Tuesday, October 19, 2010

Exchange 2007 , unable to send email to specific domains


Issues of similar nature may rarely be an issue on server side . the purpose of the post is to discuss possible troubleshooting steps for server side issues.

Most important asset you have is this scenario is the Non delivery report generated in response to your email. I will tell you if the receiving domain rejected the email , or was it your exchange server that is unable to deliver. It will also mention a generic reason why the email was not delivered.

Following are the different causes for Remote delivery failure:

  • Blacklisting

Remote severs will check if you domain is blacklisted for sending out spam.You can run a blacklist test from http://www.blacklistalert.org/ or http://www.mxtoolbox.com/blacklists.aspx . Someone may be using the open relay on your exchange to send out spam .

If you use a smart host , it is unlikely that the server will be blacklisted.

  • Connection Filtering

The remote domain may have blocked your exchange domain name or IP address. They could have also blocked IP ranges which include your Ip address .You can relay mail through a smart host if available.

  • Improper DNS resolution of Remote Server

This possibility will arise in case one of the Global DNS severs has a bad MX record for the remote domain and you are fortunate enough that your sever forwards a record to the Global DNS server that hosts the incorrect MX record.

Make sure the host file doesn’t contain any unnecessary entries. Check The DNS on your server to make sure a MX record or a DNS zone is configured for the remote domain. Remove the record if found and flush the DNS cache.

Enable verbose logging for the SMTP connector and check the Ip address of the remote domain.You can verify the actual MX record for the remote domain by using http://dnsstuff.com/

  • Port 25 blocked at the remote site

Open a command prompt and telnet the remote site on port 25.

Run “TELNET Remote.domain.com 25”

You will get a SMTP banner if you are able to connect , which means that the port is open.

  • Maximum Transmission Unit (MTU) and Black hole Routers

Beware of a Blackhole router in the SBS domain.

If the SBS server is sending traffic that must be fragmented, but no ICMP control packet reaches SBS to let it know, then the traffic will be dropped without intimation.

  • PTR Record

If the PTR record does not point your server’s IP address to its properly registered name, certain organizations checking for this will drop your connection. They will do this to Avoid spam.

Unlike other records, PTR records are not hosted by your DNS registrar, nor are they hosted by you even if you manage your own DNS namespace.

Web sites you can use to check your PTR record include http://www.checkdns.net/quickcheck.aspx and http://dnsstuff.com/

  • Sender ID

Make sure your SPF record is correctly configures.If you are unsure of an existing SPF record or need to create a new one for your domain, visit the Sender ID Framework SPF Record Wizard: http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard

These are most common issues and there may be other reason for this issue

No comments:

Post a Comment