Posts: 176
Joined: 9.Nov.2004
From: Charlotte
Status: offline
words of advice..
never implement external DNS on the VS. never enable the Internet EMail Auto Protect with Symantec 9.0 and above versions. NEver leave the mail guard feature enabled on the pix firewall.. easy way to tell if its on is when you telnet from outside to ur exchange ser instead of reciviing ecxhange banner you receive **************************
RE: Cannot send mail to certain domains - 8.May2005 2:00:00 AM
Guest
Hello fellow sufferers,
my current config of SBS 2k3 with Exchange SP1 2k3 is experiencing the described problems.
But I am already using a smarthost, there is no virus scanning installed (removed F-Secure solution). EDNS is reduced to 512.
I can send to my email adress at GMX.de or a test account at t-online but if the attachment size surpasses roughly 4 MB I get error events of MSExchangeTransport like 4006 semaphore time limit exceeded as well as 994 and 984 not even documented at eventid.net.
The smarthost seems to accept the mail but at some point there must be a failure and despite increasing log levels I cannot find any hints to what is going on.
There are no global or user based limits on attachment size and I have tried all your hints. Smarthost attachment limit is 20MB so that is no issue neither.
Sending via the ISPs SMTP Server (=smarthost) using a POP/SMTP in outlook with the same account data exchange is using things work fine too.
Are there any suggestions left? Thanks for your input, Alexander
well i have a similiar problem ... My users can't send to a certain domain with their outlook clients. Tey receive a NDR 550 Relay Deny ... When i test the connection with smptdiag it shows me that everything is fine and is accepted. What could be the root of the problem for not sending with their clients.?
RE: Cannot send mail to certain domains - 12.May2005 1:42:00 AM
Guest
If you get denies you probably try to send directly via exchange and dns resolution instead of using the smarthost of your domain provider or ISP. If you do not have a fixed IP-adress onto which the mx dns entry of your domain is registered most of the big email providers will classify your mails as spam. Use the smarthost feature of the smtp connector. An example for 2003 is here: http://www.msexchangefaq.de/howto/e2003smtp.htm
sorry a little too less information ... We send our mails directly out with no smarthost or isp. I have already checked if we are on blacklists but everything is green ... reverse dns is set correctly too ...
Well I think I solved my problem, maybe it will help someone else. We have a Watchguard Firewall X 1000 and when I deleted the SMTP proxy and re added it mail started flowing This was suggesed from a Micorsoft article.
Posts: 1
Joined: 23.May2005
From: Johannesburg South Africa
Status: offline
I've read through this whole forum and i've come to this conclusion.
It's a bug in Exchange. I've tried everything. ISP Dns, NAV 9....Everything mentioned here. Nothing worked untill I started using a smarthost to relay the mail. I have to mention that it was a Linux box we used to relay the mail. Once the host started relaying every single mail was sent and delivered.
When will Microsoft bring out a Patch for this no-one knows cause it seems that they are not fully aware of the problem
Posts: 1
Joined: 24.May2005
From: United States, Maryland
Status: offline
Things have gotten mixed into the subject of this Topic.
To those having problems sending to some domains and receive message delayed notifications, pls try changing your Virtual SMTP server properties to send HELO instead of EHLO. Some servers do not support enhanced SMTP EHLO. This may help.
How about the DCOM 10009 issue is it really tied to Symantec Anti-Virus? I was running Symantec before this error started and could send to hotmail.
Posts: 5
Joined: 24.May2005
From: Wilmington, DE
Status: offline
i think i have uncovered a new twist to this. We send all of our mail through a smart host, which happens to be exchange 2003. I turned on Diagnostic Logging in system manager and got the following message...
------------------------------ This is an SMTP protocol log for virtual server ID 1, connection #63. The client at "EXCH SERVER IP HERE" sent a "xexch50" command, and the SMTP server responded with "504 Need to authenticate first ". The full command sent was "xexch50 1028 2". This will probably cause the connection to fail.
It turns out the XEXCH50 "verb" that is sent is an identifier used strictly between two exchange servers. Exchange send this when its connected to another exchange server. What do i get when i telnet to my smart host and type in XEXCH 50?
