed.
I that case why you relay emails from web server to your onpremise exchange server and from there it will go to gmail, this way unauthenticated traffic don't flow to gmail from web server and all emails will reach to gmail
For that to work, you do need to create externally secured receive connector on exchange and allow *only* specific web server IP to accept emails from web server, remove all other networks, otherwise it will be an open relay
For that to work, you do need to create externally secured receive connector on exchange and allow *only* specific web server IP to accept emails from web server, remove all other networks, otherwise it will be an open relay
ASKER
Mahesh,
It seems like that you don't understand my query. I apologize that I didn't explain properly.
Here is the structure of my emails with Exchange and Web server.
In Exchange Server:
Exchange-->Barracuda-->Goo gle
In Web Server:
Webserver-->Google : No relay and from address in "info@domain.com.au"
I am not relay emails from web server to my onpremise exchange server.
It seems like that you don't understand my query. I apologize that I didn't explain properly.
Here is the structure of my emails with Exchange and Web server.
In Exchange Server:
Exchange-->Barracuda-->Goo
In Web Server:
Webserver-->Google : No relay and from address in "info@domain.com.au"
I am not relay emails from web server to my onpremise exchange server.
I know that
I am suggesting you to do that and send emails to gmail
The benefit is only Exchange server will be responsible to send emails to gmail and eventually solve problem
I am suggesting you to do that and send emails to gmail
The benefit is only Exchange server will be responsible to send emails to gmail and eventually solve problem
flow would be:
Web server-->Exchange-->Barrac uda-->Goog le
Web server-->Exchange-->Barrac
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
It should be same as one you have on exchange 2016 server, else error is expected
Also do web server forward emails directly to gmail ID or it is forwarding email to another smart hosts, in that case smart host also need to be included in SPF record
Further check if web server public IP is not blacklisted