| Author |
Message |
Ben Winzenz [Exchange MVP
Guest
|
 Posted:
Wed Dec 28, 2005 1:58 am Post subject:
Re: Undeliverable Mail |
|
|
I thought about the way I had typed that, but I still stand by it. I can't
stand it when ISP's or hosting providers play dumb because they don't want
to do something (which is probably what the case is here).
As far as the Cisco PIX, I can't speak to the programming, but here's the
overview of what Mailguard does. It's on by default, BTW - you have to
specifically disable it. Mailguard basically disables all ESMTP commands,
limiting remote servers to only basic smtp commands. For example, HELO is a
basic SMTP greeting, while EHLO is an Enhanced (ESMTP) command. If you
telnet to your server (from outside) and issue a EHLO command, the PIX will
block the command and you'll get back a 500 5.3.3 Unrecognized command
response. Technically, it shouldn't cause issues, but prevents using some
of the more useful ESMTP commands. If you want to disable it, follow the
instructions in this KB article.
http://support.microsoft.com/kb/320027/
As far as logging, if you enabled SMTP Protocol logging, you will find the
logs in the c:\windows\system32\logfiles\smtpsvc1 directory. It's enabled
on the properties of the Default SMTP Virtual server.
--
Ben Winzenz
Exchange MVP
MessageOne
Read my blog!
http://winzenz.blogspot.com
http://feeds.feedburner.com/winzenz (RSS Feed)
"ESI" <ESI@discussions.microsoft.com> wrote in message
news:A5C01817-8344-4A56-8C1F-CCC4E3D8EA4E@microsoft.com...
| Quote: | How do you like Interland now? HEH Well I will push the issue some, we are
switching hosts within a month to IKH. Hopefully they will have a better
department for handling these issues.
Well I did some more testing at work. I can telnet to their server
(AOL)and
send mail that way. So I did come across something. Now while trolling the
aol postmaster site I did find this snippet:
Queuing Mail
If the email you are attempting to send to America Online is queuing in
your
Outgoing Mail Server there are steps you can take to troubleshoot and
correct
the problem.
You have a Cisco pix firewall.
Please contact Cisco you may need to increase DNS packet size.
DNS Caching.
Please contact your system administrator. DNS caching is known to cause
mail
queuing when sending to the AOL mail server. Specifying IP address of
AOL's
relay servers is also known to cause this issue.
I'll have to contact the company that setup our server and pix as they
said
the work on the pix is all command line. Personally I think they should do
it
for free as this is an ongoing problem. But that's my fight. But at the
same
time I was going to inquire about the mailguard. You said it doesn't need
to
be run, the admin at dnsstuff said it looks like bad programming on
whoever
set it up. I can't find any info as to what mailguard does and if we
really
do/do not need it.
I setup logging, I may have done it right, or not. I ddin't see any text
as
to smtp prtotocols. I also setup alerts for SBS2K3, and I got an email
saying
there was a lot of email sitting in the queue. Which prompted me to search
for queue on aol. I did notice after an hour the log was 5MB. Reading
through
what I could make out, there is a whole lot of mail in there that isn't
from
our company although the sender shows an bogusname@esi-extrusion.com. And
alot of email to postmaster saying stop sending we don't have that
address.
Well I think I'm getting somewhere. just not sure where. Thanks for all
your
help.
"Ben Winzenz [Exchange MVP]" wrote:
Interland is a bunch of morons then. SPF records are DNS resource
records
of type TXT. If they don't know how to do that, and want to cop out and
say
their servers don't support it (which I'd submit is a load of crap), they
don't deserve to be a hosting provider, or at least don't deserve your
business. RFC 1035 (http://www.faqs.org/rfcs/rfc1035.html) defines DNS
resource record types, which include TXT. Since it was submitted in, oh,
1987!, saying their servers doesn't support creating TXT records is
nonsense, unless their server is totally non-RFC compliant, in which
case,
again, they should not be a hosting provider. You might try getting
ahold
of one of their senior network folks. In many cases, the level 1 folks
aren't real bright when it comes to dealing with stuff like that.
AOL adding your IP to *their* whitelist shouldn't be a big deal. It's on
their end, not yours. I would have been more than suspicious if they had
asked you to add their server to your whitelist, though :-)
You enabled logging means......you enabled SMTP Protocol logging? If so,
make sure that you enabled all the advanced logging options. If you
can't
interpret what it is saying (which is ok), please post the relevant
section
of the smtp log that shows the conversation between your server and AOL's
server.
--
Ben Winzenz
Exchange MVP
MessageOne
Read my blog!
http://winzenz.blogspot.com
http://feeds.feedburner.com/winzenz (RSS Feed)
"ESI" <ESI@discussions.microsoft.com> wrote in message
news:8CE77EF5-D6CB-4C5D-90E4-55B8C2D308B1@microsoft.com...
Well I'm still on a quest to send email to aol and yahoo. Your
suggestion
to
add an SPF record applies to our domain hosted by interland. I sent
them a
ticket request for that addition. Their servers do not support that:
Unfortunately, at this time, we are unable to create an SPF record for
the
domain. This is not supported by our servers.
I contacted AOL and they wanted me to submit our IP to there whitelist.
I
didn't see any harm in that, although perplexed as to why I had to.
That
request was approved. Still no email going through.
I enabled logging of the exchange server. I look at the log, I see
where
the
user sent an email, just not quite sure what else in the maze of
gobbledygook
listed shows errors or what not. I get a 4.4.7 error in the returned
email.
Does that help?
"Ben Winzenz [Exchange MVP]" wrote:
You can ignore the Warning on the mail server host name in greeting.
That
only applies to inbound mail. The cause is that you have a Cisco PIX
with
the Mailguard feature turned on. You don't need it enabled, and it
can
potentially cause problems with other mail systems trying to send mail
to
you, but it won't cause the problem of not being able to send mail to
yahoo
or aol. If you want to get rid of that warning, then disable
Mailguard
on
your PIX.
You may want to registry SPF records, as dnsreport suggests. Looks
like
they have a wizard that walks you through how to set up the SPF
record.
SPF
records are registered as TXT records (versus say A or MX records).
--
Ben Winzenz
Exchange MVP
MessageOne
Read my blog!
http://winzenz.blogspot.com
http://feeds.feedburner.com/winzenz (RSS Feed)
"ESI" <ESI@discussions.microsoft.com> wrote in message
news:0533A4AD-1D3B-4BED-8C78-FE95AFAAB5EF@microsoft.com...
The ISP has re-directed the ptr record back to the
mail.esi-extrusion.com.
I
went to the reverse dns on dnsstuff.com and it apparently is
working. I
still
cannot send email to yahoo or aol accounts. When I put in
esi-extrusion.com
in dnsreport.com checker, it still shows the same errors. I don't
know
what
else to change . Any ideas?
"Ben Winzenz [Exchange MVP]" wrote:
You would be asking your ISP to map the PTR record for the IP
address
back
to mail.esi-extrusion.net. It needs to match the name of the
sending
server. Note that your ISP may not be willing to do this. It
isn't
an
unreasonable request, but some ISP's won't do it.
A Smarthost simply means that instead of your server directly
connecting
to
the target server, you will forward all mail to your ISP first, and
your
ISP
will do the actual delivery of the mail. ISP's typically will
allow
their
customers to do this.
Did the company that setup your server indicate what the tweak was?
Regardless, if you are able to resolve MX records for yahoo and
aol,
it
won't be a problem with your DNS server.
--
Ben Winzenz
Exchange MVP
MessageOne
Read my blog!
http://winzenz.blogspot.com
http://feeds.feedburner.com/winzenz (RSS Feed)
"ESI" <ESI@discussions.microsoft.com> wrote in message
news:3645EA9A-C86D-4FCD-945D-85F36E1E948A@microsoft.com...
When we switched from Interland hosting our email to hosting our
own,
it
was
quite a feat to get them to understand what needed changed, as I
remember
our
server IT person had to walk them thru it. Quite conceiveably
they
didn't
do
it correctly.
We do have a static ip for our Exchange Server. SBC is our ISP
and
our
website is hosted by Interland currently. I want to be sure, I am
asking
SBC
to re-map our ptr record back to esi-extrusion.com and not
interland?
I'm do not know what Smarthost is. I'm sorry. I'm going to do a
search
and
read up on it shortly.
I know people in general don't like to help newbies or generally
stupid
people thrust into a position by their company. If I get this all
worked
out,
just know that someone will think your a hero.
"Ben Winzenz [Exchange MVP]" wrote:
You have a PTR record, but it does not map to your MX record.
If a
receiving mail server is doing a reverse-DNS lookup, then the
PTR
record
will not match the name that the server says it is and could
cause
the
connection to be rejected.
Do you have a static IP address, or is this a dynamic IP? If
it's
a
dynamic
IP, then you won't have any control over this. If static, you
can
ask
your
ISP to modify the PTR record to map back to
mail.esi-extrusion.com,
but
whether they do this is up to them. AOL and Yahoo usually don't
accept
mail
from IP's that are in dynamic pools.
