Re: Undeliverable Mail

I thought about the way I had typed that, but I still stand by it. I can't
stand it when ISP's or hosting providers play dumb because they don't want
to do something (which is probably what the case is here).

As far as the Cisco PIX, I can't speak to the programming, but here's the
overview of what Mailguard does. It's on by default, BTW - you have to
specifically disable it. Mailguard basically disables all ESMTP commands,
limiting remote servers to only basic smtp commands. For example, HELO is a
basic SMTP greeting, while EHLO is an Enhanced (ESMTP) command. If you
telnet to your server (from outside) and issue a EHLO command, the PIX will
block the command and you'll get back a 500 5.3.3 Unrecognized command
response. Technically, it shouldn't cause issues, but prevents using some
of the more useful ESMTP commands. If you want to disable it, follow the
instructions in this KB article.
http://support.microsoft.com/kb/320027/

As far as logging, if you enabled SMTP Protocol logging, you will find the
logs in the c:\windows\system32\logfiles\smtpsvc1 directory. It's enabled
on the properties of the Default SMTP Virtual server.

--
Ben Winzenz
Exchange MVP
MessageOne
Read my blog!
http://winzenz.blogspot.com
http://feeds.feedburner.com/winzenz (RSS Feed)


"ESI" <ESI@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:A5C01817-8344-4A56-8C1F-CCC4E3D8EA4E@xxxxxxxxxxxxxxxx
> How do you like Interland now? HEH Well I will push the issue some, we are
> switching hosts within a month to IKH. Hopefully they will have a better
> department for handling these issues.
> Well I did some more testing at work. I can telnet to their server
> (AOL)and
> send mail that way. So I did come across something. Now while trolling the
> aol postmaster site I did find this snippet:
> Queuing Mail
>
>
> If the email you are attempting to send to America Online is queuing in
> your
> Outgoing Mail Server there are steps you can take to troubleshoot and
> correct
> the problem.
>
> You have a Cisco pix firewall.
>
> Please contact Cisco you may need to increase DNS packet size.
> DNS Caching.
>
> Please contact your system administrator. DNS caching is known to cause
> mail
> queuing when sending to the AOL mail server. Specifying IP address of
> AOL's
> relay servers is also known to cause this issue.
>
> I'll have to contact the company that setup our server and pix as they
> said
> the work on the pix is all command line. Personally I think they should do
> it
> for free as this is an ongoing problem. But that's my fight. But at the
> same
> time I was going to inquire about the mailguard. You said it doesn't need
> to
> be run, the admin at dnsstuff said it looks like bad programming on
> whoever
> set it up. I can't find any info as to what mailguard does and if we
> really
> do/do not need it.
>
> I setup logging, I may have done it right, or not. I ddin't see any text
> as
> to smtp prtotocols. I also setup alerts for SBS2K3, and I got an email
> saying
> there was a lot of email sitting in the queue. Which prompted me to search
> for queue on aol. I did notice after an hour the log was 5MB. Reading
> through
> what I could make out, there is a whole lot of mail in there that isn't
> from
> our company although the sender shows an bogusname@xxxxxxxxxxxxxxxxxx And
> alot of email to postmaster saying stop sending we don't have that
> address.
>
> Well I think I'm getting somewhere. just not sure where. Thanks for all
> your
> help.
>
> "Ben Winzenz [Exchange MVP]" wrote:
>
>> Interland is a bunch of morons then. SPF records are DNS resource
>> records
>> of type TXT. If they don't know how to do that, and want to cop out and
>> say
>> their servers don't support it (which I'd submit is a load of crap), they
>> don't deserve to be a hosting provider, or at least don't deserve your
