Exchange A/PTR public DNS record issues
Hi
A user is having problems sending e-mail to recipients she sends to every day. The error is:
User@otherdomain.com on 11/26/2005 1:11 PM. You do not have permission to send to this recipient. For assistance, contact your system administrator. ... Relaying denied. IP name possibly forged.(xx.xx.xx.xx)>.
http://searchexchange.techtarget.com/expert/KnowledgebaseAnswer/0,289625,sid43_gci1155538,00.html
According to this post it could be related with
It sounds like the recipient's SMTP server is doing a reverse lookup on your domain and failing. You should double-check your public DNS record to make sure that the server's PTR (pointer) record has the servername mapped to the server's correct IP address.
This is our current Exchange setup:
1.) We run an active-passive cluster of Exchange 2003
2.) The MX records are being hosted in Postini (Google)
3.) We are running an load balancing solution for redundancy between 2 ISP providers. So A and PTR record for mail.domain.com has an entry for each provider in the public DNS.
For example:
ISP1
mail.domain.com - 1.1.1.1
1.1.1.1 - mail.domain.com
ISP2
mail.domain.com - 2.2.2.2
2.2.2.2 - mail.domain.com
We are now using provider one so if any emails are being send they headers of the email show the 1.1.1.1 for mail.domain.com
However if I run a DNS query for A/PTR resolution for mail.domain.com the 2.2.2.2 IP is the one that resolves.
So email is being send like 1.1.1.1 external DNS resolution to mail.domain.com replies on 2.2.2.2
Like I said a couple of users are getting this type of message:
User@otherdomain.com on 11/26/2005 1:11 PM. You do not have permission to send to this recipient. For assistance, contact your system administrator. ... Relaying denied. IP name possibly forged.(xx.xx.xx.xx)>.
Could this setup be the problem since we are sending at 1.1.1.1 but the world resolves mail.domain.com at 2.2.2.2?
Thank you.
March 30th, 2010 10:32pm
You might want to turn up SMTP protocol logging and see if
there are any clues in the exchange between the servers.-- Ed
Crowley MVP"There are seldom good technological solutions to behavioral
problems.".
"msquestion" wrote in message news:714b3342-6999-4405-9dc3-213dcd6b40ee...
Hi
A user is having problems sending e-mail to recipients
she sends to every day. The error is:
User@otherdomain.com on 11/26/2005 1:11 PM. You do not have permission to
send to this recipient. For assistance, contact your system administrator. ...
Relaying denied. IP name possibly forged.(xx.xx.xx.xx)>.
http://searchexchange.techtarget.com/expert/KnowledgebaseAnswer/0,289625,sid43_gci1155538,00.html
According to this post it could be related with
It sounds like the recipient's SMTP server is doing a reverse lookup on
your domain and failing. You should double-check your public DNS record to
make sure that the server's PTR (pointer) record has the servername mapped to
the server's correct IP address.
This is our current Exchange setup:
1.) We run an active-passive cluster of Exchange 2003
2.) The MX records are being hosted in Postini (Google)
3.) We are running an load balancing solution for redundancy between
2 ISP providers. So A and PTR record for mail.domain.com has an
entry for each provider in the public DNS.
For example:
ISP1
mail.domain.com - 1.1.1.1
1.1.1.1 - mail.domain.com
ISP2
mail.domain.com - 2.2.2.2
2.2.2.2 - mail.domain.com
We are now using provider one so if any emails are being send
they headers of the email show the 1.1.1.1 for mail.domain.com
However if I run a DNS query for A/PTR resolution for mail.domain.com the
2.2.2.2 IP is the one that resolves.
So email is being send like 1.1.1.1 external DNS resolution to
mail.domain.com replies on 2.2.2.2
Like I said a couple of users are getting this type of message:
User@otherdomain.com on 11/26/2005 1:11 PM. You do not have permission to
send to this recipient. For assistance, contact your system administrator. ...
Relaying denied. IP name possibly forged.(xx.xx.xx.xx)>.
Could this setup be the problem since we are
sending at 1.1.1.1 but the world resolves mail.domain.com
at 2.2.2.2?
Thank you.
Ed Crowley MVP
"There are seldom good technological solutions to behavioral problems."
Free Windows Admin Tool Kit Click here and download it now
April 1st, 2010 2:06am
Hi,
I suggest you go to https://www.testexchangeconnectivity.com/ to do an Outbound email test. It will help you check the related DNS records.
Could you please let me know it happens just for one domain or lots of domains? You may need to contact the remote mail admin to see if you could find the reason and workaround.
Thanks,
Elvis
April 1st, 2010 6:22am
Hi,
Are you using smart host to postini SMTP server for outbound SMTP server too. If yes then you need to work with postini support whether their SMTP is being denied by remote sevrer.
If you are sending message from your SMTP server then work with remote domain admin to whitlist your IP, as error message say that your IP is restricted.
Anil
Free Windows Admin Tool Kit Click here and download it now
April 1st, 2010 6:27am
Hi,
I think the first problem I have found:
1.) The FQDN for the exchange server is: exchange.mydomain.local and it should be whatever the record we have for the exchange server on the public DNS which in our case would be mail.mydomain.com.
So if a look at the headers in any of the emails that I sent to an external domain I can see exchange.mydomain.local and 1.1.1.1
Exchange.mydomain.local is not being resolved on a public DNS at all is just part of internal DNS.
I think that the FQDN on the Exchange server has to match out the A record on the public DNS so if we have an A record named mail.domain.com (Public DNS) that is the one that has to be entered as the FQDN for the message to be propiertly relayed.
Is that correct?
2.) The A record mail.domain.com has DNS forward/reverse resolution to 1.1.1.1 and it also has rDNS to 2.2.2.2. So the A record has 2 IP's (1.1.1.1, 2.2.2.2) from two different ISP IP schemas.
The email out of the building is being relayed out from the server as mail.domain.local (which I think is the wrong FQDN) and it goes out through 2.2.2.2 (the IP scheme of one the ISP providers).
In my opinion that represents a problem since the email has to relayed out to internet from that same IP scheme that is being recevied (ISP provider).
Anwsering your question:
1.) It happens just on some domains.
2.) No smart host. The Exchange server is relaying email itself. But postini has the MX records.
Final question:
How would affect changing the FQDN from Exchange.domain.local to mail.domain.com would affect the MX records that are being hosted on Postini?
I hope someone could verify/anwser my questions
Thank you.
April 2nd, 2010 9:33pm