Can you send outgoing mail through your ISP as a SmartHost?
--
Ben Winzenz
Exchange MVP
MessageOne
Read my blog!
http://winzenz.blogspot.com
http://feeds.feedburner.com/winzenz (RSS Feed)
"ESI" <ESI@discussions.microsoft.com> wrote in message
news:AF1895BF-9FCD-4F25-9D20-6F54A6DC7AC5@microsoft.com...
I went to www.dnsreport.com and our reverse dns is ok. That I
would
assume
handles the ptr question and A record. I typed
esi-extrusion.com
in
the
domain and all things look ok minus a few misc errors.
"Dan J.S." wrote:
"ESI" <ESI@discussions.microsoft.com> wrote in message
news:3C4D5C0B-DD8D-499E-8B18-FB3A4298E0BB@microsoft.com...
I am NOT an IT Professional. I just try to do my best as our
company
IT
person. (someone has to do it). We use Windows server 2003
for
small
business. We Use MS Exchange v 6.5 Build 7638.2 Service
Pack
2.
Our
company
can not send email to yahoo.com or aol.com addresses. The
company
that
setup
our server said " We don't handle your dns configuration,
this
is
something
you have to take up with Interland. However, the dns report
is
just
flagging
generic issues that will not cause you any harm and is not
causing
you
any
problems. What I believe is happening is the dns server at
ESI
is
having
an
issue with dns lookups at your end. There is a tweak we
can
do
to
help
it
correctly work with aol and yahoo mail providers. It takes
about
30
minutes
to implement. Is this something I can do? I do know my way
around
some
things and am learning all I can. Can some nice soul out
there
shed
some
light on my agonies?
I can tell you from experience, dealing with yahoo and aol
(and
especially
aol) is a pain in the ass. You probably need a reverse dns
record,
and
this
is something both your is needs to setup (called a ptr) and
you
may
also
need an a record in your dns that confirms your outgoing smtp
server
is
in
fact in your control. However, even after you do it, aol
keeps a
cache
for
weeks sometimes, so even though all is corrected, you may
still
have
issues.
Calling aol may help, but they are a bunch of arrogant
a-holes
when
dealing
with them (especially their email admins).
good luck.
|
|
|
| Back to top |
|
 |
ESI
Guest
|
| Posted:
Wed Dec 28, 2005 8:01 am Post subject:
Re: Undeliverable Mail |
|
|
Well good because I agree. Some people in this world are busting our butts
trying to learn all we can, and some just don't care.
I only worry that disabling the Mailguard will pose a security risk. What
are your thoughts on increasing the packet size?
I do have the logging on. I was impressed I got it. Here's what I found. I
rdp into my work workstation. Send an email to an aol user. Goto server
management and look in the exchange queue. There's a bunch for aol. I look
for the email and it's in the queue. I try the force connection as it doesn't
show up in the logfile. I go back to the log file and there is nothing for
aol or the specified user for that time. I did a refresh and waited till the
file time included when I sent it.
It's almost like exchange doesn't even try to send to aol. It just
immediately moves it to the queue, and that's the end of it. Is there a
setting somewhere in Exchange or Outlook 2003 that say no AOL by default?
"Ben Winzenz [Exchange MVP]" wrote:
| Quote: | I thought about the way I had typed that, but I still stand by it. I can't
stand it when ISP's or hosting providers play dumb because they don't want
to do something (which is probably what the case is here).
As far as the Cisco PIX, I can't speak to the programming, but here's the
overview of what Mailguard does. It's on by default, BTW - you have to
specifically disable it. Mailguard basically disables all ESMTP commands,
limiting remote servers to only basic smtp commands. For example, HELO is a
basic SMTP greeting, while EHLO is an Enhanced (ESMTP) command. If you
telnet to your server (from outside) and issue a EHLO command, the PIX will
block the command and you'll get back a 500 5.3.3 Unrecognized command
response. Technically, it shouldn't cause issues, but prevents using some
of the more useful ESMTP commands. If you want to disable it, follow the
instructions in this KB article.
http://support.microsoft.com/kb/320027/
As far as logging, if you enabled SMTP Protocol logging, you will find the
logs in the c:\windows\system32\logfiles\smtpsvc1 directory. It's enabled
on the properties of the Default SMTP Virtual server.
--
Ben Winzenz
Exchange MVP
MessageOne
Read my blog!
http://winzenz.blogspot.com
http://feeds.feedburner.com/winzenz (RSS Feed)
"ESI" <ESI@discussions.microsoft.com> wrote in message
news:A5C01817-8344-4A56-8C1F-CCC4E3D8EA4E@microsoft.com...
How do you like Interland now? HEH Well I will push the issue some, we are
switching hosts within a month to IKH. Hopefully they will have a better
department for handling these issues.
Well I did some more testing at work. I can telnet to their server
(AOL)and
send mail that way. So I did come across something. Now while trolling the
aol postmaster site I did find this snippet:
Queuing Mail
If the email you are attempting to send to America Online is queuing in
your
Outgoing Mail Server there are steps you can take to troubleshoot and
correct
the problem.
You have a Cisco pix firewall.
Please contact Cisco you may need to increase DNS packet size.
DNS Caching.
Please contact your system administrator. DNS caching is known to cause
mail
queuing when sending to the AOL mail server. Specifying IP address of
AOL's
relay servers is also known to cause this issue.
I'll have to contact the company that setup our server and pix as they
said
the work on the pix is all command line. Personally I think they should do
it
for free as this is an ongoing problem. But that's my fight. But at the
same
time I was going to inquire about the mailguard. You said it doesn't need
to
be run, the admin at dnsstuff said it looks like bad programming on
whoever
set it up. I can't find any info as to what mailguard does and if we
really
do/do not need it.
I setup logging, I may have done it right, or not. I ddin't see any text
as
to smtp prtotocols. I also setup alerts for SBS2K3, and I got an email
saying
there was a lot of email sitting in the queue. Which prompted me to search
for queue on aol. I did notice after an hour the log was 5MB. Reading
through
what I could make out, there is a whole lot of mail in there that isn't
from
our company although the sender shows an bogusname@esi-extrusion.com. And
alot of email to postmaster saying stop sending we don't have that
address.
Well I think I'm getting somewhere. just not sure where. Thanks for all
your
help.
"Ben Winzenz [Exchange MVP]" wrote:
Interland is a bunch of morons then. SPF records are DNS resource
records
of type TXT. If they don't know how to do that, and want to cop out and
say
their servers don't support it (which I'd submit is a load of crap), they
don't deserve to be a hosting provider, or at least don't deserve your
business. RFC 1035 (http://www.faqs.org/rfcs/rfc1035.html) defines DNS
resource record types, which include TXT. Since it was submitted in, oh,
1987!, saying their servers doesn't support creating TXT records is
nonsense, unless their server is totally non-RFC compliant, in which
case,
again, they should not be a hosting provider. You might try getting
ahold
of one of their senior network folks. In many cases, the level 1 folks
aren't real bright when it comes to dealing with stuff like that.
AOL adding your IP to *their* whitelist shouldn't be a big deal. It's on
their end, not yours. I would have been more than suspicious if they had
asked you to add their server to your whitelist, though :-)
You enabled logging means......you enabled SMTP Protocol logging? If so,
make sure that you enabled all the advanced logging options. If you
can't
interpret what it is saying (which is ok), please post the relevant
section
of the smtp log that shows the conversation between your server and AOL's
server.
--
Ben Winzenz
Exchange MVP
MessageOne
Read my blog!
http://winzenz.blogspot.com
http://feeds.feedburner.com/winzenz (RSS Feed)
"ESI" <ESI@discussions.microsoft.com> wrote in message
news:8CE77EF5-D6CB-4C5D-90E4-55B8C2D308B1@microsoft.com...
Well I'm still on a quest to send email to aol and yahoo. Your
suggestion
to
add an SPF record applies to our domain hosted by interland. I sent
them a
ticket request for that addition. Their servers do not support that:
Unfortunately, at this time, we are unable to create an SPF record for
the
domain. This is not supported by our servers.
I contacted AOL and they wanted me to submit our IP to there whitelist.
I
didn't see any harm in that, although perplexed as to why I had to.
That
request was approved. Still no email going through.
I enabled logging of the exchange server. I look at the log, I see
where
the
user sent an email, just not quite sure what else in the maze of
gobbledygook
listed shows errors or what not. I get a 4.4.7 error in the returned
email.
Does that help?
"Ben Winzenz [Exchange MVP]" wrote:
You can ignore the Warning on the mail server host name in greeting.
That
only applies to inbound mail. The cause is that you have a Cisco PIX
with
the Mailguard feature turned on. You don't need it enabled, and it
can
potentially cause problems with other mail systems trying to send mail
to
you, but it won't cause the problem of not being able to send mail to
yahoo
or aol. If you want to get rid of that warning, then disable
Mailguard
on
your PIX.
