smtp error (Full Version)

All Forums >> [Microsoft Exchange 2007] >> Message Routing



Message


gskawinski -> smtp error (28.Nov.2007 2:37:03 PM)

I'm migrating from an exch2k to exch2k7 (a single server for each).  2k7 is installed, the two servers are interconnected and mail flow (internal and external) is ok.
But one of my users cannot send mail to a certain external (different) domain, but email can be received from that domain.
Exch2k7 reports the following delivery error as reported from the recipient email service:

#553 bogus helo qbbeoy. http://unblock/secureserver.net/?ip=0.0.0.0 ##

I take this to mean my email ip is being blocked by a spam service because it doesn't like the helo message.  I get this reply from users whose mail accounts are on either mail server.

Here's my relevant info:
public MX record:  mail.mydomain.com
exch 2k fqdn:  2kservername.mydomain.com
exch 2k7 fqdn:  2k7servername.mydomain.com

Could this be because the exch2k7 fqdn or helo message is not configured properly?  Do I need a seperate public mx record for exch 2k7?

Thanks for any help with this.




rishishah -> RE: smtp error (28.Nov.2007 2:40:28 PM)

Why not set your send connectors so that the host header sent out is the same as your registered MX record for your gateway smtp server.




gskawinski -> RE: smtp error (28.Nov.2007 2:49:26 PM)

Thanks for the quick reply!

So do the following?
exch2k7 fqdn = mail.mydomain.com

If so, should this also be done for the exch2k server too?




rishishah -> RE: smtp error (28.Nov.2007 3:11:30 PM)

which server is acting as the gateway to the internet... do it on that




gskawinski -> RE: smtp error (28.Nov.2007 4:01:17 PM)

Thanks for the reply.
I'm not sure which is the gateway.  After installing exch2k7, the 2k server accounts could send to the internet, but the 2k7 accounts couldn't.  I then configured a hub transport send connector and then the 2k7 accounts could send to the internet.  That is all I have done for routing.  So I'm assuming everything is routed through the 2k server.  Again, I only have one 2k server and one 2k7 server.
Can I set fqdn on both to be mail.mydomain.com?




John Weber -> RE: smtp error (28.Nov.2007 6:14:31 PM)

Might be that the outgoing IP is not the same as the mx record.
Reverse DNS PTR correct?

-jmw




rishishah -> RE: smtp error (29.Nov.2007 12:22:25 AM)

Do you have a firewall that can tell you which server is sending out the mail? Check logs for port 25 (outgoing).

than make the change there.




gskawinski -> RE: smtp error (29.Nov.2007 8:27:39 AM)

Thanks for the reply.
The firewall shows all email going to the internet is sent by 2k7 exchange.  All inbound email is received by 2k exchange.  dnsstuff.com shows a problem with the helo/ehlo greeting (hence the original problem).  Here are my settings:

exch2k server name  = mailserver
exch2k7 server name = spsmail

Public Records:
MX [10] - @ (host name) - mail.simcoeparts.com
mail    - A (host name) - 199.243.219.211

Firewall:
199.243.219.211 traffic is routed to mailserver.
Firewall public IP 199.243.219.210

Internal Network Settings:
MX [10] - mailserver.simcoeparts.com - 192.168.0.6
MX [11] - spsmail.simcoeparts.com - 192.168.0.3
A and PTR records for mailserver and spsmail

mailserver fqdn = mailserver.simcoeparts.com
spsmail fqdn = mail.simcoeparts.com  (i just changed this from spsmail.simcoeparts.com)

What can I do to fix this.  Should I:
- route inbound mail to spsmail?
- create an internal host record for mail.simcoeparts.com and point it to spsmail?
- create separate public records for spsmail, with it's own inbound ip?

Thanks for the help!




rishishah -> RE: smtp error (29.Nov.2007 8:36:45 AM)

Set the FQDN on send connector on the Exchange 2k7 server which sends mail out, to your external MX record of mail.simcoeparts.com.

This is the host header your mail server will than send out to the other mailserver when it makes the connection and just after the helo command.





gskawinski -> RE: smtp error (29.Nov.2007 8:58:00 AM)

Thanks, I'll do that.
Should I do the same for the inbound server too?




gskawinski -> RE: smtp error (29.Nov.2007 9:16:52 AM)

Not quite done yet.  The email is getting blocked because there is no reverse dns record.  Error message:

We cannot find reverse DNS for this IP.
RDNS converts IP addresses (199.243.219.210) to names (such as mail.example.com).

That address is the firewall public ip.  All general internet traffic goes through that.  This is what the sending server uses.  Our only public mx record points to 199.243.219.210.

Do I need a separate public ip and host records for the sending server?  Or maybe a public record for 199.243.219.210 with a host name of simcoeparts.com?
Thanks again!




John Weber -> RE: smtp error (29.Nov.2007 12:31:44 PM)

This was the gist of my reverse DNS PTR comment.

You need:
MX record for inbound
DNS REV PTR record that maps the ip address of the firewall outbound port 25 to the A record that is the MX record.

This is typically done by the ISP who supplies your IP address space.
Not every system does email filtering on the lack of a rev ptr record, but some do; hence, you see some systems are accepting your mail, and some are not.  More and more orgs are now filtering on a rev ptr mismatch.  I advise all of my clients to do so.  Cuts SPAM by about 20% if not more.
If you need more detailed help, contact me offline.

-jmw




gskawinski -> RE: smtp error (30.Nov.2007 7:40:46 AM)

Thanks, I will contact you.




gskawinski -> RE: smtp error (5.Dec.2007 1:16:30 PM)

Thanks for the help John.  The problem was no reverse dns record.  My ISP created one and mail is no longer being blocked.
Thanks again!




Page: [1]