What could it be?
Hi all,
Recently, due to the our primary email domain change (from a.com to ab.com), several internal users complain that external users do not receive mails from us.
I checked our appliance and mails sent out fine. So, how could I find out what's problem?
BTW, mails are routed to the appliance out. The appliance has DNS A and PTR record which has old domain name (app.a.com).
Do I have to change our appliance public DNS A to app.ab.com?
Thank you.
August 21st, 2010 4:12am
Did you add SPF records for your new domain?[string](0..33|%{[char][int](46+("686552495351636652556262185355647068516270555358646562655775 0645570").substring(($_*2),2))})-replace " "
Free Windows Admin Tool Kit Click here and download it now
August 21st, 2010 4:33am
I do think mjolinor is right. Here's the wizard, in case you don't know:
Sender ID Framework SPF Record Wizard
http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/MCTS: Messaging | MCSE: S+M | Small Business Specialist
August 21st, 2010 12:43pm
On Sat, 21 Aug 2010 01:12:54 +0000, SGryzbowski wrote:
>Recently, due to the our primary email domain change (from a.com to ab.com), several internal users complain that external users do not receive mails from us.
>
>I checked our appliance and mails sent out fine. So, how could I find out what's problem?
>
>BTW, mails are routed to the appliance out. The appliance has DNS A and PTR record which has old domain name (app.a.com).
>
>Do I have to change our appliance public DNS A to app.ab.com?
You don't HAVE to, but you'll continue to encounter problems is you
don't.
---
Rich Matheisen
MCSE+I, Exchange MVP
--- Rich Matheisen MCSE+I, Exchange MVP
Free Windows Admin Tool Kit Click here and download it now
August 21st, 2010 8:37pm
Why should it pose a problem if the primary SMTP address does not match the DNS A and PTR record of the appliance? It is quite common these days to host several SMTP domains and route them through one SMTP gateway. In the above case, they could have added
ab.com to a.com. Should the gateway (appliance) then be listed with app.a.com and app.ab.com. We don't do that for our customers.
My domain name is different from the SMTP Smart Host. This worked very well for all outbound mail until recently, when some mail was rejected. Adding a Sender ID (SPF) solved that issue. Perhaps I'm a bit to tired, and my thinking is even worse than normal,
but I think we were discussing something along these lines about a year ago:
Exchange 2007 Server Cannot Send Mail To AOL
http://social.technet.microsoft.com/Forums/en-US/exchangesvradmin/thread/0c75d61f-d708-40df-b7a5-2328c5e96327MCTS: Messaging | MCSE: S+M | Small Business Specialist
August 22nd, 2010 2:25am
On Sat, 21 Aug 2010 23:25:30 +0000, Jon-Alfred Smith wrote:
>
>
>Why should it pose a problem if the primary SMTP address does not match the DNS A and PTR record of the appliance?
That depends on how appliance is acting. Is it a proxy or relay
server? Does it simply pass-through the HELO\EHLO or does it use its
own? Does the name in the PTR record for the IP address match the name
in the HELO\EHLO? Does the IP address of the sending machine agree
with the IP address returned from a DNS query on the name in the
HELO\EHLO command?
>It is quite common these days to host several SMTP domains and route them through one SMTP gateway.
That's been a common practice for decades. It's not a recent
phenomenon. But whether or not a receiving server will accept the
connection (or subsequent e-mails) is a decision made by the people
that run that system -- it's not something you get to decide. I've run
across systems that won't accept e-mail if the domain in the MAIL FROM
doesn't match the domain in the HELO\EHLO command!
>In the above case, they could have added ab.com to a.com. Should the gateway (appliance) then be listed with app.a.com and app.ab.com. We don't do that for our customers.
>My domain name is different from the SMTP Smart Host.
If all the names/addresses match up then there *usually* isn't a
problem. Whether that's the case for the question posed in this thread
is unknown since neither the IP address or domain name are known.
>This worked very well for all outbound mail until recently, when some mail was rejected. Adding a Sender ID (SPF) solved that issue.
If the receiving server uses SPF to check the hostname in the
HELO\EHLO that's what probable cured that. Not every implementation of
SPF checks the hostname, though. You'd also have to have a SPF record
for the hostname and not just for the domain name for it to work
(unless your sending server uses just the domain name in the
HELO\EHLO).
>Perhaps I'm a bit to tired, and my thinking is even worse than normal, but I think we were discussing something along these lines about a year ago:
That doesn't surprise me. :-)
---
Rich Matheisen
MCSE+I, Exchange MVP
--- Rich Matheisen MCSE+I, Exchange MVP
Free Windows Admin Tool Kit Click here and download it now
August 22nd, 2010 6:10am
Hi Rich,
I thought that I need to make sure our appliance which route our emails out has DNS and PTR record. I do not know that I need to
make our appliance to match with our new primary email address ab.com.
Just wonder if we route our mails out through Postini, will we still have a problem to send emails out?
Thank you.
August 22nd, 2010 4:05pm
On Sun, 22 Aug 2010 13:05:13 +0000, SGryzbowski wrote:
>I thought that I need to make sure our appliance which route our emails out has DNS and PTR record. I do not know that I need to
>
>make our appliance to match with our new primary email address ab.com.
>
>Just wonder if we route our mails out through Postini, will we still have a problem to send emails out?
In almost every case, having the HELO\EHLO data match the name
returned in a PTR query, and having the IP address agree with the
results of an A query, is all that matters.
You will, however, encounter situations where people read into the
RFCs things that are not there. You have no control over their
management of their e-mail system. For those exceptions you'll have to
deal directly with the administrators of that system to arrive at an
understanding of how to deliver e-mail to them.
