Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

sending mail through exchange to postfix on a subdomain

1 view
Skip to first unread message

Gavin Hanover

unread,
Dec 8, 2004, 11:19:51 AM12/8/04
to

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

My current setup looks something like this:

mail.example.com:25->CiscoPIX->(network)->exchange.int.example.com(192
.168.101.18):25

The dns server has MX records for example.com being mail.example.com
(sdsl) and mail2.example.com (backup satalite connection).
Also residing on the internal network is linux.int.cardow.com
(192.168.101.19), which has it's own corresponding MX record.
nslookup of the MX/A records on the exchange server produces the
expected results, and I can telnet linux.int.example.com 25, and get
the Postfix banner.
Yet when I try to send mail from Outlook to
us...@linux.int.cardow.com, I immediately get an error response "A
configuration error in the e-mail system caused the message to bounce
between two servers or to be forwarded between two recipients." No
connection attempt is ever made to linux.int.example.com. I get the
same error when trying to email us...@192.168.101.19.
I've been through just about every setting on the exchange server I
can think of, but can't find why it is not sending the mail to the
linux server. The Recipient Policy has only SMTP entries, example.com
and int.example.com. There are no settings for specific mail routing
or smarthosts. There is no firewall between 192.168.101.19 and
192.168.101.18.
Any ideas?

Gavin

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQA/AwUBQbcppWL1oTdLI0XfEQL7AgCdEMWzGjVxLZrdkCbTQ8JMGyaHDKkAoNhP
2gNmm/4vku0VQWBtqwqwslNg
=XJ7N
-----END PGP SIGNATURE-----


Rich Matheisen [MVP]

unread,
Dec 8, 2004, 9:14:56 PM12/8/04
to
"Gavin Hanover" <ga...@subnets.org> wrote:

[ snip ]

>Yet when I try to send mail from Outlook to
>us...@linux.int.cardow.com, I immediately get an error response "A
>configuration error in the e-mail system caused the message to bounce
>between two servers or to be forwarded between two recipients."

Is that address assigned to a Contact, or a mail-enabled user, in the
AD? If so, what's the value of that object's targetAddress?


--
Rich Matheisen
MCSE+I, Exchange MVP
MS Exchange FAQ at http://www.swinc.com/resource/exch_faq.htm

Gavin Hanover

unread,
Dec 9, 2004, 7:25:25 AM12/9/04
to

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

"Rich Matheisen [MVP]" <rich...@rmcons.com.NOSPAM.COM> wrote in
message news:45dfr05v134rdd7c8...@4ax.com...


: "Gavin Hanover" <ga...@subnets.org> wrote:
:
: [ snip ]
:
: >Yet when I try to send mail from Outlook to
: >us...@linux.int.cardow.com, I immediately get an error response "A
: >configuration error in the e-mail system caused the message to
bounce
: >between two servers or to be forwarded between two recipients."
:
: Is that address assigned to a Contact, or a mail-enabled user, in
the
: AD? If so, what's the value of that object's targetAddress?


i've tried it both putting the address in the to: field, and creating
an AD contact. the AD contact has an E-mail field as
SMTP:us...@linux.int.example.com, and i've tried both with and without
a second smtp address of us...@example.com. there is an exchange
e-mail address on the contact, as there is on all the other contacts
we have in AD which work just fine (all other contacts are outside
our domain).

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQA/AwUBQbhEM2L1oTdLI0XfEQILBgCg0PQKf/5Y0aihcHf714Jo0cE1rS4AoNDO
byRnMvLiG+baqYn9ZnGLYQF3
=XIdG
-----END PGP SIGNATURE-----


Rich Matheisen [MVP]

unread,
Dec 9, 2004, 10:29:33 AM12/9/04
to
"Gavin Hanover" <ga...@subnets.org> wrote:

[ snip ]

>i've tried it both putting the address in the to: field, and creating


>an AD contact. the AD contact has an E-mail field as
>SMTP:us...@linux.int.example.com, and i've tried both with and without
>a second smtp address of us...@example.com. there is an exchange
>e-mail address on the contact, as there is on all the other contacts
>we have in AD which work just fine (all other contacts are outside
>our domain).

Do you see the same behavior if you use, say, Outlook Express to send
that message (using your Exchange server as the SMTP server)?

Using Outlook, when you enter the SMTP address into the "To:" header
and press Ctrl+K, does the address change to show you a display name
or does the SMTP address simply get underlined?