You may want to registry SPF records, as dnsreport suggests. Looks
like
they have a wizard that walks you through how to set up the SPF
record.
SPF
records are registered as TXT records (versus say A or MX records).
--
Ben Winzenz
Exchange MVP
MessageOne
Read my blog!
http://winzenz.blogspot.com
http://feeds.feedburner.com/winzenz (RSS Feed)
"ESI" <ESI@discussions.microsoft.com> wrote in message
news:0533A4AD-1D3B-4BED-8C78-FE95AFAAB5EF@microsoft.com...
The ISP has re-directed the ptr record back to the
mail.esi-extrusion.com.
I
went to the reverse dns on dnsstuff.com and it apparently is
working. I
still
cannot send email to yahoo or aol accounts. When I put in
esi-extrusion.com
in dnsreport.com checker, it still shows the same errors. I don't
know
what
else to change . Any ideas?
"Ben Winzenz [Exchange MVP]" wrote:
You would be asking your ISP to map the PTR record for the IP
address
back
to mail.esi-extrusion.net. It needs to match the name of the
sending
server. Note that your ISP may not be willing to do this. It
isn't
an
unreasonable request, but some ISP's won't do it.
A Smarthost simply means that instead of your server directly
connecting
to
the target server, you will forward all mail to your ISP first, and
your
ISP
will do the actual delivery of the mail. ISP's typically will
allow
their
customers to do this.
Did the company that setup your server indicate what the tweak was?
Regardless, if you are able to resolve MX records for yahoo and
aol,
it
won't be a problem with your DNS server.
--
Ben Winzenz
Exchange MVP
MessageOne
Read my blog!
http://winzenz.blogspot.com
http://feeds.feedburner.com/winzenz (RSS Feed)
"ESI" <ESI@discussions.microsoft.com> wrote in message
news:3645EA9A-C86D-4FCD-945D-85F36E1E948A@microsoft.com...
When we switched from Interland hosting our email to hosting our
own,
it
was
quite a feat to get them to understand what needed changed, as I
remember
our
server IT person had to walk them thru it. Quite conceiveably
they
didn't
do
it correctly.
We do have a static ip for our Exchange Server. SBC is our ISP
and
our
website is hosted by Interland currently. I want to be sure, I am
asking
SBC
to re-map our ptr record back to esi-extrusion.com and not
interland?
I'm do not know what Smarthost is. I'm sorry. I'm going to do a
search
and
read up on it shortly.
I know people in general don't like to help newbies or generally
stupid
people thrust into a position by their company. If I get this all
worked
out,
just know that someone will think your a hero.
"Ben Winzenz [Exchange MVP]" wrote:
You have a PTR record, but it does not map to your MX record.
If a
receiving mail server is doing a reverse-DNS lookup, then the
PTR
record
will not match the name that the server says it is and could
cause
the
connection to be rejected.
Do you have a static IP address, or is this a dynamic IP? If
it's
a
dynamic
IP, then you won't have any control over this. If static, you
can
ask
your
ISP to modify the PTR record to map back to
mail.esi-extrusion.com, |
|
|
| Back to top |
|
|
ESI
Guest
|
| Posted:
Wed Dec 28, 2005 5:58 pm Post subject:
Re: Undeliverable Mail |
|
|
I looked at the Queue for AOL messages stuck in limbo:
The remote Server did not Respond to a Connection attempt.
I wonder if it's even looking in the right place then.
I had message tracking on. Just for more knowledge if anything. Knowledge is
power they say.
12/27/05 8:29pm SMTP Store Driver: Message Submitted From Store
12/27/05 8:29pm SMTP: Message Submitted to Advanced Queuing
12/27/05 8:29pm SMTP: Started Message Submission to Advanced Queue
12/27/05 8:29pm SMTP: Message Submitted to Categorizer
12/27/05 8:29pm SMTP: Message Categorized and queued for routing
12/27/05 8:29pm SMTP Message Routed and Queued for Remote Delivery
And that's it, nothing else.
This has to be something simple, I feel it. I just don't know what else to
try.
"Ben Winzenz [Exchange MVP]" wrote:
| Quote: | No setting for "No AOL" :-)
When you look at the queues, (click on the aol.com queue), it should show
you the status of the queue in the bottom status bar. What is that status?
Also, do you have Message Tracking enabled (Enable it on the properties of
the server)? It doesn't show quite as many details as the SMTP logs, but it
can give you a good idea of what happened to the message. Track messages
using the Message Tracking Center (Tools, Message Tracking Center).
--
Ben Winzenz
Exchange MVP
MessageOne
Read my blog!
http://winzenz.blogspot.com
http://feeds.feedburner.com/winzenz (RSS Feed)
"ESI" <ESI@discussions.microsoft.com> wrote in message
news:BD28A47B-FBEA-4BB2-86D3-D396F6B464A3@microsoft.com...
Well good because I agree. Some people in this world are busting our butts
trying to learn all we can, and some just don't care.
I only worry that disabling the Mailguard will pose a security risk. What
are your thoughts on increasing the packet size?
I do have the logging on. I was impressed I got it. Here's what I found. I
rdp into my work workstation. Send an email to an aol user. Goto server
management and look in the exchange queue. There's a bunch for aol. I look
for the email and it's in the queue. I try the force connection as it
doesn't
show up in the logfile. I go back to the log file and there is nothing for
aol or the specified user for that time. I did a refresh and waited till
the
file time included when I sent it.
It's almost like exchange doesn't even try to send to aol. It just
immediately moves it to the queue, and that's the end of it. Is there a
setting somewhere in Exchange or Outlook 2003 that say no AOL by default?
"Ben Winzenz [Exchange MVP]" wrote:
I thought about the way I had typed that, but I still stand by it. I
can't
stand it when ISP's or hosting providers play dumb because they don't
want
to do something (which is probably what the case is here).
As far as the Cisco PIX, I can't speak to the programming, but here's the
overview of what Mailguard does. It's on by default, BTW - you have to
specifically disable it. Mailguard basically disables all ESMTP
commands,
limiting remote servers to only basic smtp commands. For example, HELO
is a
basic SMTP greeting, while EHLO is an Enhanced (ESMTP) command. If you
telnet to your server (from outside) and issue a EHLO command, the PIX
will
block the command and you'll get back a 500 5.3.3 Unrecognized command
response. Technically, it shouldn't cause issues, but prevents using
some
of the more useful ESMTP commands. If you want to disable it, follow the
instructions in this KB article.
http://support.microsoft.com/kb/320027/
As far as logging, if you enabled SMTP Protocol logging, you will find
the
logs in the c:\windows\system32\logfiles\smtpsvc1 directory. It's
enabled
on the properties of the Default SMTP Virtual server.
--
Ben Winzenz
Exchange MVP
MessageOne
Read my blog!
http://winzenz.blogspot.com
http://feeds.feedburner.com/winzenz (RSS Feed)
"ESI" <ESI@discussions.microsoft.com> wrote in message
news:A5C01817-8344-4A56-8C1F-CCC4E3D8EA4E@microsoft.com...
How do you like Interland now? HEH Well I will push the issue some, we
are
switching hosts within a month to IKH. Hopefully they will have a
better
department for handling these issues.
Well I did some more testing at work. I can telnet to their server
(AOL)and
send mail that way. So I did come across something. Now while trolling
the
aol postmaster site I did find this snippet:
Queuing Mail
If the email you are attempting to send to America Online is queuing in
your
Outgoing Mail Server there are steps you can take to troubleshoot and
correct
the problem.
You have a Cisco pix firewall.
Please contact Cisco you may need to increase DNS packet size.
DNS Caching.
Please contact your system administrator. DNS caching is known to cause
mail
queuing when sending to the AOL mail server. Specifying IP address of
AOL's
relay servers is also known to cause this issue.
I'll have to contact the company that setup our server and pix as they
said
the work on the pix is all command line. Personally I think they should
do
it
for free as this is an ongoing problem. But that's my fight. But at the
same
time I was going to inquire about the mailguard. You said it doesn't
need
to
be run, the admin at dnsstuff said it looks like bad programming on
whoever
set it up. I can't find any info as to what mailguard does and if we
really
do/do not need it.
I setup logging, I may have done it right, or not. I ddin't see any
text
as
to smtp prtotocols. I also setup alerts for SBS2K3, and I got an email
saying
there was a lot of email sitting in the queue. Which prompted me to
search
for queue on aol. I did notice after an hour the log was 5MB. Reading
through
what I could make out, there is a whole lot of mail in there that isn't
from
our company although the sender shows an bogusname@esi-extrusion.com.
And
alot of email to postmaster saying stop sending we don't have that
address.
Well I think I'm getting somewhere. just not sure where. Thanks for all
your
help.
