1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Unable to send domain

Discussion in 'Exchange Exams' started by Stoney, Apr 23, 2008.

  1. Stoney

    Stoney Megabyte Poster

    731
    23
    69
    Hi,

    I have a problem with a user who is unable to send email to a particular domain. I have searched for ages on this and not been able to find a suitable resolution. I was wondering if you guys/gals can provide some help.

    Problem:
    User sends email to recipient. User receives NDR stating that the EHLO was rejected because the sending domain does not match that of the serve that sent the email.

    This makes sense because the email was sent from user@domain.com but the email server is server.domain.local. In the header of the email it specifies that the email came from server.domain.local.

    It looks like there is some anti-spam that's checking the origin of the email and cross-referencing it to the domain the email was sent from.

    I've looked into Masquerade domain names and recipient policies as solutions but I don't think they're the right way to go.

    Here's some details about the setup.

    Exchange server 2003 SP1
    server name is server.domain.local
    Recipient policies only use @domain.com for addresses, no-one has @domain.local address.
    MX records point to our mail scanning service (not the mail server) which forwards the mail on to us.
    domain.com A records point to our webserver.
    mail.domain.com points to the public IP of the email server.

    I was thinking of changing the FQDN of the server to server.domain.com but read that this has been the cause of many support issues on MSExchangeBlog.

    Anyone have any ideas?

    Cheers
     
    Certifications: 25 + 50 metre front crawl
    WIP: MCSA - Exam 70-270
  2. zebulebu

    zebulebu Terabyte Poster

    3,748
    330
    187
    Recipient's domain set to reject everything from domains without SPF records? What's the exact NDR message and code?
     
    Certifications: A few
    WIP: None - f*** 'em
  3. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,190
    296
    319
    Try running smtp diag mate, that can give you more info on what’s going on.

    I suspect the problem here is that your reverse DNS entry for your domain is not configured correctly.

    For example your domain could be domain.com and the first MX record can be mail.domain.com. The reverse DNS has to resolve to mail.domain.com and not domain.com. domain.com probably resolves to where your website is hosted therefore the mail server is rejecting it as it thinks the email is spoofed. Check that your reverse DNS points to mail.domain.com and also check if your email is routed through a smart host or DNS. 8)
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  4. quackers

    quackers Nibble Poster

    71
    0
    14
    Certifications: Degree, A+
    WIP: CCNA, MCDST
  5. Stoney

    Stoney Megabyte Poster

    731
    23
    69
    Thanks for the feedback guys,

    Zeb: Here's the error on the NDR

    <Server.domain.local #5.5.0 smtp;554 <server.domain.local>: Helo command rejected: invalid domainname .local, you have to specify your real domain or IP>

    Sparky: I did suspect that it may be a DNS issue because all of our MX records are for Postini Perimiter Manager which scan all our inbound email, our outbound email doesn't go out through the same servers though. And we don't use a smarthost either. I'll try smtp diag and see what info I get back.

    Quackers: We have an account with DNSStuff.com and the last time I ran the report there weren't any major issues. However, you never know if our ISP has spazzed up our records so i'll give that a check too.
     
    Certifications: 25 + 50 metre front crawl
    WIP: MCSA - Exam 70-270
  6. Stoney

    Stoney Megabyte Poster

    731
    23
    69
    Righty ho, done some tests.

    SMTPDiag: The results for this were ok. No problems highlighted.

    DNS report: Ran this on DNSStuff.com and it did highlight an error with our MX records.

    So it this is what's returned for our MX records because our mail sent through Postini Perimiter Manager to remove SPAMage etc.

    But the NDR from the recipient is complaining that they don't like our mail because it comes from domain.local.

    Any suggestions?
     
    Certifications: 25 + 50 metre front crawl
    WIP: MCSA - Exam 70-270
  7. Stoney

    Stoney Megabyte Poster

    731
    23
    69
    May have sorted this now.

    I've changed the FQDN on the SMTP virtual server to match that of mail.domain.com, and this can be seen in the mail header.

    I have to wait until tomorrow for the user to try sending the email again to find out if it's worked.

    Fingers crossed..........
     
    Certifications: 25 + 50 metre front crawl
    WIP: MCSA - Exam 70-270
  8. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,190
    296
    319
    Cool, if mail.domain.com has a reverse DNS entry you should be fine mate 8)
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010

Share This Page

Loading...