Email being rejected as possible spam?
J e r e m y
business-class DSL connection. He can receive all emails fine, and can send
to most domains fine. Some email (mostly sent toward ISP hosted email
accounts, and some corporate email servers) gets rejected by the remote
server, with a status code 4.4.7.
I've done much reading about spam blocking techniques (he is not a spammer)
to make sure his server was properly configured. I ran Metaedit to change
his SMTP banner to display his email domain name instead of his internal
domain name, had SBC delegate his reverse lookup zone to his DNS server, and
configured his DNS to the best of my knowledge. His MX record does not
resolve to a CNAME record (this was a potential issue I saw somewhere) and
the IP of his mail server resolves back to the same name as the MX record
(this was an issue on DNSReport.com).
If anyone would like to perform some sort of DNS check on this server, reply
in the group and I'll email you the domain name.
I'm running out of ideas as to why some of his email never goes through, and
he's getting fed up with not having fully functional email.
TIA,
J e r e m y
Ace Fekay [MVP]
J e r e m y <jeremy AT exibus DOT com> posted their thoughts, then I offered
mine
That status code means delivery time expired, as per RFC 2156
http://rfc-2156.rfcindex.com/rfc-2156-108.htm
Is there any resolution delays experienced on this machine?
Just in case it is, I'm assuming that both interfaces (assuming that the SBS
machine is acting as a mulithomed machine) are pointing to the internal DNS
(if this is the DNS, then assuming it;s pointed to itself in both
interfaces) and forwarders set? If this is the case, what forwarder are you
using?
Have you tried to manually telnet to the domains that are not accepting
mail?
May also be an issue with the server, although not relaying, being used by
spammers if they had hacked the local admin account password (not the domain
account) and using that account to authenticate. This has been a big issue
lately. If so, or not sure, I would suggest to go into DSRM and change the
local admin account password. Another account normally hacked is the
IUSR_machinename account. You may want to change that too.
If the above paragraph applies, many RBLs and software used by many major
ISPs and companies to reject spam may have this machine in it's list. I had
one client that this was happening. Eventually it was taken off the list,
but it was a real PITA dealing with it.
Here's a couple links to look at:
McFadden's Spam Email Blacklist:
http://bl.csma.biz/
Spam Database Lookup (plug in your IP here)
http://www.dnsstuff.com/tools/ip4r.ch?ip=YourIpAddressHere
--
Regards,
Ace
Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.
Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
--
=================================
Ace Fekay [MVP]
Ace Fekay [MVP] <PleaseSubstituteMyActualFirstName&LastNa...@hotmail.com>
posted their thoughts, then I offered mine
Delivery Status Notifications in Exchange 2000 Server:
http://support.microsoft.com/?id=284204
Basically it's telling me the receiving server is rejecting it from what I
mentioned in my other post.
Kevin D. Goodknecht [MVP]
J e r e m y <jeremy AT exibus DOT com> posted a question
Then Kevin replied below:
: I have a customer that has an Exchange 2000 server running on an SBC
What is the name of his reverse lookup zone SBC I know for a fact delegates
it to you with the Netblock ID. As an example I also use SBC Business class
DSL my Net Block is 65.65.91.208/29 it is delegated to me as
208.91.65.65.in-addr.arpa. That is the name of the zone in my DNS My PTR
records are for example
209 PTR NS1.lonestaramerica.com
It is refered to me by CNAME 209.208.91.65.65.in-addr.arpa it works great.
Go here
www.dnsreport.com
You might also check to see if his IP is on an open relay blackhole list
there is a open relay list checker at www.dnsstuff.com (same site as above).
--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
============================
--
When responding to posts, please "Reply to Group" via your
newsreader so that others may learn and benefit from your issue.
To respond directly to me remove the nospam. from my email.
==========================================
http://www.lonestaramerica.com/
==========================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
==========================================
Keep a back up of your OE settings and folders with
OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
==========================================
Rich Matheisen [MVP]
How about this one?
XADM: Some Domains Send NDRs to an Exchange 2000 Server That Runs
Watchguard Firebox Firewall [312415]
Try creating a SMTP connector and put into the "address space" tab the
domains that are causing trouble for you. Then use the "Advanced" ab
and have that connector send HELO instead of EHLO. That should
eliminate the possibility that the receiving server doesn't like one
of the ESMTP commands (even though they advertise them not all servers
handle them correctly).