Is it possible you have the address in Outlook's "Contacts" folder?

The error you're getting indicates that the categorizer sees that
address as belonging to the Exchange organization and there's no
mailbox to receive the message.

Anonymous

unread,
Dec 9, 2004, 2:30:29 PM12/9/04
to
Gavin,

Since you are using PIX, the default behaviour in PIX is NOT to allow an internal machine connect to an Outside
interface. What does your MX resolve to - Internal or External IP?

If it is external IP, you probably won't be able to connect from an internal machine unless you have an 'alias' command
setup in PIX. Try opening a telnet session to mail.example.com rather than 192.168.101.18.


Regards,
Jimmy.

Gavin Hanover

unread,
Dec 13, 2004, 8:58:20 AM12/13/04
to

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

That might be the case if I was going from linux.int.example.com to
the exchange server using an @example.com address, but a mail sent to
@linux.int.example.com does not touch the PIX. Even so, linux.int has
an entry in /etc/hosts to resolve mail.example.com to 192.168.101.18.

Gavin

"Anonymous" <Anon...@discussions.microsoft.com> wrote in message
news:e06wlWi3...@TK2MSFTNGP10.phx.gbl...
: Gavin,


:
: Since you are using PIX, the default behaviour in PIX is NOT to
allow an internal machine connect to an Outside
: interface. What does your MX resolve to - Internal or External IP?
:
: If it is external IP, you probably won't be able to connect from an
internal machine unless you have an 'alias' command
: setup in PIX. Try opening a telnet session to mail.example.com
rather than 192.168.101.18.
:
:
: Regards,
: Jimmy.

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQA/AwUBQb2f+WL1oTdLI0XfEQJGOwCggsEFEV8C4jF+mnhoqFq8wNnYSKwAnA1m
kSg1rk4JIP51mXtQivAEkDVr
=r2Fg
-----END PGP SIGNATURE-----


Gavin Hanover

unread,
Dec 13, 2004, 9:08:05 AM12/13/04
to

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

$ telnet 192.168.101.18 25
Trying 192.168.101.18...
Connected to 192.168.101.18.
Escape character is '^]'.
220 mail.example.com Microsoft ESMTP MAIL Service, Version:
6.0.3790.211 ready at
Mon, 13 Dec 2004 09:57:42 -0400
HELO mail
250 mail.example.com Hello [192.168.101.248]
mail from: ga...@example.com
250 2.1.0 ga...@example.com....Sender OK
rcpt to: r...@linux.int.example.com
250 2.1.5 r...@linux.int.example.com
data
354 Start mail input; end with <CRLF>.<CRLF>
Subject: test

test
.
250 2.6.0 <NMSelkkOO1Spm...@mail.example.com> Queued mail
for delivery

quit
221 2.0.0 mail.example.com Service closing transmission channel
Connection closed by foreign host.

$

Same error message get's returned to me:

Microsoft Mail Internet Headers Version 2.0
From: postm...@example.com
To: Ga...@example.com
Date: Mon, 13 Dec 2004 09:58:11 -0400
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
boundary="9B095B5ADSN=_01C4BE9D0E13B6B500005CDEmail.example.com"
X-DSNContext: 7ce717b1 - 1383 - 00000002 - C00402CF
Message-ID: <j0fcxDRI...@mail.example.com>
Subject: Delivery Status Notification (Failure)

- --9B095B5ADSN=_01C4BE9D0E13B6B500005CDEmail.example.com
Content-Type: text/plain; charset=unicode-1-1-utf-7

- --9B095B5ADSN=_01C4BE9D0E13B6B500005CDEmail.example.com
Content-Type: message/delivery-status

- --9B095B5ADSN=_01C4BE9D0E13B6B500005CDEmail.example.com
Content-Type: message/rfc822

Received: from mail ([192.168.101.248]) by mail.example.com with
Microsoft SMTPSVC(6.0.3790.211);
Mon, 13 Dec 2004 09:58:05 -0400
Subject: test
From: ga...@example.com
Bcc:
Return-Path: ga...@example.com
Message-ID: <NMSelkkOO1Spm...@mail.example.com>
X-OriginalArrivalTime: 13 Dec 2004 13:58:10.0935 (UTC)
FILETIME=[C804F070:01C4E11B]
Date: 13 Dec 2004 09:58:10 -0400


- --9B095B5ADSN=_01C4BE9D0E13B6B500005CDEmail.example.com--


Your message did not reach some or all of the intended recipients.