"Ben Winzenz [Exchange MVP]" wrote:
Interland is a bunch of morons then. SPF records are DNS resource
records
of type TXT. If they don't know how to do that, and want to cop out
and
say
their servers don't support it (which I'd submit is a load of crap),
they
don't deserve to be a hosting provider, or at least don't deserve your
business. RFC 1035 (http://www.faqs.org/rfcs/rfc1035.html) defines
DNS
resource record types, which include TXT. Since it was submitted in,
oh,
1987!, saying their servers doesn't support creating TXT records is
nonsense, unless their server is totally non-RFC compliant, in which
case,
again, they should not be a hosting provider. You might try getting
ahold
of one of their senior network folks. In many cases, the level 1
folks
aren't real bright when it comes to dealing with stuff like that.
AOL adding your IP to *their* whitelist shouldn't be a big deal. It's
on
their end, not yours. I would have been more than suspicious if they
had
asked you to add their server to your whitelist, though :-)
You enabled logging means......you enabled SMTP Protocol logging? If
so,
make sure that you enabled all the advanced logging options. If you
can't
interpret what it is saying (which is ok), please post the relevant
section
of the smtp log that shows the conversation between your server and
AOL's
server.
--
Ben Winzenz
Exchange MVP
MessageOne
Read my blog!
http://winzenz.blogspot.com
http://feeds.feedburner.com/winzenz (RSS Feed)
"ESI" <ESI@discussions.microsoft.com> wrote in message
news:8CE77EF5-D6CB-4C5D-90E4-55B8C2D308B1@microsoft.com...
Well I'm still on a quest to send email to aol and yahoo. Your
suggestion
to
add an SPF record applies to our domain hosted by interland. I sent
them a
ticket request for that addition. Their servers do not support that:
Unfortunately, at this time, we are unable to create an SPF record
for
the
domain. This is not supported by our servers.
I contacted AOL and they wanted me to submit our IP to there
whitelist.
I
didn't see any harm in that, although perplexed as to why I had to.
That
request was approved. Still no email going through.
I enabled logging of the exchange server. I look at the log, I see
where
the
user sent an email, just not quite sure what else in the maze of
gobbledygook
listed shows errors or what not. I get a 4.4.7 error in the returned
email.
Does that help?
"Ben Winzenz [Exchange MVP]" wrote:
You can ignore the Warning on the mail server host name in
greeting.
That
only applies to inbound mail. The cause is that you have a Cisco
PIX
with
the Mailguard feature turned on. You don't need it enabled, and it
can
potentially cause problems with other mail systems trying to send
mail
to
you, but it won't cause the problem of not being able to send mail
to
yahoo
or aol. If you want to get rid of that warning, then disable
Mailguard
on
your PIX.
You may want to registry SPF records, as dnsreport suggests. Looks
like
they have a wizard that walks you through how to set up the SPF
record.
SPF
records are registered as TXT records (versus say A or MX records).
--
Ben Winzenz
Exchange MVP
MessageOne
Read my blog!
http://winzenz.blogspot.com
http://feeds.feedburner.com/winzenz (RSS Feed)
"ESI" <ESI@discussions.microsoft.com> wrote in message
news:0533A4AD-1D3B-4BED-8C78-FE95AFAAB5EF@microsoft.com...
The ISP has re-directed the ptr record back to the
mail.esi-extrusion.com.
I
went to the reverse dns on dnsstuff.com and it apparently is
working. I
still
cannot send email to yahoo or aol accounts. When I put in
esi-extrusion.com
in dnsreport.com checker, it still shows the same errors. I don't
know
what
else to change . Any ideas?
"Ben Winzenz [Exchange MVP]" wrote:
You would be asking your ISP to map the PTR record for the IP
address
back
to mail.esi-extrusion.net. It needs to match the name of the
sending
server. Note that your ISP may not be willing to do this. It
isn't
an
unreasonable request, but some ISP's won't do it.
A Smarthost simply means that instead of your server directly
connecting
to
the target server, you will forward all mail to your ISP first,
and
your
ISP
will do the actual delivery of the mail. ISP's typically will
allow
their |
|
|
| Back to top |
|
|
ESI
Guest
|
| Posted:
Wed Dec 28, 2005 5:58 pm Post subject:
Re: Undeliverable Mail |
|
|
Well adding an spf record is out of the question. See below:
Yes, our large, cluster-based DNS system is compliant with RFC 1035. It
does support the use of TXT records. The actual DNS system itself, that is.
But we use a third party DNS management tool (NicTool) which does NOT support
the use of TXT records at this time.
TXT records have been around forever, but have never been used for any real
purpose, prior to SPF. Because TXT records were not used for anything at the
time, the designers of NicTool did not develop TXT record functionality into
the product. My understanding is that this is being or has been added to
newer versions of NicTool. However, because the cost to upgrade our very
large DNS system, and the serious potential for customer downtime in the
process, we are not going to be making this upgrade until ONE sender
authentication protocol is selected by the IETF as the OFFICIAL accepted
protocol. Currently, there are a number of different solutions being
developed around the world, with SPF being only one of them. While SPF is
widely used across the board, no postmaster in his right mind would block
mail solely based upon SPF, as it is not yet an adopted STANDARD. With SPF
not being a single, internationally recognized answer for the sender
authentication problem, and wit!
h no non-SPF reason to have TXT records enabled, it is not economically
feasible to risk the cost and downtime as of yet
"Ben Winzenz [Exchange MVP]" wrote:
| Quote: | I thought about the way I had typed that, but I still stand by it. I can't
stand it when ISP's or hosting providers play dumb because they don't want
to do something (which is probably what the case is here).
As far as the Cisco PIX, I can't speak to the programming, but here's the
overview of what Mailguard does. It's on by default, BTW - you have to
specifically disable it. Mailguard basically disables all ESMTP commands,
limiting remote servers to only basic smtp commands. For example, HELO is a
basic SMTP greeting, while EHLO is an Enhanced (ESMTP) command. If you
telnet to your server (from outside) and issue a EHLO command, the PIX will
block the command and you'll get back a 500 5.3.3 Unrecognized command
response. Technically, it shouldn't cause issues, but prevents using some
of the more useful ESMTP commands. If you want to disable it, follow the
instructions in this KB article.
http://support.microsoft.com/kb/320027/
As far as logging, if you enabled SMTP Protocol logging, you will find the
logs in the c:\windows\system32\logfiles\smtpsvc1 directory. It's enabled
on the properties of the Default SMTP Virtual server.
--
Ben Winzenz
Exchange MVP
MessageOne
Read my blog!
http://winzenz.blogspot.com
http://feeds.feedburner.com/winzenz (RSS Feed)
"ESI" <ESI@discussions.microsoft.com> wrote in message
news:A5C01817-8344-4A56-8C1F-CCC4E3D8EA4E@microsoft.com...
How do you like Interland now? HEH Well I will push the issue some, we are
switching hosts within a month to IKH. Hopefully they will have a better
department for handling these issues.
Well I did some more testing at work. I can telnet to their server
(AOL)and
send mail that way. So I did come across something. Now while trolling the
aol postmaster site I did find this snippet:
Queuing Mail
If the email you are attempting to send to America Online is queuing in
your
Outgoing Mail Server there are steps you can take to troubleshoot and
correct
the problem.
You have a Cisco pix firewall.
Please contact Cisco you may need to increase DNS packet size.
DNS Caching.
Please contact your system administrator. DNS caching is known to cause
mail
queuing when sending to the AOL mail server. Specifying IP address of
AOL's
relay servers is also known to cause this issue.
I'll have to contact the company that setup our server and pix as they
said
the work on the pix is all command line. Personally I think they should do
it
for free as this is an ongoing problem. But that's my fight. But at the
same
time I was going to inquire about the mailguard. You said it doesn't need
to
be run, the admin at dnsstuff said it looks like bad programming on
whoever
set it up. I can't find any info as to what mailguard does and if we
really
do/do not need it.
I setup logging, I may have done it right, or not. I ddin't see any text
as
to smtp prtotocols. I also setup alerts for SBS2K3, and I got an email
saying
there was a lot of email sitting in the queue. Which prompted me to search
for queue on aol. I did notice after an hour the log was 5MB. Reading
through
what I could make out, there is a whole lot of mail in there that isn't
from
our company although the sender shows an bogusname@esi-extrusion.com. And
alot of email to postmaster saying stop sending we don't have that
address.
Well I think I'm getting somewhere. just not sure where. Thanks for all
your
help.
"Ben Winzenz [Exchange MVP]" wrote:
Interland is a bunch of morons then. SPF records are DNS resource
records
of type TXT. If they don't know how to do that, and want to cop out and
say
their servers don't support it (which I'd submit is a load of crap), they
don't deserve to be a hosting provider, or at least don't deserve your
business. RFC 1035 (http://www.faqs.org/rfcs/rfc1035.html) defines DNS
resource record types, which include TXT. Since it was submitted in, oh,
1987!, saying their servers doesn't support creating TXT records is
nonsense, unless their server is totally non-RFC compliant, in which
case,
again, they should not be a hosting provider. You might try getting
ahold
of one of their senior network folks. In many cases, the level 1 folks
aren't real bright when it comes to dealing with stuff like that.