You can also use the SMTP protocol log to see what's taking place in
the conversation between the two servers. Knowing only that the
message has surpassed its expiry time tells you very little about why
the message cannot be delivered.
--
Rich Matheisen
MCSE+I, Exchange MVP
MS Exchange FAQ at http://www.swinc.com/resource/exch_faq.htm
Sharad
inform the domain names of 2 - 3 of the email servers
who are rejecting the mails.
Sharad
"J e r e m y" <jeremy AT exibus DOT com> wrote in message
news:OO8NW2$yDHA...@TK2MSFTNGP11.phx.gbl...
J e r e m y
208.206.65.67.in-addr.arpa. His reverse DNS entry for the mail server is
209.208.206.65.67.in-addr.arpa
249 PTR ns1.amerisourcemtg.com.
This is the output from DNSReport.com, in regards to a reverse lookup record
on my MX:
OK. All of your mail server(s) have reverse DNS (PTR) entries. RFC1912 2.1
says you should have a reverse DNS for all your mail servers. It is strongly
urged that you have them, as many mailservers will not accept mail from
mailservers with no reverse DNS entry. The reverse DNS entries are:
249.206.65.67.in-addr.arpa mail.amerisourcemtg.com. [TTL=2483]
Any other ideas guys?Thanks a million,J e r e m y
"Kevin D. Goodknecht [MVP]" <ad...@nospam.LSAOL.COM> wrote in message
news:et%23x9oAz...@TK2MSFTNGP12.phx.gbl...
Kevin D. Goodknecht [MVP]
J e r e m y <jeremy AT exibus DOT com> posted a question
Then Kevin replied below:
: 208.206.65.67.in-addr.arpa. His reverse DNS entry for the mail server
: is 209.208.206.65.67.in-addr.arpa
: 249 PTR ns1.amerisourcemtg.com.
This PTR is not in this Netblock 67.65.206.208/29, the useable IPs are from
67.65.206.209 - 67.65.209.213 with 67.65.206.214 as the gateway, and
67.65.206.208 and 67.65.206.215 as being unusable.
SBC has not delegated this block and its PTRs are the default
adsl-67-65-206-209.dsl.snantx.swbell.net
If his Netblock is 67.65.206.208/29 you need to call SBC and get the block
delegated to you. BTW, the DNS dudes are there 24/7 the best time to call
them is about 9PM, you'll get right in, at least I usually do.
:
: This is the output from DNSReport.com, in regards to a reverse lookup
: record on my MX:
:
:
: 249.206.65.67.in-addr.arpa mail.amerisourcemtg.com. [TTL=2483]
: Any other ideas guys?
This reverse lookup is working right but his actual NetBlock is
67.65.206.248/29
Take a look:
How I am searching:
Asking a.root-servers.net for 249.206.65.67.in-addr.arpa PTR record:
a.root-servers.net says to go to figwort.arin.net. (zone:
67.in-addr.arpa.)
Asking figwort.arin.net. for 249.206.65.67.in-addr.arpa PTR record:
figwort.arin.net says to go to NS1.SWBELL.NET. (zone:
65.67.in-addr.arpa.)
Asking NS1.SWBELL.NET. for 249.206.65.67.in-addr.arpa PTR record: Got CNAME
referral to ns1.amerisourcemtg.com. (zone 249.248.206.65.67.in-addr.arpa.)
Asking ns1.amerisourcemtg.com. for 249.248.206.65.67.in-addr.arpa. PTR
record: Reports ns1.amerisourcemtg.com.
Answer:
67.65.206.249 PTR record: ns1.amerisourcemtg.com. [TTL 3600s]
[A=67.65.206.249]
J e r e m y
them and had them set it up (correctly to my knowledge) two months ago. I
wonder how it got changed back.
Thanks to all,
J e r e m y
"Kevin D. Goodknecht [MVP]" <ad...@nospam.LSAOL.COM> wrote in message
news:egzSOnwz...@TK2MSFTNGP11.phx.gbl...
Ace Fekay [MVP]
J e r e m y <jeremy AT exibus DOT com> posted their thoughts, then I offered
mine
> Thanks- I just looked that up and confirmed it. Funny thing is, I
> called them and had them set it up (correctly to my knowledge) two
> months ago. I wonder how it got changed back.
