Announcement

Collapse
No announcement yet.

Exchange not sending mail to random domains, Mail sitting in queue then NDR

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Exchange not sending mail to random domains, Mail sitting in queue then NDR

    Hi everyone, I hope one of you can help me with this issue,

    we have encountered numerous incidents where users complaint that they can not send emails to random domains with Relayed Denied error.
    First we thought the problem is with the recipients servers, but after reviewing the SMTP log intensively and the Windows application log ( I have SMTP logging on maximum in exchange, I have noticed that the SMTP service on Exchange Server 2003 SP2 tries to send out emails to wrong IP Addresses (instead of sending out to listed IP of MX record, it tries to send to the WWW IP address). The messeges sit in the exchange queue for 2 days until they time out with the NDS.
    To test further, we have changed the DNS server of the Exchange Server to different public DNS service provided by the ISPs and still received same result. We have also repointed the internal DNS forwarders list to different external dns. About half the domains we send to work fine. Other half exchange tryes to send to wrong system. It is trying to send it to the WWW record.. Even for domains like hotmail and gmail.

    From a command prompt I am able to telnet to port 25 on all domains MX that are stuck in the queue.

    Have checked the server configuration, DNS configuration, ran all updates, and yet still same result..

    This is happening at about 5 of my clients, I have been using smarthost as a work around. But that is not always an option.


    The application event log reports this

    This is an SMTP protocol error log for virtual server ID 1, connection #188. The remote host "216.212.60.34", responded to the SMTP command "xexch50" with "504 Need to authenticate first ". The full command sent was "XEXCH50 1908 2 ". This will probably cause the connection to fail.

    216.212.60.34 is the webhost for www.domain.com NOT the MX

    if i do a nslookup -q=mx domain.com from the Exchange servers, I get the proper IP for MX. So the server’s themselves have good DNS resolution, it seams to just be exchange.


    Any ideas would be great!

    Thanks!

    NTnow

  • #2
    Re: Exchange not sending mail to random domains, Mail sitting in queue then NDR

    The first thing I would check is that there are no external DNS servers configured on the SMTP virtual server. That can cause problems like this. Exchange uses the same DNS that you can do form a command prompt - presuming that external DNS hasn't been configured. I am presuming that it is Exchange doing th delivery and there isn't something else getting in the way - AV, Antispam etc.

    Simon.
    --
    Simon Butler
    Exchange MVP

    Blog: http://blog.sembee.co.uk/
    More Exchange Content: http://exchange.sembee.info/
    Exchange Resources List: http://exbpa.com/
    In the UK? Hire me: http://www.sembee.co.uk/

    Sembee is a registered trademark, used here with permission.

    Comment


    • #3
      Re: Exchange not sending mail to random domains, Mail sitting in queue then NDR

      I have tried both ways.. And currently there are no external servers under the SMTP Virtual server right now...

      But either way It is the same results...

      Under the DNS server for the Local Domain I have used different forwarders, and even tried NO forwarders...

      Any other ideas?

      This is the same story for most of my exchange settings. SBS 2003 and Normal full exchange2003... i DONOT have this problem with any of my exchange 2000 systems.
      Last edited by ntnow; 7th November 2007, 20:47. Reason: added

      Comment


      • #4
        Re: Exchange not sending mail to random domains, Mail sitting in queue then NDR

        Also,
        Some of the servers have GFI, and others don't... Some are behind IPcop firewalls, others just Linksys or netgear cable/dsl routers.. All Clients are on Static IP with RDNS setup properly.
        I have replicated the settings with the Few locations That seem to work fine on Direct delivery.
        All Servers are on Automatic Microsoft update.
        Really any thoughts are great. I have scoured the MSDN, and other resources over the past year or so and havenít found much on this subject.

        Comment


        • #5
          Re: Exchange not sending mail to random domains, Mail sitting in queue then NDR

          No, you're not correct regarding the ip address you listed. The ip address 216.212.60.34 is listed as the A record that the MX record points to. It is also the OWA page as would be expected. Your mail server is connecting to the correct host. As far as the xexch50 error is concerned I believe that this is normal operation for Exchange as I believe it will try to authenticate the SMTP connection first if the receiving server advertises that it supports the xexch50 command verb. When the authentication fails it should use a standard SMTP connection. See if the following articles help.

          http://support.microsoft.com/kb/818222

          Comment


          • #6
            Re: Exchange not sending mail to random domains, Mail sitting in queue then NDR

            here are some more log files from ONE of my clients...

            this is for a domain hrmc-stl.com

            -------------------------------------------------
            This is an SMTP protocol error log for virtual server ID 1, connection #453. The remote host "208.113.146.23", responded to the SMTP command "rcpt" with "554 <m****@hrmc-stl.com>: Relay access denied ". The full command sent was "RCPT TO:<m****@hrmc-stl.com> ". This will probably cause the connection to fail.
            -------------------------------------------------------

