SMTP #5.7.1

SMTP #5.7.1

Post by TS » Wed, 12 Nov 2003 02:10:02



Once in a great while we have an issue with sending to certain domains.
This rarely happens and it always seems to be the same few domains.  For
this reason I tend to think it is an issue with the foreign host.

When a user sends to this particular recipient they get an NDR that states:

You do not have permission to send to this recipient. For assistance,
contact your system administrator.

possibly forged [<ip address>]>

We looked at the SMTP logs and it would appear as though it queries the
wrong MX host.  The user can try to send the message again a few minutes
later, the correct MX record is found and it sends just fine.

Any advice would be appreciated!

Terry

 
 
 

SMTP #5.7.1

Post by Susa » Wed, 12 Nov 2003 02:19:42


this error is usually indicative of the sending email domain not having an
reverse dns lookup record configured...but yours look OK (if msu.edu is the
email domain that they're sending from)...it does seem to be a dns issue,
but kind of difficult to tell if it's on your end or theirs...


> Once in a great while we have an issue with sending to certain domains.
> This rarely happens and it always seems to be the same few domains.  For
> this reason I tend to think it is an issue with the foreign host.

> When a user sends to this particular recipient they get an NDR that
states:

> You do not have permission to send to this recipient. For assistance,
> contact your system administrator.

name
> possibly forged [<ip address>]>

> We looked at the SMTP logs and it would appear as though it queries the
> wrong MX host.  The user can try to send the message again a few minutes
> later, the correct MX record is found and it sends just fine.

> Any advice would be appreciated!

> Terry


 
 
 

SMTP #5.7.1

Post by TS » Wed, 12 Nov 2003 02:39:41


If it was a reverse lookup issue, then why would it be intermittent?  No,
this has nothing to do with msu.edu... it relates to the company I work for.

Terry


> this error is usually indicative of the sending email domain not having an
> reverse dns lookup record configured...but yours look OK (if msu.edu is
the
> email domain that they're sending from)...it does seem to be a dns issue,
> but kind of difficult to tell if it's on your end or theirs...



> > Once in a great while we have an issue with sending to certain domains.
> > This rarely happens and it always seems to be the same few domains.  For
> > this reason I tend to think it is an issue with the foreign host.

> > When a user sends to this particular recipient they get an NDR that
> states:

> > You do not have permission to send to this recipient. For assistance,
> > contact your system administrator.

> name
> > possibly forged [<ip address>]>

> > We looked at the SMTP logs and it would appear as though it queries the
> > wrong MX host.  The user can try to send the message again a few minutes
> > later, the correct MX record is found and it sends just fine.

> > Any advice would be appreciated!

> > Terry

 
 
 

SMTP #5.7.1

Post by Susa » Wed, 12 Nov 2003 02:49:31


I don't know exactly why it would be intermittent,  but before I had reverse
dns entries listed for my email domains, there were some domains that my
users would try to send to, and get the same error message...one day I tried
to send an email to someone and got the same thing...I found out that my
friend's email admin had just reconfigured their relay server to reject
email from domains that didn't have ptr records...they turned it on and off
several times during that week, before finally deciding to leave it off
because too much legitimate email was being rejected...I'm not sure why
you're experiencing your issue...do you have ptr records configured for the
email domain at your company?


> If it was a reverse lookup issue, then why would it be intermittent?  No,
> this has nothing to do with msu.edu... it relates to the company I work
for.

> Terry



> > this error is usually indicative of the sending email domain not having
an
> > reverse dns lookup record configured...but yours look OK (if msu.edu is
> the
> > email domain that they're sending from)...it does seem to be a dns
issue,
> > but kind of difficult to tell if it's on your end or theirs...



> > > Once in a great while we have an issue with sending to certain
domains.
> > > This rarely happens and it always seems to be the same few domains.
For
> > > this reason I tend to think it is an issue with the foreign host.

> > > When a user sends to this particular recipient they get an NDR that
> > states:

> > > You do not have permission to send to this recipient. For assistance,
> > > contact your system administrator.

> > name
> > > possibly forged [<ip address>]>

> > > We looked at the SMTP logs and it would appear as though it queries
the
> > > wrong MX host.  The user can try to send the message again a few
minutes
> > > later, the correct MX record is found and it sends just fine.

> > > Any advice would be appreciated!

> > > Terry

 
 
 

SMTP #5.7.1

Post by TS » Wed, 12 Nov 2003 03:32:05


Yes, we sure do.

Thanks,
Terry


> I don't know exactly why it would be intermittent,  but before I had
reverse
> dns entries listed for my email domains, there were some domains that my
> users would try to send to, and get the same error message...one day I
tried
> to send an email to someone and got the same thing...I found out that my
> friend's email admin had just reconfigured their relay server to reject
> email from domains that didn't have ptr records...they turned it on and
off
> several times during that week, before finally deciding to leave it off
> because too much legitimate email was being rejected...I'm not sure why
> you're experiencing your issue...do you have ptr records configured for
the
> email domain at your company?



