SMTP Relay issues - NDRs

[LadySlinger]

I have an exchange server that passes all our emails between itself and the DMZ server (SMTP Virtual server).

I have only heard from one user so far on this, but it is inconveniencing him as his emails are being returned.

In any case, he is receiving the message:

client@domain.com on 1/3/2007 10:11 AM
The e-mail system was unable to deliver the message, but did not report a specific reason. Check the address and try again. If it still fails, contact your system administrator.
<dmz.ourdomain.com #5.0.0 smtp;550-xxxx-##-###-###-##.ispserver.com (dmz.ourdomain.com) [##.###.###.##]>

I'm really stumped on this. He is sending the emails out. I did a telnet into the remote server to the client he was trying to reach once I got to RCPT TO:client@domain.com the system came back saying that "<IP ADDRESS> is currently not permitted to relay through this server."

 

[gurner]

Maybe the target is trying a reverse lookup of you, or blacklisted you?

Do you have a PTR record corresponding to your A record e.t.c.

Gurner

 

[58sniper]

Go to dnstuff.com and check your public IP addresses through the blacklist check, and the reverse DNS check.

I agree - sounds like blacklisting or rDNS issue.

Pat Richard, MCSE MCSA:Messaging CNA
Microsoft Exchange MVP
Want to know how email works? Read for yourself -

http://www.ietf.org/rfc/rfc2821.txt

 

[LadySlinger]

I checked the dnsstuff over lunch...

There are no PTR records listed.

The only place I found us to "blacklisted" was moensted.dk.
I requested to be removed from this.

Otherwise Spamhaus.org did not have us at all.

I also went through the Event log and kept seeing the Event ID: 2012, "SMTP could not connect to the DNS server '##.##.##.##'. The protocol used was 'UDP'. It may be down or inaccessible.

This lead me to our firewall, which "Duh" only allows TCP connections...Sooo...I downloaded MetaEdit 2.2 and set the SMTP protocol to be TCP only, no UDP.

Now the only thing I'm getting back is someone doesn't have permission to send to an email...which may be a whole different thread....

 

[58sniper]

You need those PTR records, though. They're required by RFC, and will keep you from being blocked by some of the big ISPs.

Pat Richard, MCSE MCSA:Messaging CNA
Microsoft Exchange MVP
Want to know how email works? Read for yourself -

http://www.ietf.org/rfc/rfc2821.txt

 

[LadySlinger]

OK, I started to add them, but realised they were already there.

So then my next question is how do I add them to the smart server? We host that, but its a Windows XP machine just running SMTP.

Or should I just contact our ISP and tell them to do it?

 

[gurner]

If your DNS records are held by your/an ISP, such as your MX record. get them to create a PTR record as the same name as your MX record and point it to the same IP as the Internet facing device that forwards your mail to your internal mail server/filter (same IP as the MX record probably)

Gurner

 

[58sniper]

Actually, reverse DNS records (PTR) need to be created by your ISP. They maintain your IP address, so they are responsible for the records for it.

Pat Richard, MCSE MCSA:Messaging CNA
Microsoft Exchange MVP
Want to know how email works? Read for yourself -

http://www.ietf.org/rfc/rfc2821.txt

 

[LadySlinger]

Thanks everyone!

I sent requests to both our ISP and our website host company for PTRs.