AOL adding your IP to *their* whitelist shouldn't be a big deal. It's on
their end, not yours. I would have been more than suspicious if they had
asked you to add their server to your whitelist, though :-)
You enabled logging means......you enabled SMTP Protocol logging? If so,
make sure that you enabled all the advanced logging options. If you
can't
interpret what it is saying (which is ok), please post the relevant
section
of the smtp log that shows the conversation between your server and AOL's
server.
--
Ben Winzenz
Exchange MVP
MessageOne
Read my blog!
http://winzenz.blogspot.com
http://feeds.feedburner.com/winzenz (RSS Feed)
"ESI" <ESI@discussions.microsoft.com> wrote in message
news:8CE77EF5-D6CB-4C5D-90E4-55B8C2D308B1@microsoft.com...
Well I'm still on a quest to send email to aol and yahoo. Your
suggestion
to
add an SPF record applies to our domain hosted by interland. I sent
them a
ticket request for that addition. Their servers do not support that:
Unfortunately, at this time, we are unable to create an SPF record for
the
domain. This is not supported by our servers.
I contacted AOL and they wanted me to submit our IP to there whitelist.
I
didn't see any harm in that, although perplexed as to why I had to.
That
request was approved. Still no email going through.
I enabled logging of the exchange server. I look at the log, I see
where
the
user sent an email, just not quite sure what else in the maze of
gobbledygook
listed shows errors or what not. I get a 4.4.7 error in the returned
email.
Does that help?
"Ben Winzenz [Exchange MVP]" wrote:
You can ignore the Warning on the mail server host name in greeting.
That
only applies to inbound mail. The cause is that you have a Cisco PIX
with
the Mailguard feature turned on. You don't need it enabled, and it
can
potentially cause problems with other mail systems trying to send mail
to
you, but it won't cause the problem of not being able to send mail to
yahoo
or aol. If you want to get rid of that warning, then disable
Mailguard
on
your PIX.
You may want to registry SPF records, as dnsreport suggests. Looks
like
they have a wizard that walks you through how to set up the SPF
record.
SPF
records are registered as TXT records (versus say A or MX records).
--
Ben Winzenz
Exchange MVP
MessageOne
Read my blog!
http://winzenz.blogspot.com
http://feeds.feedburner.com/winzenz (RSS Feed)
"ESI" <ESI@discussions.microsoft.com> wrote in message
news:0533A4AD-1D3B-4BED-8C78-FE95AFAAB5EF@microsoft.com...
The ISP has re-directed the ptr record back to the
mail.esi-extrusion.com.
I
went to the reverse dns on dnsstuff.com and it apparently is
working. I
still
cannot send email to yahoo or aol accounts. When I put in
esi-extrusion.com
in dnsreport.com checker, it still shows the same errors. I don't
know
what
else to change . Any ideas?
"Ben Winzenz [Exchange MVP]" wrote:
You would be asking your ISP to map the PTR record for the IP
address
back
to mail.esi-extrusion.net. It needs to match the name of the
sending
server. Note that your ISP may not be willing to do this. It
isn't
an
unreasonable request, but some ISP's won't do it.
A Smarthost simply means that instead of your server directly
connecting
to
the target server, you will forward all mail to your ISP first, and
your
ISP
will do the actual delivery of the mail. ISP's typically will
allow
their
customers to do this.
Did the company that setup your server indicate what the tweak was?
Regardless, if you are able to resolve MX records for yahoo and
aol,
it
won't be a problem with your DNS server.
--
Ben Winzenz
Exchange MVP
MessageOne
Read my blog!
http://winzenz.blogspot.com
http://feeds.feedburner.com/winzenz (RSS Feed)
"ESI" <ESI@discussions.microsoft.com> wrote in message
news:3645EA9A-C86D-4FCD-945D-85F36E1E948A@microsoft.com...
When we switched from Interland hosting our email to hosting our
own,
it
was
quite a feat to get them to understand what needed changed, as I
remember
our
server IT person had to walk them thru it. Quite conceiveably
they
didn't
do
it correctly.
We do have a static ip for our Exchange Server. SBC is our ISP
and
our
website is hosted by Interland currently. I want to be sure, I am
asking
SBC
to re-map our ptr record back to esi-extrusion.com and not
interland?
I'm do not know what Smarthost is. I'm sorry. I'm going to do a
search
and
read up on it shortly.
I know people in general don't like to help newbies or generally
stupid
people thrust into a position by their company. If I get this all
worked
out,
just know that someone will think your a hero.
"Ben Winzenz [Exchange MVP]" wrote:
You have a PTR record, but it does not map to your MX record.
If a
receiving mail server is doing a reverse-DNS lookup, then the
PTR
record
will not match the name that the server says it is and could
cause
the
connection to be rejected.
Do you have a static IP address, or is this a dynamic IP? If
it's
a
dynamic
IP, then you won't have any control over this. If static, you
can
ask
your
ISP to modify the PTR record to map back to
mail.esi-extrusion.com, |
|
|
| Back to top |
|
|
Ben Winzenz [Exchange MVP
Guest
|
| Posted:
Wed Dec 28, 2005 5:58 pm Post subject:
Re: Undeliverable Mail |
|
|
Bummer. I agree with their assessment that no one in their right mind would
block based on SPF alone with one exception - no one *should* block based
solely on SPF (or lack thereof). I don't think anyone in their right mind
should block solely based on someone else's RBL either, but that's me.
Anyway, regarding your other question about the Cisco stuff - personally, I
don't see any risk in increasing the allowed packet size. It's actually an
issue with I believe Windows 2003 and the PIX. See
http://support.microsoft.com/kb/q828263/ for more details. Looks like you
can either disable EDNS on the Windows 2003 Server, or allow increased DNS
packets on the PIX - your pick.
--
Ben Winzenz
Exchange MVP
MessageOne
Read my blog!
http://winzenz.blogspot.com
http://feeds.feedburner.com/winzenz (RSS Feed)
"ESI" <ESI@discussions.microsoft.com> wrote in message
news:CA130954-4DB4-406E-B006-86A824850A2C@microsoft.com...
| Quote: | Well adding an spf record is out of the question. See below:
Yes, our large, cluster-based DNS system is compliant with RFC 1035. It
does support the use of TXT records. The actual DNS system itself, that
is.
But we use a third party DNS management tool (NicTool) which does NOT
support
the use of TXT records at this time.
TXT records have been around forever, but have never been used for any
real
purpose, prior to SPF. Because TXT records were not used for anything at
the
time, the designers of NicTool did not develop TXT record functionality
into
the product. My understanding is that this is being or has been added to
newer versions of NicTool. However, because the cost to upgrade our very
large DNS system, and the serious potential for customer downtime in the
process, we are not going to be making this upgrade until ONE sender
authentication protocol is selected by the IETF as the OFFICIAL accepted
protocol. Currently, there are a number of different solutions being
developed around the world, with SPF being only one of them. While SPF is
widely used across the board, no postmaster in his right mind would block
mail solely based upon SPF, as it is not yet an adopted STANDARD. With
SPF
not being a single, internationally recognized answer for the sender
authentication problem, and wit!
h no non-SPF reason to have TXT records enabled, it is not economically
feasible to risk the cost and downtime as of yet
"Ben Winzenz [Exchange MVP]" wrote:
I thought about the way I had typed that, but I still stand by it. I
can't
stand it when ISP's or hosting providers play dumb because they don't
want
to do something (which is probably what the case is here).
As far as the Cisco PIX, I can't speak to the programming, but here's the
overview of what Mailguard does. It's on by default, BTW - you have to
specifically disable it. Mailguard basically disables all ESMTP
commands,
limiting remote servers to only basic smtp commands. For example, HELO
is a
basic SMTP greeting, while EHLO is an Enhanced (ESMTP) command. If you
telnet to your server (from outside) and issue a EHLO command, the PIX
will
block the command and you'll get back a 500 5.3.3 Unrecognized command
response. Technically, it shouldn't cause issues, but prevents using
some
of the more useful ESMTP commands. If you want to disable it, follow the
instructions in this KB article.
http://support.microsoft.com/kb/320027/
As far as logging, if you enabled SMTP Protocol logging, you will find
the
logs in the c:\windows\system32\logfiles\smtpsvc1 directory. It's
enabled
on the properties of the Default SMTP Virtual server.
--
Ben Winzenz
Exchange MVP
MessageOne
Read my blog!
http://winzenz.blogspot.com
http://feeds.feedburner.com/winzenz (RSS Feed)
"ESI" <ESI@discussions.microsoft.com> wrote in message
news:A5C01817-8344-4A56-8C1F-CCC4E3D8EA4E@microsoft.com...
How do you like Interland now? HEH Well I will push the issue some, we
are
switching hosts within a month to IKH. Hopefully they will have a
better
department for handling these issues.
Well I did some more testing at work. I can telnet to their server
(AOL)and
send mail that way. So I did come across something. Now while trolling
the
aol postmaster site I did find this snippet:
Queuing Mail
If the email you are attempting to send to America Online is queuing in
your
Outgoing Mail Server there are steps you can take to troubleshoot and
correct
the problem.