> > If it was a reverse lookup issue, then why would it be intermittent?
No,
> > this has nothing to do with msu.edu... it relates to the company I work
> for.

> > Terry



> > > this error is usually indicative of the sending email domain not
having
> an
> > > reverse dns lookup record configured...but yours look OK (if msu.edu
is
> > the
> > > email domain that they're sending from)...it does seem to be a dns
> issue,
> > > but kind of difficult to tell if it's on your end or theirs...



> > > > Once in a great while we have an issue with sending to certain
> domains.
> > > > This rarely happens and it always seems to be the same few domains.
> For
> > > > this reason I tend to think it is an issue with the foreign host.

> > > > When a user sends to this particular recipient they get an NDR that
> > > states:

> > > > You do not have permission to send to this recipient. For
assistance,
> > > > contact your system administrator.

IP
> > > name
> > > > possibly forged [<ip address>]>

> > > > We looked at the SMTP logs and it would appear as though it queries
> the
> > > > wrong MX host.  The user can try to send the message again a few
> minutes
> > > > later, the correct MX record is found and it sends just fine.

> > > > Any advice would be appreciated!

> > > > Terry

 
 
 

SMTP #5.7.1

Post by Susa » Wed, 12 Nov 2003 03:39:32


next time this happens, try doing a telnet from your exchange or relay
server to port 25 of the server you're trying to send to, and see what you
get...


> Yes, we sure do.

> Thanks,
> Terry



> > I don't know exactly why it would be intermittent,  but before I had
> reverse
> > dns entries listed for my email domains, there were some domains that my
> > users would try to send to, and get the same error message...one day I
> tried
> > to send an email to someone and got the same thing...I found out that my
> > friend's email admin had just reconfigured their relay server to reject
> > email from domains that didn't have ptr records...they turned it on and
> off
> > several times during that week, before finally deciding to leave it off
> > because too much legitimate email was being rejected...I'm not sure why
> > you're experiencing your issue...do you have ptr records configured for
> the
> > email domain at your company?



> > > If it was a reverse lookup issue, then why would it be intermittent?
> No,
> > > this has nothing to do with msu.edu... it relates to the company I
work
> > for.

> > > Terry



> > > > this error is usually indicative of the sending email domain not
> having
> > an
> > > > reverse dns lookup record configured...but yours look OK (if msu.edu
> is
> > > the
> > > > email domain that they're sending from)...it does seem to be a dns
> > issue,
> > > > but kind of difficult to tell if it's on your end or theirs...



> > > > > Once in a great while we have an issue with sending to certain
> > domains.
> > > > > This rarely happens and it always seems to be the same few
domains.
> > For
> > > > > this reason I tend to think it is an issue with the foreign host.

> > > > > When a user sends to this particular recipient they get an NDR
that
> > > > states:

> > > > > You do not have permission to send to this recipient. For
> assistance,
> > > > > contact your system administrator.

denied.
> IP
> > > > name
> > > > > possibly forged [<ip address>]>

> > > > > We looked at the SMTP logs and it would appear as though it
queries
> > the
> > > > > wrong MX host.  The user can try to send the message again a few
> > minutes
> > > > > later, the correct MX record is found and it sends just fine.

> > > > > Any advice would be appreciated!

> > > > > Terry

 
 
 

SMTP #5.7.1

Post by Mark » Wed, 12 Nov 2003 22:56:25


Hi Terry,

Dunno if this applies to your situation:

We have a secondary MX record for our domain at the office which is a mail
server with our ISP. Here I have not enabled the reverse lookup - too many
genuine mails dropped. However our ISP has to enable it on their side.

Thus: if your sending domain does not resolve to the originating IP address
and you pick up a connection on the primary MX, your mail will be accepted.
If you get a connection onto the secondary MX, then it will be rejected.

I hope this sheds a bit more light!

Mark


> Once in a great while we have an issue with sending to certain domains.
> This rarely happens and it always seems to be the same few domains.  For
> this reason I tend to think it is an issue with the foreign host.

> When a user sends to this particular recipient they get an NDR that
states:

> You do not have permission to send to this recipient. For assistance,
> contact your system administrator.

name
> possibly forged [<ip address>]>

> We looked at the SMTP logs and it would appear as though it queries the
> wrong MX host.  The user can try to send the message again a few minutes
> later, the correct MX record is found and it sends just fine.

> Any advice would be appreciated!

> Terry

 
 
 

SMTP #5.7.1

Post by Ben Winzen » Wed, 12 Nov 2003 23:06:22


Doesn't work that way.  MX Records deal ONLY with receiving mail, not
sending.