Subject: test
Sent: 12/13/2004 9:58 AM

The following recipient(s) could not be reached:

support test on 12/13/2004 9:58 AM


A configuration error in the e-mail system caused the
message to bounce between two servers or to be forwarded between two

recipients. Contact your administrator.
<mail.example.com #5.3.5>

Same thing happens when i use r...@192.168.101.19, as well.


Gavin


"Rich Matheisen [MVP]" <rich...@rmcons.com.NOSPAM.COM> wrote in

message news:brpgr0lnqfl8apr6b...@4ax.com...

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQA/AwUBQb2iQ2L1oTdLI0XfEQLRnACgxRs0HOYKlL0I1lZ5LucOs4ty9qsAoIx5
2iUq8RcIxnawW5SzrB33Bpc1
=B2+T
-----END PGP SIGNATURE-----


Rich Matheisen [MVP]

unread,
Dec 13, 2004, 11:44:23 PM12/13/04
to
"Gavin Hanover" <ga...@subnets.org> wrote:


Based on this, I'm going to say that you have the SMTP address in your
AD somewhere, either on a Contact or a mail-enabled user. For the
system to do this the address must be assigned to an object that canot
accept delivery of the message and is probably trying to send the
message to itself.

Try running LDP.exe and search the domain using a scope of "subtree"
and this "Filter":

anr=r...@linux.int.example.com

and then

proxyaddresses=smtp:r...@linux.int.example.com

And see if you can find that address.

Gavin Hanover

unread,
Dec 14, 2004, 4:35:58 PM12/14/04
to

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I believe I mentioned in my first post, that there was a contact in
AD with the SMTP address set to r...@linux.int.example.com. I have
since deleted it, and I still get errors when attempting to send mail
to r...@linux.int.example.com and r...@192.168.101.19 (which AD has never
had as a parameter anywhere). Searching LDP produces the following:

- -----------
***Searching...
ldap_search_s(ld, "DC=int,DC=example,DC=com", 2, "(anr=rt@*)",
attrList, 0, &msg)
Result <0>: (null)
Matched DNs:
Getting 0 entries:
- -----------
***Searching...
ldap_search_s(ld, "DC=int,DC=example,DC=com", 2,
"(anr=r...@linux.int.example.com)", attrList, 0, &msg)
Result <0>: (null)
Matched DNs:
Getting 0 entries:
- -----------
***Searching...
ldap_search_s(ld, "DC=int,DC=example,DC=com", 2,
"(proxyaddress=smtp:rt@*)", attrList, 0, &msg)
Result <0>: (null)
Matched DNs:
Getting 0 entries:
- -----------
***Searching...
ldap_search_s(ld, "DC=int,DC=example,DC=com", 2,
"(proxyaddress=smtp:*linux*)", attrList, 0, &msg)
Result <0>: (null)
Matched DNs:
Getting 0 entries:
- -----------
***Searching...
ldap_search_s(ld, "DC=int,DC=example,DC=com", 2,
"(proxyaddress=smtp:r...@linux.int.example.com)", attrList, 0, &msg)
Result <0>: (null)
Matched DNs:
Getting 0 entries:
- -----------

"Rich Matheisen [MVP]" <rich...@rmcons.com.NOSPAM.COM> wrote in

message news:d3rsr0laekijhao0l...@4ax.com...

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQA/AwUBQb9cu2L1oTdLI0XfEQI63ACg6hK301TW8KWu9oojKgRfAJC2OecAn0Wt
uA+QXODyBJxMsnbSpcn7K/q0
=48bJ
-----END PGP SIGNATURE-----


Rich Matheisen [MVP]

unread,
Dec 14, 2004, 5:14:50 PM12/14/04
to
"Gavin Hanover" <ga...@subnets.org> wrote:

>I believe I mentioned in my first post, that there was a contact in
>AD with the SMTP address set to r...@linux.int.example.com.

Yes, you did. I apoloize for not being more specific. What I wanted
you to look for was a Contact or mail-enabled user with a
targetAddress in your own domain that had the address in question as a
secondary SMTP proxy address.