You have a Cisco pix firewall.
Please contact Cisco you may need to increase DNS packet size.
DNS Caching.
Please contact your system administrator. DNS caching is known to cause
mail
queuing when sending to the AOL mail server. Specifying IP address of
AOL's
relay servers is also known to cause this issue.
I'll have to contact the company that setup our server and pix as they
said
the work on the pix is all command line. Personally I think they should
do
it
for free as this is an ongoing problem. But that's my fight. But at the
same
time I was going to inquire about the mailguard. You said it doesn't
need
to
be run, the admin at dnsstuff said it looks like bad programming on
whoever
set it up. I can't find any info as to what mailguard does and if we
really
do/do not need it.
I setup logging, I may have done it right, or not. I ddin't see any
text
as
to smtp prtotocols. I also setup alerts for SBS2K3, and I got an email
saying
there was a lot of email sitting in the queue. Which prompted me to
search
for queue on aol. I did notice after an hour the log was 5MB. Reading
through
what I could make out, there is a whole lot of mail in there that isn't
from
our company although the sender shows an bogusname@esi-extrusion.com.
And
alot of email to postmaster saying stop sending we don't have that
address.
Well I think I'm getting somewhere. just not sure where. Thanks for all
your
help.
"Ben Winzenz [Exchange MVP]" wrote:
Interland is a bunch of morons then. SPF records are DNS resource
records
of type TXT. If they don't know how to do that, and want to cop out
and
say
their servers don't support it (which I'd submit is a load of crap),
they
don't deserve to be a hosting provider, or at least don't deserve your
business. RFC 1035 (http://www.faqs.org/rfcs/rfc1035.html) defines
DNS
resource record types, which include TXT. Since it was submitted in,
oh,
1987!, saying their servers doesn't support creating TXT records is
nonsense, unless their server is totally non-RFC compliant, in which
case,
again, they should not be a hosting provider. You might try getting
ahold
of one of their senior network folks. In many cases, the level 1
folks
aren't real bright when it comes to dealing with stuff like that.
AOL adding your IP to *their* whitelist shouldn't be a big deal. It's
on
their end, not yours. I would have been more than suspicious if they
had
asked you to add their server to your whitelist, though :-)
You enabled logging means......you enabled SMTP Protocol logging? If
so,
make sure that you enabled all the advanced logging options. If you
can't
interpret what it is saying (which is ok), please post the relevant
section
of the smtp log that shows the conversation between your server and
AOL's
server.
--
Ben Winzenz
Exchange MVP
MessageOne
Read my blog!
http://winzenz.blogspot.com
http://feeds.feedburner.com/winzenz (RSS Feed)
"ESI" <ESI@discussions.microsoft.com> wrote in message
news:8CE77EF5-D6CB-4C5D-90E4-55B8C2D308B1@microsoft.com...
Well I'm still on a quest to send email to aol and yahoo. Your
suggestion
to
add an SPF record applies to our domain hosted by interland. I sent
them a
ticket request for that addition. Their servers do not support that:
Unfortunately, at this time, we are unable to create an SPF record
for
the
domain. This is not supported by our servers.
I contacted AOL and they wanted me to submit our IP to there
whitelist.
I
didn't see any harm in that, although perplexed as to why I had to.
That
request was approved. Still no email going through.
I enabled logging of the exchange server. I look at the log, I see
where
the
user sent an email, just not quite sure what else in the maze of
gobbledygook
listed shows errors or what not. I get a 4.4.7 error in the returned
email.
Does that help?
"Ben Winzenz [Exchange MVP]" wrote:
You can ignore the Warning on the mail server host name in
greeting.
That
only applies to inbound mail. The cause is that you have a Cisco
PIX
with
the Mailguard feature turned on. You don't need it enabled, and it
can
potentially cause problems with other mail systems trying to send
mail
to
you, but it won't cause the problem of not being able to send mail
to
yahoo
or aol. If you want to get rid of that warning, then disable
Mailguard
on
your PIX.
You may want to registry SPF records, as dnsreport suggests. Looks
like
they have a wizard that walks you through how to set up the SPF
record.
SPF
records are registered as TXT records (versus say A or MX records).
--
Ben Winzenz
Exchange MVP
MessageOne
Read my blog!
http://winzenz.blogspot.com
http://feeds.feedburner.com/winzenz (RSS Feed)
"ESI" <ESI@discussions.microsoft.com> wrote in message
news:0533A4AD-1D3B-4BED-8C78-FE95AFAAB5EF@microsoft.com...
The ISP has re-directed the ptr record back to the
mail.esi-extrusion.com.
I
went to the reverse dns on dnsstuff.com and it apparently is
working. I
still
cannot send email to yahoo or aol accounts. When I put in
esi-extrusion.com
in dnsreport.com checker, it still shows the same errors. I don't
know
what
else to change . Any ideas?
"Ben Winzenz [Exchange MVP]" wrote:
You would be asking your ISP to map the PTR record for the IP
address
back
to mail.esi-extrusion.net. It needs to match the name of the
sending
server. Note that your ISP may not be willing to do this. It
isn't
an
unreasonable request, but some ISP's won't do it.
A Smarthost simply means that instead of your server directly
connecting
to
the target server, you will forward all mail to your ISP first,
and
your
ISP
will do the actual delivery of the mail. ISP's typically will
allow
their
customers to do this.
Did the company that setup your server indicate what the tweak
was?
Regardless, if you are able to resolve MX records for yahoo and
aol,
it
won't be a problem with your DNS server.
--
Ben Winzenz
Exchange MVP
MessageOne
Read my blog!
http://winzenz.blogspot.com
http://feeds.feedburner.com/winzenz (RSS Feed)
"ESI" <ESI@discussions.microsoft.com> wrote in message
news:3645EA9A-C86D-4FCD-945D-85F36E1E948A@microsoft.com...
When we switched from Interland hosting our email to hosting
our
own,
it
was
quite a feat to get them to understand what needed changed, as
I
remember
our
server IT person had to walk them thru it. Quite conceiveably
they
didn't
do
it correctly.
We do have a static ip for our Exchange Server. SBC is our ISP
and
our
website is hosted by Interland currently. I want to be sure, I
am
asking
SBC
to re-map our ptr record back to esi-extrusion.com and not
interland?
I'm do not know what Smarthost is. I'm sorry. I'm going to do
a
search
and
read up on it shortly.
I know people in general don't like to help newbies or
generally
stupid
people thrust into a position by their company. If I get this
all
worked
out,
just know that someone will think your a hero.
"Ben Winzenz [Exchange MVP]" wrote:
You have a PTR record, but it does not map to your MX record.
If a
receiving mail server is doing a reverse-DNS lookup, then the
PTR
record
will not match the name that the server says it is and could
cause
the
connection to be rejected.
Do you have a static IP address, or is this a dynamic IP? If
it's
a
dynamic
IP, then you won't have any control over this. If static,
you
can
ask
your
ISP to modify the PTR record to map back to
mail.esi-extrusion.com, |
|
|
| Back to top |
|
|
Ben Winzenz [Exchange MVP
Guest
|
| Posted:
Wed Dec 28, 2005 5:58 pm Post subject:
Re: Undeliverable Mail |
|
|
No setting for "No AOL" :-)
When you look at the queues, (click on the aol.com queue), it should show
you the status of the queue in the bottom status bar. What is that status?
Also, do you have Message Tracking enabled (Enable it on the properties of
the server)? It doesn't show quite as many details as the SMTP logs, but it
can give you a good idea of what happened to the message. Track messages
using the Message Tracking Center (Tools, Message Tracking Center).
--
Ben Winzenz
Exchange MVP
MessageOne
Read my blog!
http://winzenz.blogspot.com
http://feeds.feedburner.com/winzenz (RSS Feed)
"ESI" <ESI@discussions.microsoft.com> wrote in message
news:BD28A47B-FBEA-4BB2-86D3-D396F6B464A3@microsoft.com...
| Quote: | Well good because I agree. Some people in this world are busting our butts
trying to learn all we can, and some just don't care.
I only worry that disabling the Mailguard will pose a security risk. What
are your thoughts on increasing the packet size?
I do have the logging on. I was impressed I got it. Here's what I found. I
rdp into my work workstation. Send an email to an aol user. Goto server
management and look in the exchange queue. There's a bunch for aol. I look
for the email and it's in the queue. I try the force connection as it
doesn't
show up in the logfile. I go back to the log file and there is nothing for
aol or the specified user for that time. I did a refresh and waited till
the
file time included when I sent it.
It's almost like exchange doesn't even try to send to aol. It just
immediately moves it to the queue, and that's the end of it. Is there a
setting somewhere in Exchange or Outlook 2003 that say no AOL by default?
"Ben Winzenz [Exchange MVP]" wrote:
I thought about the way I had typed that, but I still stand by it. I
can't
stand it when ISP's or hosting providers play dumb because they don't
want
to do something (which is probably what the case is here).