220 MAILSERVERHOSTNAME Microsoft ESMTP MAIL Service, Version: 6.0.3790.1830 ready at Tue, 24 May 2005 10:49:59 -0400 HELO 250 MAILSERVERHOSTNAME Hello [10.1.1.1] XEXCH50 503 Send mail from first MAIL FROM: rsmith@blah.com 250 2.1.0 rsmith@blah.com....Sender OK RCPT TO: rcs201@blaher.com 250 2.1.5 rcs201@blaher.com XEXCH50 504 Need to authenticate first
Posts: 5
Joined: 24.May2005
From: Wilmington, DE
Status: offline
We got our mail flowing.....
Our solution was the Symantec deal. We went into Client Security (the configurator thing) and disabled INTERNET E-MAIL AUTO-PROTECT. Mail started flowing. Where we came up with this solution is that since e-mail flowed right at a reboot then started to stop, we assumed that it was the sequence of services starting up that broke exchange and that there was some conflicting service. Well, we were right and it got it working.....
The question is though, why can it send it to a non-exchange SMTP server with no problem?! Microsoft mysteries......
good luck...If disabling the auto-protect does not work, try just shutting down the Symantec service(s) instead of just the one auto-protect. Thats where we started and narrowed it down from there.
RE: Cannot send mail to certain domains - 11.Jun.2005 9:40:00 AM
Guest
My two cents - we have been experiencing the same problem, but NOT with Exchange 2k3. We run Exch 5.5, routing through a 2k server configured for SMTP relay. Both are behind our Pix firewall. The relay server has SAV9 installed and the email scanner is turned on. It's Saturday and the problem is small, so I'll be checking settings on Monday morning. Here's what I'll try: 1. Turn off auto-portect in SAV. If no go.. 2. Turn off SAV completely. If no.. 3. Change DNS setting to external (presently set to our inside DNS). If no go.. 4. Change PIX fixup size 5. If it's still a problem, then I don't know... I just thought you all might find it interesting that a non-Exch2k3 user was seeing the same problem. This all started for us when we replaced an NT4 relay server on the DMZ with a 2k relay server inside the firewall. We chose to do this because the 2k server would not work in the DMZ without opening more ports than we were willing to open.
This is a VERY useful thread! Thanks to all posters!
RE: Cannot send mail to certain domains - 13.Jun.2005 10:19:00 AM
Guest
UPDATE! As I mentioned in my last email, we had moved our relay server from our DMZ to inside our LAN. It turns out that our DNS configuration inside the network was keeping us from sending to certain domains. Our internal DNS servers were pointing to themselves for resolution. Once I changed one of them to our external DNS, mail started to pour out of here.
RE: Cannot send mail to certain domains - 20.Jul.2005 5:52:00 AM
Guest
Finally my solution!
This was a really annoying problem and at last easy to solve. I tried every suggestion in this forum but nothing helped.
My Prob was that our internal domain is not a recognized external domain. Some mail server (like gmx, ...) seem to check if the Domain from the sender can be resolved.
All the users in our Active-Directory had as default the internal e-mail address with the internal domain and not the known external address. After changing this, everything worked fine.
It took me 5 Minutes to change everything, after 2 weeks searching and reading forums.
we have the same issues running w2k3 with E2k3, we have split dns, MS dns internally and BIND for external. when mail goes out it is using the internal dns name when the receiving domain does the reverse it gets the external name, which then causes the mail to be rejected. temp solution is routing through my unix smtp server.
My solution was this- We had a 1 to 1 NAT mapping and I made the mistake of having Exchange use our external IP for DNS. The problem is, we have a Sonicwall and cannot route out and back in through this IP so I forward to the private IP so when AOL did a reverse lookup, it was valid. Otherwise, when AOL received our mail, it was coming from the IP of our firewall. What tipped me off was a user in our network kept getting a bounce saying that he did not have permission to send this user... I did some checking, changed the IP and blam! I have 1 queue rather than many, but it's nice to be able to send mail normally again. Fortunately, I know people who have AOL, Gmail, Comcast, Earthlink, Yahoo and Hotmail accounts. Working nicely now.