            208.113.146.23 is the WWW a record from hrmc-stl.com not the MX... and the mail just sits in the queue

            here is one for a domain barry-productions.com again you will see the IP listed is the WWW a record NOT the MX

            --------------------------------------------------------
            This is an SMTP protocol error log for virtual server ID 1, connection #451. The remote host "208.113.186.169", responded to the SMTP command "rcpt" with "554 <m****@barry-productions.com>: Relay access denied ". The full command sent was "RCPT TO:<m****@barry-productions.com> ". This will probably cause the connection to fail.
            --------------------------------------------------------

            Here is another example for conwaygrp.com

            ----------------------------------------------------------
            This is an SMTP protocol error log for virtual server ID 1, connection #449. The remote host "64.238.197.110", responded to the SMTP command "rcpt" with "550 5.7.1 Unable to relay for m****@conwaygrp.com ". The full command sent was "RCPT TO:<m****@conwaygrp.com> ". This will probably cause the connection to fail.
            ----------------------------------------------------------
            Last edited by ntnow; 8th November 2007, 06:37.

            Comment


            • #7
              Re: Exchange not sending mail to random domains, Mail sitting in queue then NDR

              This is interesting. In each case you listed, the ip address is registered as the A record for the domain. The way email servers work is to first look for an MX record for the domain and send to that ip address but failing to find an MX record then look for an A record for the domain and send to that ip address. It appears that is what is happening for the three domains you listed. Have you run nslookup from the exchange server and performed MX lookups for the domains in your post? It looks like you have some funny DNS issues. Do you use your own internal DNS servers? Do you have Exchange configured to use external DNS servers? Do you use forwarders on your internal DNS servers?

              Comment


              • #8
                Re: Exchange not sending mail to random domains, Mail sitting in queue then NDR

                my domains have their DNS Hosted at Netsol, Dreamhost, Crytaltec, godaddy, and a few other MAJOR host..

                MX is NOT supost to Directly point to An Ip.. Most Web Based Host like Network solutions and dreamhost won't even give you the option of putting an IP in the MX spot. You must create a CNAME or a A record which points at that IP, then Point the MX at that A record...

                Now that being said. All of those domains have a MX record.. That MX record is pointing at a A record which is pointing at the corect ip.. These domains have no problem reciving e-mails.. And if i point my 2003 exchange servers to a smart host all email goes just fine to these domains.. this problem is NOT with the Domains or the DNS.. it is with exchange.. I get the same issues with hotmail, Gmail, yahoo and email.com domains..

                As i have said befor, i get same problem if i have External DNS list under the SMTP VS or if i dont.. I have tried a whole list of ISP DNS servers under my forwarders in the Local DNS server.. i have even tried having nothing in there....

                microsoft, hotmail, Yahoo, MSN, hotmail, even petri.co.il all have the MX pointed at a A record

                C:\Users\****>nslookup -q=mx petri.co.il
                Server: 192.168.5.1
                Address: 192.168.5.1:53

                Non-authoritative answer:
                petri.co.il MX preference = 30, mail exchanger = petri.co.il.inbound30.mxlogic.net
                petri.co.il MX preference = 10, mail exchanger = petri.co.il.inbound10.mxlogic.net
                petri.co.il MX preference = 20, mail exchanger = petri.co.il.inbound20.mxlogic.net

                petri.co.il nameserver = ns.petri.co.il
                petri.co.il nameserver = ns1.netguru.co.il
                petri.co.il.inbound20.mxlogic.net internet address = 208.65.144.1
                petri.co.il.inbound30.mxlogic.net internet address = 208.65.144.1
                Last edited by ntnow; 8th November 2007, 07:23.

                Comment


                • #9
                  Re: Exchange not sending mail to random domains, Mail sitting in queue then NDR

                  Ok here is an interesting twist. It was suggested that I try this..

                  Place an external DNS server under the TCP/IP settings for my Servers NIC card... rather than Leaving it empty or Set to loop back... and that worked.

                  Is this an acceptable fix? From everything I read, you don't want an external DNS server in the TCP/IP properties of your network card on an AD / exchange server..

                  Any thoughts?

                  Comment


                  • #10
                    Re: Exchange not sending mail to random domains, Mail sitting in queue then NDR

                    I wasn't suggesting that an MX could point directly to an ip address as there is no way to configure this and no one will set this up for you. I was simply pointing out the fact that the A record for each domain you listed was resolving to the ip addresses you listed. You SHOULD NOT configure an MX record to point to a CNAME record as it violates the RFC's and many mail servers will not accept this as valid. The way email servers work is to first look for an MX record for the domain and send to that ip address but failing to find an MX record then look for an A record for the domain and send to that ip address. MX records are not required in order for a domain to receive email. If you want to verify my facts then read the RFC's. You do have a DNS problem as evidenced by the fact that when you stop using your own DNS servers and start using someone else's everything flows. I would suggest looking at your internal DNS servers, flushing their cache's, and running nslookup from each one to try and determine what is going wrong.

                    Comment

                    Working...
                    X