>I have
>since deleted it, and I still get errors when attempting to send mail
>to r...@linux.int.example.com and r...@192.168.101.19 (which AD has never
>had as a parameter anywhere). Searching LDP produces the following:

Then it's time to crank up the diagnostics logging level on the
MSExchangeTransport service. I'd start with the Categorizer and SMTP
Protocol categories.

Gavin Hanover

unread,
Dec 17, 2004, 9:21:07 AM12/17/04
to

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Event Type: Error
Event Source: MSExchangeTransport
Event Category: NDR
Event ID: 3017
Date: 12/17/2004
Time: 9:58:11 AM
User: N/A
Computer: NMS
Description:
A non-delivery report with a status code of 5.3.5 was generated for
recipient rfc822;r...@linux.int.example..com (Message-ID
<NMSi4I2vXwv63...@mail.example.com>).
Causes: A looping condition was detected. (The server is configured
to route mail back to itself). If you have multiple SMTP Virtual
Servers configured on your Exchange server, make sure they are
defined by a unique incoming port and that the outgoing SMTP port
configuration is valid to avoid looping between local virtual
servers.
Solution: Check the configuration of the virtual serverÆs connectors
for loops and ensure each virtual server is defined by a unique
incoming port.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: cf 02 04 c0 Ï..À

There is only one Default SMTP Virtual Server, and one Internet Mail
SMTP Connector.


"Rich Matheisen [MVP]" <rich...@rmcons.com.NOSPAM.COM> wrote in

message news:61pur0dq8l9udn0eb...@4ax.com...

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQA/AwUBQcLrUGL1oTdLI0XfEQIo4QCeI6XpGAK/p8VQsS7LQVD/7xbPmpUAoIXm
xjRZIBMm6gQUIrEjdWsSpfoC
=JFCA
-----END PGP SIGNATURE-----


Rich Matheisen [MVP]

unread,
Dec 17, 2004, 9:19:05 PM12/17/04
to
"Gavin Hanover" <ga...@subnets.org> wrote:

>Event Type: Error
>Event Source: MSExchangeTransport
>Event Category: NDR
>Event ID: 3017
>Date: 12/17/2004
>Time: 9:58:11 AM
>User: N/A
>Computer: NMS
>Description:
>A non-delivery report with a status code of 5.3.5 was generated for
>recipient rfc822;r...@linux.int.example..com

^^
What's up with the two consecutive periods in that SMTP address?


>(Message-ID
><NMSi4I2vXwv63...@mail.example.com>).
>Causes: A looping condition was detected. (The server is configured
>to route mail back to itself).

That seems pretty clear.

You've already stated (I think) that the MX and A records for the
domain in question are correct and that running NSLOOKUP from the
Exchange server returns the expected results, so the problem's got to
be in the way you have things configured.

[ snip ]

>There is only one Default SMTP Virtual Server, and one Internet Mail
>SMTP Connector.

And what's on the "Address Space" tab of that SMTP Connector?

If you have only one SMTP Virtual Server in the organization, remove
the SMTP Connector and see what happens. If it's the SMTP connector
that's causing the problem then the problem shold disappear.

Gavin Hanover

unread,
Dec 22, 2004, 1:14:38 PM12/22/04
to

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

sorry for the delayed response, other work issues took priority.

"Rich Matheisen [MVP]" <rich...@rmcons.com.NOSPAM.COM> wrote in

message news:0a47s0d714jg4mcmu...@4ax.com...


: "Gavin Hanover" <ga...@subnets.org> wrote:
:
: >Event Type: Error
: >Event Source: MSExchangeTransport
: >Event Category: NDR
: >Event ID: 3017
: >Date: 12/17/2004
: >Time: 9:58:11 AM
: >User: N/A
: >Computer: NMS
: >Description:
: >A non-delivery report with a status code of 5.3.5 was generated
for
: >recipient rfc822;r...@linux.int.example..com
: ^^
: What's up with the two consecutive periods in that SMTP address?

i'm replacing hostnames manually to keep somewhat of anonymity wrt
company name. so that's a typo on my part.

: [ snip ]


:
: >There is only one Default SMTP Virtual Server, and one Internet
Mail
: >SMTP Connector.
:
: And what's on the "Address Space" tab of that SMTP Connector?

SMTP * 1

: If you have only one SMTP Virtual Server in the organization,


remove
: the SMTP Connector and see what happens. If it's the SMTP connector
: that's causing the problem then the problem shold disappear.