I've got a problem like this, i'm not able to send mail to any domain. When i reboot the server everything is send. So it must be a service...... and YES routing and remote access was blocking all the outside mail!!!! I stopt routing and remote acces and everything goes well!! but I need routing and remote access!!! someone has a solution for this????
Posts: 11
Joined: 14.Aug.2005
From: USA
Status: offline
After reading the whole post it might be good to seperate these into different problems. As far as I see there various symptoms that apper to be cause by the same problem, when in fact it is just 3 problems with similar symptoms.
I believe you can break it down into the following
1. True DNS problems a. Firewall issue - UDP packet b. No external DNS - Use external DNS or 'Resolver' (not sure if that is correct) c. DNS server running slow or spotty and fails to return correct ip - (fix DNS server) d. user is rejected or all mail rejected (ensure that a PTR - reverse dns entry is available for your email server's FQDN)
2. Anti-Virus/Third party program a. Virus/Thrid party program's Smarthost/DNS is not set correctly b. Specific Virtual SMTP server is not set to use Anti-Virus Smarthost
3. Exchange problem a. DNS lookup returns MX record of a machine that does not respond, but exchange will not use the second MX record, and instead uses A record to get the IP. (work around - Use SmartHost so that multiple MX servers will be tried)
b. DNS lookup fails due to unknown reason, and Exchange uses A record not MX record. (unknown)
4. Client Problem / Outlook issue a. signature causes problem somehow
Ok now to my problem.
I think I have an exchange problem but some of it is like a client problem and dns. Here is what happens.
A user send to a client outside of the company. Both the company and the client use the same ISP. The company server gets a 503 error saying that the user is not approved to relay. 99% of the time all other users sending to this client do not have the problem. But this particular user has it 25% of the time.
After capturing the actual packets this is what is found.
ISP has two sets of mail servers. One for sending and one for receiving mail - (Concentric.com) When doing a proper mx lookup all returned servers would accept mail. However when the mail was rejected it was being set to a server not listed as a MX server. Instead it was sending to a email server that was setup only for relay mail. Upon further investigation, the exchange server was using the ip address of the server that orginially delivered the message.
So why would exchange use the old IP address? from the above list I can assume
1. The exchange server unresolved the address based on the email (doubtful right never heard of this) 2. The DNS lookup up failed and the server used the A record (but the A record doesn't really match the IP actually used)
I noticed in the Event logs that the client machine was having Kerbose issues and errors on too many TCP connections open to the server. So could this be what is happening.... Client machine sends email to server, in the process to many TCP connections are openned up. The server receives mail, but is bogged down by clients machine and thus the DNS lookup fails. When this fails exchange does (1 or 2) was is listed above. The end result is 90% the time mail goes thru fine, but the rest of the time it fails due to a bad ip address being used.
The way round this...is easier then thought. We had it for two weeks, seems to be a little ISP to ISP pecific...but: You need to add your external IP into the reverse DNS lookup on your server. This cured all out clients in all of five minutes. Seems that without it the server at the other end can't resolve your address correctly so it flags it as a spoof and drops it. Hope if works for you all.
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Printable Version
All Forums >> [Microsoft Exchange 2003] >> Message Routing >> RE: Cannot send mail to certain domains 
RE: Cannot send mail to certain domains - 
RE: Cannot send mail to certain domains - ![[Mad]](/image/smiles/mad.gif)
I've tried everything. ISP Dns, NAV 9....Everything mentioned here. Nothing worked untill I started using a smarthost to relay the mail. I have to mention that it was a Linux box ![[Razz]](/image/smiles/tongue.gif)
we used to relay the mail. Once the host started relaying every single mail was sent and delivered. ![[Big Grin]](/image/smiles/biggrin.gif)
![[Confused]](/image/smiles/confused.gif)
it seems that they are not fully aware of the problem ![[Roll Eyes]](/image/smiles/rolleyes.gif)
![[Cool]](/image/smiles/cool.gif)
RE: Cannot send mail to certain domains - 
RE: Cannot send mail to certain domains - 
RE: Cannot send mail to certain domains - 
RE: Cannot send mail to certain domains - 
New Messages
No New Messages
Hot Topic w/ New Messages
Hot Topic w/o New Messages
Locked w/ New Messages
Locked w/o New Messages
Post New Thread