>
> Thanks to all,
> J e r e m y
Did you ever confirm two months ago that it was indeed delegated correctly?
Kevin D. Goodknecht [MVP]
J e r e m y <jeremy AT exibus DOT com> posted a question
Then Kevin replied below:
: called them and had them set it up (correctly to my knowledge) two
: months ago. I wonder how it got changed back.
Hmm, Not sure about that when I called them they had my delegation done by
the next morning.
Kevin D. Goodknecht [MVP]
J e r e m y <jeremy AT exibus DOT com> posted a question
Then Kevin replied below:
: called them and had them set it up (correctly to my knowledge) two
: months ago. I wonder how it got changed back.
I just did some checking have you registered your DNS server's host name and
IP with your registrar?
I just checked all your IPs and none have a nameserver registered on them,
at least with the .com, .net, and .edu gTLD servers. I think you will have
to register the nameserver and IP before it can bs delegated to you.
J e r e m y
proven my resources are a little slim. I'm on hold with his registrar right
now to get his name servers registered. SBC told me I had to email in the
request for reverse delegation, so I'm waiting 1-2 business days for that.
My fingers are crossed, and I'll continue to post to this thread until
everything is working.
Thanks everyone, and have a safe and happy new year!
J e r e m y
"Ace Fekay [MVP]"
<PleaseSubstituteMyActualFirstName&LastNa...@hotmail.com> wrote in
message news:eq$hLPyzD...@TK2MSFTNGP12.phx.gbl...
Ace Fekay [MVP]
J e r e m y <jeremy NO exibus SPAM com> posted their thoughts, then I
Mail it in?? You mean snail mail? When I did it with Qwest, I just emailed
them the doc file with the request and it was done by the next day.
Hope this all works out for you. Have a great New Year's!
J e r e m y
> > delegation, so I'm waiting 1-2 business days for that.
Still haven't heard back from them yet, and they said they'd send an email
confirmation. I'm calling back today. And GoDaddy told me that if his name
servers were listed on the Domain Management page that they were registered.
I probed the guy on the phone to insure that he understood the difference
between "registered" and "being used", and he said he did.
Following up with SBC today, because DNSStuff.com shows they haven't done
anything yet.
Good day,
J e r e m y
"Ace Fekay [MVP]"
<PleaseSubstituteMyActualFirstName&LastNa...@hotmail.com> wrote in
message news:uFcjgJ%23zDH...@tk2msftngp13.phx.gbl...
Kevin D. Goodknecht [MVP]
J e r e m y <jeremy NO exibus SPAM com> posted a question
Then Kevin replied below:
::: SBC told me I had to *email* in the request for reverse
::: delegation, so I'm waiting 1-2 business days for that.
:
: Still haven't heard back from them yet, and they said they'd send an
: email confirmation. I'm calling back today. And GoDaddy told me that
: if his name servers were listed on the Domain Management page that
: they were registered. I probed the guy on the phone to insure that he
: understood the difference between "registered" and "being used", and
: he said he did.
I did a whois on the www.internic.net site and none of his IPs are
registered as nameservers.
J e r e m y
today. His nameservers should be NS1.AMERISOURCEMTG.COM and NS1.SWBELL.NET
(they'll be hosting a backup). I'll post again with any results when I see a
change has happened.
J e r e m y
"Kevin D. Goodknecht [MVP]" <ad...@nospam.LSAOL.COM> wrote in message
news:OQ%23ymW70...@TK2MSFTNGP09.phx.gbl...
J e r e m y
--------- Snip ---------
Whois Server Version 1.3
Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.
NS2.AMERISOURCEMTG.COM
NS1.AMERISOURCEMTG.COM
To single out one record, look it up with "xxx", where xxx is one of the
of the records displayed above. If the records are the same, look them up
with "=xxx" to receive a full display for each record.
>>> Last update of whois database: Mon, 5 Jan 2004 06:39:05 EST <<<
--------- Snip ---------
And here is the lookup by actual servername:
--------- Snip ---------
Whois Server Version 1.3
Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.
Domain Name: AMERISOURCEMTG.COM
Registrar: GO DADDY SOFTWARE, INC.