As far as the Cisco PIX, I can't speak to the programming, but here's the
overview of what Mailguard does. It's on by default, BTW - you have to
specifically disable it. Mailguard basically disables all ESMTP
commands,
limiting remote servers to only basic smtp commands. For example, HELO
is a
basic SMTP greeting, while EHLO is an Enhanced (ESMTP) command. If you
telnet to your server (from outside) and issue a EHLO command, the PIX
will
block the command and you'll get back a 500 5.3.3 Unrecognized command
response. Technically, it shouldn't cause issues, but prevents using
some
of the more useful ESMTP commands. If you want to disable it, follow the
instructions in this KB article.
http://support.microsoft.com/kb/320027/
As far as logging, if you enabled SMTP Protocol logging, you will find
the
logs in the c:\windows\system32\logfiles\smtpsvc1 directory. It's
enabled
on the properties of the Default SMTP Virtual server.
--
Ben Winzenz
Exchange MVP
MessageOne
Read my blog!
http://winzenz.blogspot.com
http://feeds.feedburner.com/winzenz (RSS Feed)
"ESI" <ESI@discussions.microsoft.com> wrote in message
news:A5C01817-8344-4A56-8C1F-CCC4E3D8EA4E@microsoft.com...
How do you like Interland now? HEH Well I will push the issue some, we
are
switching hosts within a month to IKH. Hopefully they will have a
better
department for handling these issues.
Well I did some more testing at work. I can telnet to their server
(AOL)and
send mail that way. So I did come across something. Now while trolling
the
aol postmaster site I did find this snippet:
Queuing Mail
If the email you are attempting to send to America Online is queuing in
your
Outgoing Mail Server there are steps you can take to troubleshoot and
correct
the problem.
You have a Cisco pix firewall.
Please contact Cisco you may need to increase DNS packet size.
DNS Caching.
Please contact your system administrator. DNS caching is known to cause
mail
queuing when sending to the AOL mail server. Specifying IP address of
AOL's
relay servers is also known to cause this issue.
I'll have to contact the company that setup our server and pix as they
said
the work on the pix is all command line. Personally I think they should
do
it
for free as this is an ongoing problem. But that's my fight. But at the
same
time I was going to inquire about the mailguard. You said it doesn't
need
to
be run, the admin at dnsstuff said it looks like bad programming on
whoever
set it up. I can't find any info as to what mailguard does and if we
really
do/do not need it.
I setup logging, I may have done it right, or not. I ddin't see any
text
as
to smtp prtotocols. I also setup alerts for SBS2K3, and I got an email
saying
there was a lot of email sitting in the queue. Which prompted me to
search
for queue on aol. I did notice after an hour the log was 5MB. Reading
through
what I could make out, there is a whole lot of mail in there that isn't
from
our company although the sender shows an bogusname@esi-extrusion.com.
And
alot of email to postmaster saying stop sending we don't have that
address.
Well I think I'm getting somewhere. just not sure where. Thanks for all
your
help.
"Ben Winzenz [Exchange MVP]" wrote:
Interland is a bunch of morons then. SPF records are DNS resource
records
of type TXT. If they don't know how to do that, and want to cop out
and
say
their servers don't support it (which I'd submit is a load of crap),
they
don't deserve to be a hosting provider, or at least don't deserve your
business. RFC 1035 (http://www.faqs.org/rfcs/rfc1035.html) defines
DNS
resource record types, which include TXT. Since it was submitted in,
oh,
1987!, saying their servers doesn't support creating TXT records is
nonsense, unless their server is totally non-RFC compliant, in which
case,
again, they should not be a hosting provider. You might try getting
ahold
of one of their senior network folks. In many cases, the level 1
folks
aren't real bright when it comes to dealing with stuff like that.
AOL adding your IP to *their* whitelist shouldn't be a big deal. It's
on
their end, not yours. I would have been more than suspicious if they
had
asked you to add their server to your whitelist, though :-)
You enabled logging means......you enabled SMTP Protocol logging? If
so,
make sure that you enabled all the advanced logging options. If you
can't
interpret what it is saying (which is ok), please post the relevant
section
of the smtp log that shows the conversation between your server and
AOL's
server.
--
Ben Winzenz
Exchange MVP
MessageOne
Read my blog!
http://winzenz.blogspot.com
http://feeds.feedburner.com/winzenz (RSS Feed)
"ESI" <ESI@discussions.microsoft.com> wrote in message
news:8CE77EF5-D6CB-4C5D-90E4-55B8C2D308B1@microsoft.com...
Well I'm still on a quest to send email to aol and yahoo. Your
suggestion
to
add an SPF record applies to our domain hosted by interland. I sent
them a
ticket request for that addition. Their servers do not support that:
Unfortunately, at this time, we are unable to create an SPF record
for
the
domain. This is not supported by our servers.
I contacted AOL and they wanted me to submit our IP to there
whitelist.
I
didn't see any harm in that, although perplexed as to why I had to.
That
request was approved. Still no email going through.
I enabled logging of the exchange server. I look at the log, I see
where
the
user sent an email, just not quite sure what else in the maze of
gobbledygook
listed shows errors or what not. I get a 4.4.7 error in the returned
email.
Does that help?
"Ben Winzenz [Exchange MVP]" wrote:
You can ignore the Warning on the mail server host name in
greeting.
That
only applies to inbound mail. The cause is that you have a Cisco
PIX
with
the Mailguard feature turned on. You don't need it enabled, and it
can
potentially cause problems with other mail systems trying to send
mail
to
you, but it won't cause the problem of not being able to send mail
to
yahoo
or aol. If you want to get rid of that warning, then disable
Mailguard
on
your PIX.
You may want to registry SPF records, as dnsreport suggests. Looks
like
they have a wizard that walks you through how to set up the SPF
record.
SPF
records are registered as TXT records (versus say A or MX records).
--
Ben Winzenz
Exchange MVP
MessageOne
Read my blog!
http://winzenz.blogspot.com
http://feeds.feedburner.com/winzenz (RSS Feed)
"ESI" <ESI@discussions.microsoft.com> wrote in message
news:0533A4AD-1D3B-4BED-8C78-FE95AFAAB5EF@microsoft.com...
The ISP has re-directed the ptr record back to the
mail.esi-extrusion.com.
I
went to the reverse dns on dnsstuff.com and it apparently is
working. I
still
cannot send email to yahoo or aol accounts. When I put in
esi-extrusion.com
in dnsreport.com checker, it still shows the same errors. I don't
know
what
else to change . Any ideas?
"Ben Winzenz [Exchange MVP]" wrote:
You would be asking your ISP to map the PTR record for the IP
address
back
to mail.esi-extrusion.net. It needs to match the name of the
sending
server. Note that your ISP may not be willing to do this. It
isn't
an
unreasonable request, but some ISP's won't do it.
A Smarthost simply means that instead of your server directly
connecting
to
the target server, you will forward all mail to your ISP first,
and
your
ISP
will do the actual delivery of the mail. ISP's typically will
allow
their
customers to do this.
Did the company that setup your server indicate what the tweak
was?
Regardless, if you are able to resolve MX records for yahoo and
aol,
it
won't be a problem with your DNS server.
--
Ben Winzenz
Exchange MVP
MessageOne
Read my blog!
http://winzenz.blogspot.com
http://feeds.feedburner.com/winzenz (RSS Feed)
"ESI" <ESI@discussions.microsoft.com> wrote in message
news:3645EA9A-C86D-4FCD-945D-85F36E1E948A@microsoft.com...
When we switched from Interland hosting our email to hosting
our
own,
it
was
quite a feat to get them to understand what needed changed, as
I
remember
our
server IT person had to walk them thru it. Quite conceiveably
they
didn't
do
it correctly.
We do have a static ip for our Exchange Server. SBC is our ISP
and
our
website is hosted by Interland currently. I want to be sure, I
am
asking
SBC
to re-map our ptr record back to esi-extrusion.com and not
interland?
I'm do not know what Smarthost is. I'm sorry. I'm going to do
a
search
and
read up on it shortly.
I know people in general don't like to help newbies or
generally
stupid
people thrust into a position by their company. If I get this
all
worked
out,
just know that someone will think your a hero.
"Ben Winzenz [Exchange MVP]" wrote:
You have a PTR record, but it does not map to your MX record.
If a
receiving mail server is doing a reverse-DNS lookup, then the
PTR
record
will not match the name that the server says it is and could
cause
the
connection to be rejected.
Do you have a static IP address, or is this a dynamic IP? If
it's
a
dynamic
IP, then you won't have any control over this. If static,
you
can
ask
your
ISP to modify the PTR record to map back to
mail.esi-extrusion.com, |
|
|
| Back to top |
|
|
ESI
Guest
|
| Posted:
Wed Dec 28, 2005 5:58 pm Post subject:
Re: Undeliverable Mail |
|
|
It is now working. Yahoo, AOL and the others. I sure appreciate your
commitment to follow through and help. I hope you have a happy holiday season.