--
Ben Winzenz
Network Engineer
Gardner & White

Exchange FAQ's: http://www.swinc.com/resource/exch_faq.htm
Exchange 2000 FAQ's: http://www.swinc.com/resource/e2kfaq.htm


> Hi Terry,

> Dunno if this applies to your situation:

> We have a secondary MX record for our domain at the office which is a mail
> server with our ISP. Here I have not enabled the reverse lookup - too many
> genuine mails dropped. However our ISP has to enable it on their side.

> Thus: if your sending domain does not resolve to the originating IP
address
> and you pick up a connection on the primary MX, your mail will be
accepted.
> If you get a connection onto the secondary MX, then it will be rejected.

> I hope this sheds a bit more light!

> Mark



> > Once in a great while we have an issue with sending to certain domains.
> > This rarely happens and it always seems to be the same few domains.  For
> > this reason I tend to think it is an issue with the foreign host.

> > When a user sends to this particular recipient they get an NDR that
> states:

> > You do not have permission to send to this recipient. For assistance,
> > contact your system administrator.

> name
> > possibly forged [<ip address>]>

> > We looked at the SMTP logs and it would appear as though it queries the
> > wrong MX host.  The user can try to send the message again a few minutes
> > later, the correct MX record is found and it sends just fine.

> > Any advice would be appreciated!

> > Terry

 
 
 

SMTP #5.7.1

Post by Mark » Wed, 12 Nov 2003 23:22:23


And you don't think the domains that Terry sends to may have a similar setup
to mine ?


> Doesn't work that way.  MX Records deal ONLY with receiving mail, not
> sending.

> --
> Ben Winzenz
> Network Engineer
> Gardner & White

> Exchange FAQ's: http://www.swinc.com/resource/exch_faq.htm
> Exchange 2000 FAQ's: http://www.swinc.com/resource/e2kfaq.htm



> > Hi Terry,

> > Dunno if this applies to your situation:

> > We have a secondary MX record for our domain at the office which is a
mail
> > server with our ISP. Here I have not enabled the reverse lookup - too
many
> > genuine mails dropped. However our ISP has to enable it on their side.

> > Thus: if your sending domain does not resolve to the originating IP
> address
> > and you pick up a connection on the primary MX, your mail will be
> accepted.
> > If you get a connection onto the secondary MX, then it will be rejected.

> > I hope this sheds a bit more light!

> > Mark



> > > Once in a great while we have an issue with sending to certain
domains.
> > > This rarely happens and it always seems to be the same few domains.
For
> > > this reason I tend to think it is an issue with the foreign host.

> > > When a user sends to this particular recipient they get an NDR that
> > states:

> > > You do not have permission to send to this recipient. For assistance,
> > > contact your system administrator.

> > name
> > > possibly forged [<ip address>]>

> > > We looked at the SMTP logs and it would appear as though it queries
the
> > > wrong MX host.  The user can try to send the message again a few
minutes
> > > later, the correct MX record is found and it sends just fine.

> > > Any advice would be appreciated!

> > > Terry

 
 
 

SMTP #5.7.1

Post by Mark » Wed, 12 Nov 2003 23:37:36


Hey Ben,

Disagree with you. The MX record is looked up during resolution of the
destination mail address.

And in case you misunderstood me, I am pointing out the situation from the
domains that Terry is trying to send to, not from Terry's perspective.

Mark

> Doesn't work that way.  MX Records deal ONLY with receiving mail, not
> sending.

> --
> Ben Winzenz
> Network Engineer
> Gardner & White

> Exchange FAQ's: http://www.swinc.com/resource/exch_faq.htm
> Exchange 2000 FAQ's: http://www.swinc.com/resource/e2kfaq.htm



> > Hi Terry,

> > Dunno if this applies to your situation:

> > We have a secondary MX record for our domain at the office which is a
mail
> > server with our ISP. Here I have not enabled the reverse lookup - too
many
> > genuine mails dropped. However our ISP has to enable it on their side.

> > Thus: if your sending domain does not resolve to the originating IP
> address
> > and you pick up a connection on the primary MX, your mail will be
> accepted.
> > If you get a connection onto the secondary MX, then it will be rejected.

> > I hope this sheds a bit more light!

> > Mark



> > > Once in a great while we have an issue with sending to certain
domains.
> > > This rarely happens and it always seems to be the same few domains.
For
> > > this reason I tend to think it is an issue with the foreign host.

> > > When a user sends to this particular recipient they get an NDR that
> > states:

> > > You do not have permission to send to this recipient. For assistance,
> > > contact your system administrator.

> > name
> > > possibly forged [<ip address>]>

> > > We looked at the SMTP logs and it would appear as though it queries
the
> > > wrong MX host.  The user can try to send the message again a few
minutes
> > > later, the correct MX record is found and it sends just fine.

