DNS settings

  • Thread starter Thread starter David
  • Start date Start date
D

David

Have e-mail flow problems and thought I should check DNS
first.
In a flat domain abcd.com and three win 2K DC's in native
mode all of them have GC role as well. All three DC's have
DNS Active directory integrated installed with five DNS
pointers starting with 4.2.2.1 and the rest of DNS servers
list form my ISP. DNS servers are set to perform secure
replication with each other only and they all have reverse
lookup zones. Under IP stack each DC's DNS points to its
own and the replicating partner as second DNS. There are
not replication problems among DCs.
Do think this set up is correct? Mail delivery is slow to
certain domains.

Here is a typical problem.
The following recipient(s) could not be reached:
(e-mail address removed) on 5/8/2004 2:38 PM
The e-mail system was unable to deliver the
message, but did not report a specific reason. Check The
address and try again. If it still fails, contact your
System administrator.
<MyExchangeServer.Mydomain.com #4.0.0 SMTP; 450
<[email protected]>: Sender address rejected:
Undeliverable address: host mail.domain.com [My public IP
address] said: 550
<[email protected]> ...Relaying denied
(in reply to MAIL FROM command)>
Click to expand...
Click to expand...
Click to expand...


Thanks in advance.
 
In
David said:
Have e-mail flow problems and thought I should check DNS
first.
In a flat domain abcd.com and three win 2K DC's in native
mode all of them have GC role as well. All three DC's have
DNS Active directory integrated installed with five DNS
pointers starting with 4.2.2.1 and the rest of DNS servers
list form my ISP. DNS servers are set to perform secure
replication with each other only and they all have reverse
lookup zones. Under IP stack each DC's DNS points to its
own and the replicating partner as second DNS. There are
not replication problems among DCs.
Do think this set up is correct? Mail delivery is slow to
certain domains.

Here is a typical problem.
The following recipient(s) could not be reached:
(e-mail address removed) on 5/8/2004 2:38 PM
The e-mail system was unable to deliver the
message, but did not report a specific reason. Check The
address and try again. If it still fails, contact your
System administrator.
<MyExchangeServer.Mydomain.com #4.0.0 SMTP; 450
<[email protected]>: Sender address rejected:
Undeliverable address: host mail.domain.com [My public IP
address] said: 550
<[email protected]> ...Relaying denied
(in reply to MAIL FROM command)>
Click to expand...
Click to expand...


Thanks in advance.
Click to expand...


The error you're getting above is "Relaying Denied", which is what a 550 is.
Are you trying to send this thru another SMTP server that is not allowing
relay?

Now if one of your users are using a POP3 client (Outlook Express, Eudora,
Netscape Communicator, etc) and using your Exchange 2000 or 2003 server and
trying to send mail, then a Relay denial can be caused due to the fact that
Ex2k or Ex2k3 has relaying denied unless authenticated. Have the user set
their Inet mail properties in whatever client they're using to authenticate
to the mail server. In OEx it's under the second tab, buttom checkbox.

Now the 450 error can be caused by your public IP address for your mail
server does not have a reverse lookup PTR entry. Many companies have adopted
using DNS Reverse Lookup. If there is no reverse entry, then it causes them
to reject your email. AOL is a good example. Many others out there as well
using it. IYou'll have to contact your ISP and ask them to setup a reverse
entry for your mail server, since more than likely the IP block is
registered in their name.



--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
pig. --
=================================
 
Two things I failed to mention, first, client uses Outlook
XP and VPNs to our exchange server. Second, I have SMTP
box in front of exchange and both boxes are NATed to their
public IP addresses.
I will check with ISP to see if SMTP box is in DNS reverse
lookup zone.
-----Original Message-----
In David <[email protected]> posted their thoughts, then I
offered mine
Have e-mail flow problems and thought I should check DNS
first.
In a flat domain abcd.com and three win 2K DC's in native
mode all of them have GC role as well. All three DC's have
DNS Active directory integrated installed with five DNS
pointers starting with 4.2.2.1 and the rest of DNS servers
list form my ISP. DNS servers are set to perform secure
replication with each other only and they all have reverse
lookup zones. Under IP stack each DC's DNS points to its
own and the replicating partner as second DNS. There are
not replication problems among DCs.
Do think this set up is correct? Mail delivery is slow to
certain domains.

Here is a typical problem.
The following recipient(s) could not be reached:
(e-mail address removed) on 5/8/2004 2:38 PM
The e-mail system was unable to deliver the
message, but did not report a specific reason. Check The
address and try again. If it still fails, contact your
System administrator.
<MyExchangeServer.Mydomain.com #4.0.0
SMTP; 450
<[email protected]>: Sender address rejected:
Undeliverable address: host mail.domain.com [My public IP
address] said: 550
<[email protected]> ...Relaying denied
(in reply to MAIL FROM command)>
Click to expand...


Thanks in advance.
Click to expand...


The error you're getting above is "Relaying Denied", which is what a 550 is.
Are you trying to send this thru another SMTP server that is not allowing
relay?

Now if one of your users are using a POP3 client (Outlook Express, Eudora,
Netscape Communicator, etc) and using your Exchange 2000 or 2003 server and
trying to send mail, then a Relay denial can be caused due to the fact that
Ex2k or Ex2k3 has relaying denied unless authenticated. Have the user set
their Inet mail properties in whatever client they're using to authenticate
to the mail server. In OEx it's under the second tab, buttom checkbox.

Now the 450 error can be caused by your public IP address for your mail
server does not have a reverse lookup PTR entry. Many companies have adopted
using DNS Reverse Lookup. If there is no reverse entry, then it causes them
to reject your email. AOL is a good example. Many others out there as well
using it. IYou'll have to contact your ISP and ask them to setup a reverse
entry for your mail server, since more than likely the IP block is
registered in their name.



--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
pig. --
=================================


.
Click to expand...
 
In
Two things I failed to mention, first, client uses Outlook
XP and VPNs to our exchange server. Second, I have SMTP
box in front of exchange and both boxes are NATed to their
public IP addresses.
I will check with ISP to see if SMTP box is in DNS reverse
lookup zone.
Click to expand...

If the clients are setup for MAPI and not as a POP3 client, which I'm going
to assume here, since they're connecting via VPNs, then I would imagine that
the relay error is based on your server trying to relay to another server.
Do yu have an SMTP connector? Are you sending thru a Smart Host, maybe your
ISP or some other DNS?

Yes, do check with your ISP.




--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
pig. --
=================================
 
I checked with our ISP and there is already a reverse
(PTR) record for 207.x.x.x that points to
mail.ourdomain.com. We are NOT black listed either. I
setup my exchange server to comunicate with my SMTP server
only using port 25.
 
In
David said:
I checked with our ISP and there is already a reverse
(PTR) record for 207.x.x.x that points to
mail.ourdomain.com. We are NOT black listed either. I
setup my exchange server to comunicate with my SMTP server
only using port 25.
Click to expand...

Ok, so your PTR exists. Good.

Now what is this new info here, you said you setup your Exchange server to
send to your SMTP server? Is that SMTP server set as a Smart Host within the
Exchange Ssytem Manager, SMTP Properties, Delivery tab?

If so, did you check that SMTP server to see if it's allowing to relay from
your Exchange server?

What vendor/brand is that SMTP server you are sending to?


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
pig. --
=================================
 
Back
Top