Re: SMTP/SPF HELL

Wow, there is a lot here, thanks! This is what the EHLO looks like now after
I changed the virtual smtp to mail.bsu.us:

Received: from 209.26.232.187 (EHLO mail.bsu.us) (209.26.232.187) by
mta124.mail.re2.yahoo.com with SMTP; Fri, 29 Jul 2005 05:11:07 -0700

That change was done before your post and before the message was sent to
Cogsdale. Is that what you meant by xxx.bsu.us? If you do a reverse lookup
for the IP 209.26.232.187 mail.bsu.us is what comes up. Or did you mean the
virtual smtp should be syssb0007.bsu.us?

You are also correct the DHR owns the IP address 209.26.232.187, I know you
know that. That is why I don't understand why Earthlink gave the response it
did. We tried multiple times to send and each time the result error was the
same. On the other hand, I CAN send to two individual Earthlink accounts.
One is a mindspring address. Also, keep in mind that we've sent to these
addresses successfully many times before in the past, with us being
"misconfigured" and all.

Now for the sticky part. BSU.com was in place before this company even had
an IT department. When I got here the company that had set everything up, a
local networking/support company, gave me a long complicated explaination as
to why it could not be changed. Now, he could have been baffleing me with BS
I don't know, I just took his word for it. In any case, just to make sure
we're on the same page, when I say we use bsu.com internally I mean that is
how our internal dns is set up. All entries have bsu.com appended
automatically. So, I created a new bsu.us zone in our DNS. I added a record
for syssb0007, which is the server name, and mail. Both records point to the
internal IP address and have bsu.us appended. Is that OK? I haven't changed
bsu.com because I'm CHICKEN. I'm afraid it will send our whole network into
a frenzy. It hasn't been a problem so far in the 3.5 years I've been here so
I've left it alone. It seems any time I make one minor change to right a
wrong it has a domino affect. Yes, it's good to make things right but at the
same time I pick my battles carefully. I'll have to look into what all is
involved with changing the domain name. --It can't possibly be as simple as
it sounds.

I haven't looked at kb 818222 yet, but I still don't understand why mail to
Cogsdale was rejected, especially since now the header states mail.bsu.us
from 209.26.232.187. I don't understand why Earthlink thinks we're using one
of their ip addresses, and how the heck do we fix that?

As for SMTP connectors, we do not have any.

I think I've touched on all the points you brought up. I will be reading
that KB article you mentioned right away. Again, I can't thank you enough!



"Rich Matheisen [MVP]" wrote:

> "BSUMelissa" <BSUMelissa@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
>
> >Thanks for responding, I truly appreciate your help. The following is the
> >NDR that came back from Earthlink (and what started this whole ball rolling):
> >
> >on 6/22/2005 4:13 PM
> > There was a SMTP communication problem with the recipient's
> >email server. Please contact your system administrator.
> > <syssb0007.bsu.com #5.5.0 smtp;550-EarthLink does not recognize
> >your computer (209.26.232.184) as connecting from an EarthLink connection.
> >If this is in error, please contact technical support.>
>
> This has nothing to do with your SPF stuff. Earthlink is stating that
> your server isn't using an IP address that belongs to Earthlink, but
> you're trying to use one of their servers as a SMTP relay.
>
> Your IP address is in the network owned by these folks, not Earthlink!
>
> OrgName: DHR Technologies
> OrgID: DHRTEC
> Address: 12800 University Dr
> Address: Suite 220
> City: Fort Myers
> StateProv: FL
> PostalCode: 33907
> Country: US
>
> NetRange: 209.26.232.0 - 209.26.232.255
> CIDR: 209.26.232.0/24
> NetName: DHRSLBB-ALOC-BLK3
> NetHandle: NET-209-26-232-0-1
> Parent: NET-209-26-0-0-1
> NetType: Reallocated
> Comment:
> RegDate: 2004-06-10
> Updated: 2004-06-10
>
> OrgAbuseHandle: NCC20-ARIN
> OrgAbuseName: Network Control Center
> OrgAbusePhone: +1-239-790-0000
> OrgAbuseEmail: noc@xxxxxxxx
>
> OrgNOCHandle: NCC20-ARIN
> OrgNOCName: Network Control Center
> OrgNOCPhone: +1-239-790-0000
> OrgNOCEmail: noc@xxxxxxxx
>
> OrgTechHandle: NCC20-ARIN
> OrgTechName: Network Control Center
> OrgTechPhone: +1-239-790-0000
> OrgTechEmail: noc@xxxxxxxx
>
> >We set up a SPF record in an attempt to fix this error,
>
> SPF records won't help at all.
>
> >we had about 50
> >earthlink messages come back with the same error. As I was reading up on the
> >error I found out a lot of vendors, Earthlink included, are cracking down and
> >using SPF, that is where I got the idea we needed a SPF record. So, yes, I
> >asked our vendor to delete the SPF record yesterday to take any possible
> >config error out of the mix. Essentially setting us back the way we were
> >before we had an SPF record. The only thing that has changed is now the
> >send/recieve IP address are the same. When that alone didn't fix the problem
> >I changed the FQDN from syssb0007.bsu.com to mail.bsu.us in the Exchange SMTP
> >virtual server settings. The thought was we don't own bsu.com in the real
> >world. BSU.com is only used internally.
>
> Ummmm . . . if you don't own that domain whatever possessed you to try
> hijacking it? Why not use bsu.local internally? Nobody will be
> confused by that.
>
> Your server identifying itself as bsu.com in the HELO/EHLO may be
> causing you some problems. Change the FQDN on the SMTP Virtual Server
> to "xxx.bsu.us" instead of "xxx.bsu.com". Make sure there's an "A"
> record in your internal DNS for the xxx.bsu.us name.
>
> >I'm getting advice from our ISP and
> >the company that hosts our DNS, GetNetSmart. I am still at a loss as to why
> >some of our mail gets returned.
>
> Well, your server lying about it's domain name when it announces
> itself might be a start. :)
>
> >This morning the following event was logged on our Exchange server:
> >Event Type: Error
> >Event Source: MSExchangeTransport
> >Event Category: SMTP Protocol
> >Event ID: 7004
> >Date: 7/28/2005
> >Time: 8:15:59 AM
> >User: N/A
> >Computer: SYSSB0007
> >Description:
> >This is an SMTP protocol error log for virtual server ID 1, connection
> >#1839. The remote host "24.222.15.212", responded to the SMTP command
> >"xexch50" with "504 Need to authenticate first ". The full command sent was
> >"XEXCH50 2028 2 ". This will probably cause the connection to fail.
>
> Nothing wrong here. You're talking to another Exchange server and it's
> not using an authenticated connection. The command should be rejected
> (your server does the same thing to that command when it receives
> one).
>
> >I looked up the ip and it is Cogsdale, an application vendor that we do
> >business with. It's logged several times. This is a typical error we seem
> >to get and I don't know why. I've read the links that the error send me to
> >and have verified the authentication. I'm still at a loss as to what is
> >happening here.
>
> Try this KB article (it still has nothing to do with your Earthlink
> problem, though):
> Messages remain in an outbound queue until a non-delivery report is
> generated when you send e-mail to a remote domain [818222]
>
> >The only things that possibly have changed on the mail server is maybe a
> >Windows 2003 Security hotfix was applied. Outside of that the Exchange server
> >is left alone to do it's thing, I don't mess with it.
>
> Do you have any SMTP connectors? Are any of them using the
> earthlink.com address space? Are they forwarding mail to the wrong
> server?
>
>
> --
> Rich Matheisen
> MCSE+I, Exchange MVP
> MS Exchange FAQ at http://www.swinc.com/resource/exch_faq.htm
> Don't send mail to this address mailto:h.pott@xxxxxxxxxxxxx
>
.

Relevant Pages

  • Re: SMTP/SPF HELL
    ... I looked at the SMTP log for the day of the "event". ... Earthlink messages was forwarded to me so I cannot view any header info. ... Skipping to the new zone, yes, I did that on our internal DNS but quickly ... email server. ...
    (microsoft.public.exchange.admin)
  • Re: SMTP/SPF HELL
    ... NDR that came back from Earthlink: ... We set up a SPF record in an attempt to fix this error, ... virtual server settings. ... This morning the following event was logged on our Exchange server: ...
    (microsoft.public.exchange.admin)
  • Re: SMTP/SPF HELL
    ... >email server. ... >your computer as connecting from an EarthLink connection. ... that is where I got the idea we needed a SPF record. ... You're talking to another Exchange server and it's ...
    (microsoft.public.exchange.admin)
  • Re: SPF record question
    ... >client IP addresses. ... I think where the confusion is coming from is the term ``SMTP ... another SMTP server. ... SPF record for domain.com, if that IP/subnet was in the record, I ...
    (microsoft.public.windows.server.dns)
  • NDR in Exchange 2003
    ... I am having trouble with my server sending mail to ... I turned on diagnostic logging for the SMTP ... This is an SMTP protocol warning log for virtual server ... This is an Earthlink mail server. ...
    (microsoft.public.exchange.connectivity)
Loading