> > > Any advice would be appreciated!

> > > Terry

 
 
 

SMTP #5.7.1

Post by Ben Winzen » Thu, 13 Nov 2003 02:31:11


The wording of your original post was a bit confusing to me.  I understand
what you were saying now.  Thanks for clarifying.

And to clarify how MX lookup works, when you have multiple MX records for a
domain, although the cost of the record plays a major factor, just because
you have one MX with a cost of 10 and another with a cost of 20 doesn't mean
that the one with the cost of 10 will guaranteed receive 100% of e-mail
destined for your domain.  The MX with the cost of 20 will almost assuredly
be receiving queries.

Terry,

The only advice that can be given at this point is to make sure that every
single MX record that is listed for your domain (whether that be your server
or your ISP's) has a valid PTR record that matches the A record.

--
Ben Winzenz
Network Engineer
Gardner & White

Exchange FAQ's: http://www.swinc.com/resource/exch_faq.htm
Exchange 2000 FAQ's: http://www.swinc.com/resource/e2kfaq.htm


> Hey Ben,

> Disagree with you. The MX record is looked up during resolution of the
> destination mail address.

> And in case you misunderstood me, I am pointing out the situation from the
> domains that Terry is trying to send to, not from Terry's perspective.

> Mark


> > Doesn't work that way.  MX Records deal ONLY with receiving mail, not
> > sending.

> > --
> > Ben Winzenz
> > Network Engineer
> > Gardner & White

> > Exchange FAQ's: http://www.swinc.com/resource/exch_faq.htm
> > Exchange 2000 FAQ's: http://www.swinc.com/resource/e2kfaq.htm



> > > Hi Terry,

> > > Dunno if this applies to your situation:

> > > We have a secondary MX record for our domain at the office which is a
> mail
> > > server with our ISP. Here I have not enabled the reverse lookup - too
> many
> > > genuine mails dropped. However our ISP has to enable it on their side.

> > > Thus: if your sending domain does not resolve to the originating IP
> > address
> > > and you pick up a connection on the primary MX, your mail will be
> > accepted.
> > > If you get a connection onto the secondary MX, then it will be
rejected.

> > > I hope this sheds a bit more light!

> > > Mark



> > > > Once in a great while we have an issue with sending to certain
> domains.
> > > > This rarely happens and it always seems to be the same few domains.
> For
> > > > this reason I tend to think it is an issue with the foreign host.

> > > > When a user sends to this particular recipient they get an NDR that
> > > states:

> > > > You do not have permission to send to this recipient. For
assistance,
> > > > contact your system administrator.

IP
> > > name
> > > > possibly forged [<ip address>]>

> > > > We looked at the SMTP logs and it would appear as though it queries
> the
> > > > wrong MX host.  The user can try to send the message again a few
> minutes
> > > > later, the correct MX record is found and it sends just fine.

> > > > Any advice would be appreciated!

> > > > Terry

 
 
 

1. SMTP Connector with SMTP Virtual Server with different SMTP port does not work

I have a Backend FrontEnd Exchange environment and the FrontEnd Server is
going to be used as a bridgehead server for SMTP.

To use the FrontEnd as a SMTP bridgehead server I configured a SMTP
Connector that uses the FrontEnd SMTP Virtual Server as a bridgehead server.
Since I'm also running Trend Micro Virus Wall on the SMTP Frontend Server I
changed the SMTP port used by SMTP Virtual Server to 6000 ( I only have one
Network adapter ). So, the final configuration that I have is:

- Exchange 2000 SMTP Virtual Server working on port 6000
- TrendMicro Virus Wall working on port 25

With this configuration when I send an email to the internet the SMTP
Connector always sends ther mail to the port 25 instead of using the
Frontend SMTP Virtual Server port 6000. Is this the normal behavor or a bug?

Is this is the normal behavor why should we configure the SMTP Connector to
use a specific SMTP Virtual Server as a bridgehead server?

Thanks in advance for your help!

Regards,

Alexandre Costa

2. How to see who has logged on as me ?

3. Adding COM Add-Ins To Tool Bar

4. ghost SMTP addresses, try to add SMTP to usr obj but it says exist already

5. Error -Exch Server not configured to support details templates in you language (English)

6. How to Configure the IIS 5 SMTP Service to Relay SMTP Mail

7. Server went down.. Now IMS wont work.

8. E2k SMTP Smarthost/Multiple SMTP Domain ISSUES

9. several SMTP domains and several SMTP servers (to be continued)

10. Deuling SMTP Servers: Terminating Active SMTP Session

11. One box using Exchange SMTP and a Unix SMTP

12. SMTP & DNS, NOT THE GOOD SMTP SERVER