"Ben Winzenz [Exchange MVP]" wrote:
| Quote: | Bummer. I agree with their assessment that no one in their right mind would
block based on SPF alone with one exception - no one *should* block based
solely on SPF (or lack thereof). I don't think anyone in their right mind
should block solely based on someone else's RBL either, but that's me.
Anyway, regarding your other question about the Cisco stuff - personally, I
don't see any risk in increasing the allowed packet size. It's actually an
issue with I believe Windows 2003 and the PIX. See
http://support.microsoft.com/kb/q828263/ for more details. Looks like you
can either disable EDNS on the Windows 2003 Server, or allow increased DNS
packets on the PIX - your pick.
--
Ben Winzenz
Exchange MVP
MessageOne
Read my blog!
http://winzenz.blogspot.com
http://feeds.feedburner.com/winzenz (RSS Feed)
"ESI" <ESI@discussions.microsoft.com> wrote in message
news:CA130954-4DB4-406E-B006-86A824850A2C@microsoft.com...
Well adding an spf record is out of the question. See below:
Yes, our large, cluster-based DNS system is compliant with RFC 1035. It
does support the use of TXT records. The actual DNS system itself, that
is.
But we use a third party DNS management tool (NicTool) which does NOT
support
the use of TXT records at this time.
TXT records have been around forever, but have never been used for any
real
purpose, prior to SPF. Because TXT records were not used for anything at
the
time, the designers of NicTool did not develop TXT record functionality
into
the product. My understanding is that this is being or has been added to
newer versions of NicTool. However, because the cost to upgrade our very
large DNS system, and the serious potential for customer downtime in the
process, we are not going to be making this upgrade until ONE sender
authentication protocol is selected by the IETF as the OFFICIAL accepted
protocol. Currently, there are a number of different solutions being
developed around the world, with SPF being only one of them. While SPF is
widely used across the board, no postmaster in his right mind would block
mail solely based upon SPF, as it is not yet an adopted STANDARD. With
SPF
not being a single, internationally recognized answer for the sender
authentication problem, and wit!
h no non-SPF reason to have TXT records enabled, it is not economically
feasible to risk the cost and downtime as of yet
"Ben Winzenz [Exchange MVP]" wrote:
I thought about the way I had typed that, but I still stand by it. I
can't
stand it when ISP's or hosting providers play dumb because they don't
want
to do something (which is probably what the case is here).
As far as the Cisco PIX, I can't speak to the programming, but here's the
overview of what Mailguard does. It's on by default, BTW - you have to
specifically disable it. Mailguard basically disables all ESMTP
commands,
limiting remote servers to only basic smtp commands. For example, HELO
is a
basic SMTP greeting, while EHLO is an Enhanced (ESMTP) command. If you
telnet to your server (from outside) and issue a EHLO command, the PIX
will
block the command and you'll get back a 500 5.3.3 Unrecognized command
response. Technically, it shouldn't cause issues, but prevents using
some
of the more useful ESMTP commands. If you want to disable it, follow the
instructions in this KB article.
http://support.microsoft.com/kb/320027/
As far as logging, if you enabled SMTP Protocol logging, you will find
the
logs in the c:\windows\system32\logfiles\smtpsvc1 directory. It's
enabled
on the properties of the Default SMTP Virtual server.
--
Ben Winzenz
Exchange MVP
MessageOne
Read my blog!
http://winzenz.blogspot.com
http://feeds.feedburner.com/winzenz (RSS Feed)
"ESI" <ESI@discussions.microsoft.com> wrote in message
news:A5C01817-8344-4A56-8C1F-CCC4E3D8EA4E@microsoft.com...
How do you like Interland now? HEH Well I will push the issue some, we
are
switching hosts within a month to IKH. Hopefully they will have a
better
department for handling these issues.
Well I did some more testing at work. I can telnet to their server
(AOL)and
send mail that way. So I did come across something. Now while trolling
the
aol postmaster site I did find this snippet:
Queuing Mail
If the email you are attempting to send to America Online is queuing in
your
Outgoing Mail Server there are steps you can take to troubleshoot and
correct
the problem.
You have a Cisco pix firewall.
Please contact Cisco you may need to increase DNS packet size.
DNS Caching.
Please contact your system administrator. DNS caching is known to cause
mail
queuing when sending to the AOL mail server. Specifying IP address of
AOL's
relay servers is also known to cause this issue.
I'll have to contact the company that setup our server and pix as they
said
the work on the pix is all command line. Personally I think they should
do
it
for free as this is an ongoing problem. But that's my fight. But at the
same
time I was going to inquire about the mailguard. You said it doesn't
need
to
be run, the admin at dnsstuff said it looks like bad programming on
whoever
set it up. I can't find any info as to what mailguard does and if we
really
do/do not need it.
I setup logging, I may have done it right, or not. I ddin't see any
text
as
to smtp prtotocols. I also setup alerts for SBS2K3, and I got an email
saying
there was a lot of email sitting in the queue. Which prompted me to
search
for queue on aol. I did notice after an hour the log was 5MB. Reading
through
what I could make out, there is a whole lot of mail in there that isn't
from
our company although the sender shows an bogusname@esi-extrusion.com.
And
alot of email to postmaster saying stop sending we don't have that
address.
Well I think I'm getting somewhere. just not sure where. Thanks for all
your
help.
"Ben Winzenz [Exchange MVP]" wrote:
Interland is a bunch of morons then. SPF records are DNS resource
records
of type TXT. If they don't know how to do that, and want to cop out
and
say
their servers don't support it (which I'd submit is a load of crap),
they
don't deserve to be a hosting provider, or at least don't deserve your
business. RFC 1035 (http://www.faqs.org/rfcs/rfc1035.html) defines
DNS
resource record types, which include TXT. Since it was submitted in,
oh,
1987!, saying their servers doesn't support creating TXT records is
nonsense, unless their server is totally non-RFC compliant, in which
case,
again, they should not be a hosting provider. You might try getting
ahold
of one of their senior network folks. In many cases, the level 1
folks
aren't real bright when it comes to dealing with stuff like that.
AOL adding your IP to *their* whitelist shouldn't be a big deal. It's
on
their end, not yours. I would have been more than suspicious if they
had
asked you to add their server to your whitelist, though :-)
You enabled logging means......you enabled SMTP Protocol logging? If
so,
make sure that you enabled all the advanced logging options. If you
can't
interpret what it is saying (which is ok), please post the relevant
section
of the smtp log that shows the conversation between your server and
AOL's
server.
--
Ben Winzenz
Exchange MVP
MessageOne
Read my blog!
http://winzenz.blogspot.com
http://feeds.feedburner.com/winzenz (RSS Feed)
"ESI" <ESI@discussions.microsoft.com> wrote in message
news:8CE77EF5-D6CB-4C5D-90E4-55B8C2D308B1@microsoft.com...
Well I'm still on a quest to send email to aol and yahoo. Your
suggestion
to
add an SPF record applies to our domain hosted by interland. I sent
them a
ticket request for that addition. Their servers do not support that:
Unfortunately, at this time, we are unable to create an SPF record
for
the
domain. This is not supported by our servers.
I contacted AOL and they wanted me to submit our IP to there
whitelist.
I
didn't see any harm in that, although perplexed as to why I had to.
That
request was approved. Still no email going through.
I enabled logging of the exchange server. I look at the log, I see
where
the
user sent an email, just not quite sure what else in the maze of
gobbledygook
listed shows errors or what not. I get a 4.4.7 error in the returned
email.
Does that help?
"Ben Winzenz [Exchange MVP]" wrote:
You can ignore the Warning on the mail server host name in
greeting.
That
only applies to inbound mail. The cause is that you have a Cisco
PIX
with
the Mailguard feature turned on. You don't need it enabled, and it
can
potentially cause problems with other mail systems trying to send
mail
to
you, but it won't cause the problem of not being able to send mail
to
yahoo
or aol. If you want to get rid of that warning, then disable
Mailguard
on
your PIX.
You may want to registry SPF records, as dnsreport suggests. Looks
like
they have a wizard that walks you through how to set up the SPF
record.
SPF
records are registered as TXT records (versus say A or MX records).
--
Ben Winzenz
Exchange MVP
MessageOne
Read my blog!
http://winzenz.blogspot.com
http://feeds.feedburner.com/winzenz (RSS Feed)
"ESI" <ESI@discussions.microsoft.com> wrote in message
news:0533A4AD-1D3B-4BED-8C78-FE95AFAAB5EF@microsoft.com...
The ISP has re-directed the ptr record back to the
mail.esi-extrusion.com.
I
went to the reverse dns on dnsstuff.com and it apparently is
working. I
still
cannot send email to yahoo or aol accounts. When I put in
esi-extrusion.com
in dnsreport.com checker, it still shows the same errors. I don't
know
what
else to change . Any ideas?
"Ben Winzenz [Exchange MVP]" wrote:
You would be asking your ISP to map the PTR record for the IP
address
back
to mail.esi-extrusion.net. It needs to match the name of the
sending
server. Note that your ISP may not be willing to do this. It |
|
|
</
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in