---
Rich Matheisen
MCSE+I, Exchange MVP
--- Rich Matheisen MCSE+I, Exchange MVP
Free Windows Admin Tool Kit Click here and download it now
August 22nd, 2010 7:16pm
Hi Rich,
Thank you.
If I add our appliance to the new domain's MX records (points to our app.a.com), will it sovle the issue we face?
Just wonder if you host several domains emails, how do people usually do?
(I just checked alico.com's MX records that points to aig.com)
August 22nd, 2010 8:51pm
On Sun, 22 Aug 2010 17:51:34 +0000, SGryzbowski wrote:
>If I add our appliance to the new domain's MX records (points to our app.a.com),
MX records are used to determine where to send email. If your
appliance is expected to be the place where e-mail is delivered from
the Internet then by all means add the appliance's A record name to
your MX record(s).
>will it sovle the issue we face?
You haven't determined what the problem is. You've only stated the
symptom. If e-mail isn't being delivered, do you receive a NDR? If you
do, what does it say? If your SMTP logs show the e-mail is accepted by
the other domain and the message never arrives in their inbox then you
have no way to know what the problem is unless you contact the admin
at the other system.
>Just wonder if you host several domains emails, how do people usually do?
Make sure the DNS records (A, MX, PTR) are all correct.
---
Rich Matheisen
MCSE+I, Exchange MVP
--- Rich Matheisen MCSE+I, Exchange MVP
Free Windows Admin Tool Kit Click here and download it now
August 22nd, 2010 9:51pm
Hi Rich,
Thank you for the help.
>You haven't determined what the problem is. You've only stated the
>symptom. If e-mail isn't being delivered, do you receive a NDR? If you
>do, what does it say?
No NDR.
>If your SMTP logs show the e-mail is accepted by
>the other domain and the message never arrives in their inbox then you
>have no way to know what the problem is unless you contact the admin
>at the other system.
Yes, I did send the email log to the admin of other company.
I suspect that the problem is ours as 5 different customers did not receive mails
from us last Friday.
The only change we have is that we changed our primary email address to ab.com.
The appliance has DNS and A record app.a.com (as I stated before)
So, what should I do now:
1) add DNS record for our appliance to app.ab.com and PTR record
Should I add the SPF record for the new domain? ( asI did not add the SPF record
for the old domain before)
Thank you very much!
August 23rd, 2010 3:57am
On Mon, 23 Aug 2010 00:57:03 +0000, SGryzbowski wrote:
>>You haven't determined what the problem is. You've only stated the >symptom. If e-mail isn't being delivered, do you receive a NDR? If you >do, what does it say?
>No NDR.
Well, that sounds like the message was accepted by the other system.
>If your SMTP logs show the e-mail is accepted by >the other domain and the message never arrives in their inbox then you >have no way to know what the problem is unless you contact the admin >at the other system.
>Yes, I did send the email log to the admin of other company. I suspect that the problem is ours as 5 different customers did not receive mails from us last Friday.
And you see in the logs that the other system accepted the message?
IOW, there's a 250 response to the MAIL FROM, RCPT TO, a 3xx response
to your DATA\BDAT, and a 2xx response at the end of the message? If
you do, then the answer has to come from the receiving system operator
since you have no visibility into their system.
>The only change we have is that we changed our primary email address to ab.com.
Then perhaps the only reason your mail was accepted previously was
that they'd white-listed your domain name? Again, presumably, since
they've accepted the message for delivery only they can answer what
they did with the message.
>The appliance has DNS and A record app.a.com (as I stated before)
Is the appliance acting as a proxy or relay? When connection to the
other system is made, what is ther name in the HELO\EHLO command? Does
that name match the name in the PTR record for the IP address and the
IP address in the A record for the name in the HELO\EHLO?
>So, what should I do now: 1) add DNS record for our appliance to app.ab.com and PTR record
Until you say whether the name in the HELO\EHLO matches the name in
the PTR record, and the A record for that name matches the IP address
used by the appliance I can't say what will fix your problem -- and
the real problem hasn't yet been identified.
>Should I add the SPF record for the new domain? ( asI did not add the SPF record for the old domain before)
Why would you NOT do that?
Alos, do you have a TXT record with SPF data for the name in the
HELO\EHLO command?
---
Rich Matheisen
MCSE+I, Exchange MVP
--- Rich Matheisen MCSE+I, Exchange MVP
Free Windows Admin Tool Kit Click here and download it now
August 23rd, 2010 5:44am
Hi Rich,
Thank you for taking time to help me.
>Why would you NOT do that?
>Alos, do you have a TXT record with SPF data for the name in the
>HELO\EHLO command?
I have check out SPF and fond out how should add SPF record without causing any problem?
---
August 24th, 2010 4:48am
On Tue, 24 Aug 2010 01:48:20 +0000, SGryzbowski wrote:
>
>
>Hi Rich,
>
>Thank you for taking time to help me. >Why would you NOT do that? >Alos, do you have a TXT record with SPF data for the name in the >HELO\EHLO command? I have check out SPF and fond out how should add SPF record without causing any problem? ---
I'm not sure if that's a statement or a question!
This FAQ should provide you with examples:
http://www.openspf.org/FAQ/Examples
The very first heading "Basic Example" has an example that seems to
fit your need.
---
Rich Matheisen
MCSE+I, Exchange MVP
--- Rich Matheisen MCSE+I, Exchange MVP
Free Windows Admin Tool Kit Click here and download it now
August 24th, 2010 6:04am