Whois Server: whois.godaddy.com
Referral URL: http://registrar.godaddy.com
Name Server: NS1.AMERISOURCEMTG.COM
Name Server: NS2.AMERISOURCEMTG.COM
Status: ACTIVE
Updated Date: 19-oct-2003
Creation Date: 07-may-2003
Expiration Date: 07-may-2013
>>> Last update of whois database: Mon, 5 Jan 2004 06:39:05 EST <<<
--------- Snip ---------
J e r e m y
--------Snip--------
[root@nix01 root]# dig -x 67.65.206.249
; <<>> DiG 9.2.1 <<>> -x 67.65.206.249
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43526
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;249.206.65.67.in-addr.arpa. IN PTR
;; ANSWER SECTION:
249.206.65.67.in-addr.arpa. 6934 IN CNAME
249.248.206.65.67.in-addr.arpa.
249.248.206.65.67.in-addr.arpa. 3334 IN PTR ns1.amerisourcemtg.com.
;; Query time: 13 msec
;; SERVER: 192.168.0.2#53(192.168.0.2)
;; WHEN: Tue Jan 6 08:30:50 2004
;; MSG SIZE rcvd: 102
--------Snip--------
I want to check it at DNSStuff.com too but their site is down. I think it's
set up again, but I'm still not abandoning the thread until email starts
getting through.
J e r e m y
"J e r e m y" <jeremy NO exibus SPAM com> wrote in message
news:OJtIu680...@TK2MSFTNGP09.phx.gbl...
Kevin D. Goodknecht [MVP]
J e r e m y <jeremy NO exibus SPAM com> posted a question
Then Kevin replied below:
:
: --------Snip--------
: [root@nix01 root]# dig -x 67.65.206.249
:
: ; <<>> DiG 9.2.1 <<>> -x 67.65.206.249
: ;; global options: printcmd
: ;; Got answer:
: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43526
: ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
:
: ;; QUESTION SECTION:
: ;249.206.65.67.in-addr.arpa. IN PTR
:
: ;; ANSWER SECTION:
: 249.206.65.67.in-addr.arpa. 6934 IN CNAME
: 249.248.206.65.67.in-addr.arpa.
: 249.248.206.65.67.in-addr.arpa. 3334 IN PTR
: ns1.amerisourcemtg.com.
:
: ;; Query time: 13 msec
: ;; SERVER: 192.168.0.2#53(192.168.0.2)
: ;; WHEN: Tue Jan 6 08:30:50 2004
: ;; MSG SIZE rcvd: 102
:
: --------Snip--------
I'm kinda lost here, I took this from one of your previous posts earlier in
the thread:
> His netblock is 67.65.206.208/29, and his reverse DNS zone is
> 208.206.65.67.in-addr.arpa. His reverse DNS entry for the mail server is
> 209.208.206.65.67.in-addr.arpa
What is his IP because the one you are posting has always worked, at least
since you started the thread, it has.
J e r e m y
server's IP. The issue was with .249 resolving to whatever his SBC hostname
was as assigned by SBC, and not his registered domain name.
I just got an email from him saying his outbound emails are working now,
but: "he is receiving my emails, but his emails are being returned when he
tries to email me back. This may be the case with my sister also."
I have no problem emailing him, so I guess this issue is closed, and I'll
work on that.
Thank you all very much.
Sincerely,
J e r e m y
"Kevin D. Goodknecht [MVP]" <ad...@nospam.LSAOL.COM> wrote in message
news:u3BjzKI1...@TK2MSFTNGP10.phx.gbl...
J e r e m y
-----Snip-----
Your message did not reach some or all of the intended recipients.
Subject: Test- Please Reply
Sent: 1/6/2004 10:59 AM
The following recipient(s) could not be reached:
us...@domain.com [edited] on 1/6/2004 11:49 AM
The e-mail address could not be found. Perhaps the recipient
moved to a different e-mail organization, or there was a mistake in the
address. Check the address and try again.
<fileserver.amerisourcemtg.com #5.1.8 smtp;553 5.1.8
<Admini...@amerisourcemtg.com>... Domain of sender address
Admini...@amerisourcemtg.com does not exist>
-----Snip-----
Admini...@amerisourcemtg.com is a valid email address. It's the account
I used to send the email from. Or is that not the problem perhaps?
TIA,
J e r e m y
"J e r e m y" <jeremy NO exibus SPAM com> wrote in message
news:u7DtHFJ1...@TK2MSFTNGP10.phx.gbl...