And this won't have any affect on internet delivery, right? (sorry if
this is basic, work isn't paying for MCSE till next year)

Gavin

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQA/AwUBQcm5jGL1oTdLI0XfEQLbFACg/iGRIruPxiBNoRpfSyvz0oDr+cEAoKET
XydZ/D6NjI5uNKV5USMT6SiT
=3OXY
-----END PGP SIGNATURE-----


Rich Matheisen [MVP]

unread,
Dec 22, 2004, 4:39:37 PM12/22/04
to
"Gavin Hanover" <ga...@subnets.org> wrote:

[ snip ]

>: >There is only one Default SMTP Virtual Server, and one Internet
>Mail
>: >SMTP Connector.
>:
>: And what's on the "Address Space" tab of that SMTP Connector?
>
>SMTP * 1

Good. :)


>: If you have only one SMTP Virtual Server in the organization,
>remove
>: the SMTP Connector and see what happens. If it's the SMTP connector
>: that's causing the problem then the problem shold disappear.
>
>And this won't have any affect on internet delivery, right? (sorry if
>this is basic, work isn't paying for MCSE till next year)

That's correct. With only a single VS the need for a SMTP Connector is
only for control over delivery restrictions, and other things you'r
probably not using.

Gavin Hanover

unread,
Dec 23, 2004, 11:35:19 AM12/23/04
to

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

: >: If you have only one SMTP Virtual Server in the organization,


: >remove
: >: the SMTP Connector and see what happens. If it's the SMTP
connector
: >: that's causing the problem then the problem shold disappear.
: >
: >And this won't have any affect on internet delivery, right? (sorry
if
: >this is basic, work isn't paying for MCSE till next year)
:
: That's correct. With only a single VS the need for a SMTP Connector
is
: only for control over delivery restrictions, and other things you'r
: probably not using.

Ok, removed the SMTP connector, still get the same error.

any other suggestions?

Gavin

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQA/AwUBQcrzxWL1oTdLI0XfEQJmmwCbBE8mLYmD8xaZDgZI5NZ8ptLhci4AoMPI
aTmC0GNcpRv+P/lZnSapWQrj
=YVBd
-----END PGP SIGNATURE-----


Rich Matheisen [MVP]

unread,
Dec 23, 2004, 9:19:59 PM12/23/04
to
"Gavin Hanover" <ga...@subnets.org> wrote:

[ snip ]

>Ok, removed the SMTP connector, still get the same error.
>
>any other suggestions?

No suggestions, but how about posting the results of nslookup, run
from the keyboard of the Exchange server? I know you sat that this
produces "the expected results" but I don't know what you expect to
see. :)

set q=mx
linux.int.cardow.com
linux.int.example.com

If those are server, and not domain names, there should be no MX
records, although having a MX record with the domain and server parts
identical probably would hurt anything.

One other thing to check (I don't remember if I asked about this
before), is the Internet Mail Format objects. Do you have one named
"Default", and is the domain "*"?

Gavin Hanover

unread,
Dec 27, 2004, 11:12:11 AM12/27/04
to

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

"Rich Matheisen [MVP]" <rich...@rmcons.com.NOSPAM.COM> wrote in
message news:7iums01k6l5prqr5o...@4ax.com...
:
: No suggestions, but how about posting the results of nslookup, run


: from the keyboard of the Exchange server? I know you sat that this
: produces "the expected results" but I don't know what you expect to
: see. :)
:
: set q=mx
: linux.int.cardow.com
: linux.int.example.com

:

> cjl.int.cardow.com
Server: cpdc.int.cardow.com
Address: 192.168.101.10

Name: cjl.int.cardow.com
Address: 192.168.101.19

> set q=mx
> cjl.int.cardow.com
Server: cpdc.int.cardow.com
Address: 192.168.101.10

cjl.int.cardow.com MX preference = 10, mail exchanger =
cjl.int.cardow.com
cjl.int.cardow.com internet address = 192.168.101.19
> set q=a
> nms.int.cardow.com
Server: cpdc.int.cardow.com
Address: 192.168.101.10

Name: nms.int.cardow.com
Address: 192.168.101.18

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQA/AwUBQdA0WGL1oTdLI0XfEQI/VQCgkJaq/qVv+jhmJdgtImN67E9YcxkAoL0s
FpYbCKMY+BBeM+zkxpuogNCw
=Y2XE
-----END PGP SIGNATURE-----


0 new messages