>> business. RFC 1035 (http://www.faqs.org/rfcs/rfc1035.html) defines DNS
>> resource record types, which include TXT. Since it was submitted in, oh,
>> 1987!, saying their servers doesn't support creating TXT records is
>> nonsense, unless their server is totally non-RFC compliant, in which
>> case,
>> again, they should not be a hosting provider. You might try getting
>> ahold
>> of one of their senior network folks. In many cases, the level 1 folks
>> aren't real bright when it comes to dealing with stuff like that.
>>
>> AOL adding your IP to *their* whitelist shouldn't be a big deal. It's on
>> their end, not yours. I would have been more than suspicious if they had
>> asked you to add their server to your whitelist, though :-)
>>
>> You enabled logging means......you enabled SMTP Protocol logging? If so,
>> make sure that you enabled all the advanced logging options. If you
>> can't
>> interpret what it is saying (which is ok), please post the relevant
>> section
>> of the smtp log that shows the conversation between your server and AOL's
>> server.
>>
>> --
>> Ben Winzenz
>> Exchange MVP
>> MessageOne
>> Read my blog!
>> http://winzenz.blogspot.com
>> http://feeds.feedburner.com/winzenz (RSS Feed)
>>
>>
>> "ESI" <ESI@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> news:8CE77EF5-D6CB-4C5D-90E4-55B8C2D308B1@xxxxxxxxxxxxxxxx
>> > Well I'm still on a quest to send email to aol and yahoo. Your
>> > suggestion
>> > to
>> > add an SPF record applies to our domain hosted by interland. I sent
>> > them a
>> > ticket request for that addition. Their servers do not support that:
>> >
>> > Unfortunately, at this time, we are unable to create an SPF record for
>> > the
>> > domain. This is not supported by our servers.
>> >
>> > I contacted AOL and they wanted me to submit our IP to there whitelist.
>> > I
>> > didn't see any harm in that, although perplexed as to why I had to.
>> > That
>> > request was approved. Still no email going through.
>> >
>> > I enabled logging of the exchange server. I look at the log, I see
>> > where
>> > the
>> > user sent an email, just not quite sure what else in the maze of
>> > gobbledygook
>> > listed shows errors or what not. I get a 4.4.7 error in the returned
>> > email.
>> > Does that help?
>> >
>> > "Ben Winzenz [Exchange MVP]" wrote:
>> >
>> >> You can ignore the Warning on the mail server host name in greeting.
>> >> That
>> >> only applies to inbound mail. The cause is that you have a Cisco PIX
>> >> with
>> >> the Mailguard feature turned on. You don't need it enabled, and it
>> >> can
>> >> potentially cause problems with other mail systems trying to send mail
>> >> to
>> >> you, but it won't cause the problem of not being able to send mail to
>> >> yahoo
>> >> or aol. If you want to get rid of that warning, then disable
>> >> Mailguard
>> >> on
>> >> your PIX.
>> >>
>> >> You may want to registry SPF records, as dnsreport suggests. Looks
>> >> like
>> >> they have a wizard that walks you through how to set up the SPF
>> >> record.
>> >> SPF
>> >> records are registered as TXT records (versus say A or MX records).
>> >>
>> >> --
>> >> Ben Winzenz
>> >> Exchange MVP
>> >> MessageOne
>> >> Read my blog!
>> >> http://winzenz.blogspot.com
>> >> http://feeds.feedburner.com/winzenz (RSS Feed)
>> >>
>> >>
>> >> "ESI" <ESI@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> >> news:0533A4AD-1D3B-4BED-8C78-FE95AFAAB5EF@xxxxxxxxxxxxxxxx
>> >> > The ISP has re-directed the ptr record back to the
>> >> > mail.esi-extrusion.com.
>> >> > I
>> >> > went to the reverse dns on dnsstuff.com and it apparently is
>> >> > working. I
>> >> > still
>> >> > cannot send email to yahoo or aol accounts. When I put in
>> >> > esi-extrusion.com
>> >> > in dnsreport.com checker, it still shows the same errors. I don't
>> >> > know
>> >> > what
>> >> > else to change . Any ideas?
>> >> >
>> >> > "Ben Winzenz [Exchange MVP]" wrote:
>> >> >
>> >> >> You would be asking your ISP to map the PTR record for the IP
>> >> >> address
>> >> >> back
>> >> >> to mail.esi-extrusion.net. It needs to match the name of the
>> >> >> sending
>> >> >> server. Note that your ISP may not be willing to do this. It
>> >> >> isn't
>> >> >> an
>> >> >> unreasonable request, but some ISP's won't do it.
>> >> >>
>> >> >> A Smarthost simply means that instead of your server directly
>> >> >> connecting
>> >> >> to
>> >> >> the target server, you will forward all mail to your ISP first, and
>> >> >> your
>> >> >> ISP
>> >> >> will do the actual delivery of the mail. ISP's typically will
>> >> >> allow
>> >> >> their
>> >> >> customers to do this.
>> >> >>
>> >> >> Did the company that setup your server indicate what the tweak was?
>> >> >> Regardless, if you are able to resolve MX records for yahoo and
>> >> >> aol,
>> >> >> it
>> >> >> won't be a problem with your DNS server.
>> >> >>
>> >> >> --
>> >> >> Ben Winzenz
>> >> >> Exchange MVP
>> >> >> MessageOne
>> >> >> Read my blog!
>> >> >> http://winzenz.blogspot.com
>> >> >> http://feeds.feedburner.com/winzenz (RSS Feed)
>> >> >>
>> >> >>
>> >> >> "ESI" <ESI@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> >> >> news:3645EA9A-C86D-4FCD-945D-85F36E1E948A@xxxxxxxxxxxxxxxx
>> >> >> > When we switched from Interland hosting our email to hosting our
>> >> >> > own,
>> >> >> > it
>> >> >> > was
>> >> >> > quite a feat to get them to understand what needed changed, as I
>> >> >> > remember
>> >> >> > our
>> >> >> > server IT person had to walk them thru it. Quite conceiveably
>> >> >> > they
>> >> >> > didn't
>> >> >> > do
>> >> >> > it correctly.
>> >> >> >
>> >> >> > We do have a static ip for our Exchange Server. SBC is our ISP
>> >> >> > and
>> >> >> > our
>> >> >> > website is hosted by Interland currently. I want to be sure, I am
>> >> >> > asking
>> >> >> > SBC
>> >> >> > to re-map our ptr record back to esi-extrusion.com and not
>> >> >> > interland?
>> >> >> >
>> >> >> > I'm do not know what Smarthost is. I'm sorry. I'm going to do a
>> >> >> > search
>> >> >> > and
>> >> >> > read up on it shortly.
>> >> >> >
>> >> >> > I know people in general don't like to help newbies or generally
>> >> >> > stupid
>> >> >> > people thrust into a position by their company. If I get this all
>> >> >> > worked
>> >> >> > out,
>> >> >> > just know that someone will think your a hero.
>> >> >> >
>> >> >> > "Ben Winzenz [Exchange MVP]" wrote:
>> >> >> >
>> >> >> >> You have a PTR record, but it does not map to your MX record.
>> >> >> >> If a
>> >> >> >> receiving mail server is doing a reverse-DNS lookup, then the
>> >> >> >> PTR
>> >> >> >> record
>> >> >> >> will not match the name that the server says it is and could
>> >> >> >> cause
>> >> >> >> the
>> >> >> >> connection to be rejected.
>> >> >> >>
>> >> >> >> Do you have a static IP address, or is this a dynamic IP? If
>> >> >> >> it's
>> >> >> >> a
>> >> >> >> dynamic
>> >> >> >> IP, then you won't have any control over this. If static, you
>> >> >> >> can
>> >> >> >> ask
>> >> >> >> your
>> >> >> >> ISP to modify the PTR record to map back to
>> >> >> >> mail.esi-extrusion.com,
>> >> >> >> but
>> >> >> >> whether they do this is up to them. AOL and Yahoo usually don't
>> >> >> >> accept
>> >> >> >> mail
>> >> >> >> from IP's that are in dynamic pools.
>> >> >> >>
>> >> >> >> Can you send outgoing mail through your ISP as a SmartHost?
>> >> >> >>
>> >> >> >> --
>> >> >> >> Ben Winzenz
>> >> >> >> Exchange MVP
>> >> >> >> MessageOne
>> >> >> >> Read my blog!
>> >> >> >> http://winzenz.blogspot.com
>> >> >> >> http://feeds.feedburner.com/winzenz (RSS Feed)
>> >> >> >>
>> >> >> >>
>> >> >> >> "ESI" <ESI@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> >> >> >> news:AF1895BF-9FCD-4F25-9D20-6F54A6DC7AC5@xxxxxxxxxxxxxxxx
>> >> >> >> >I went to www.dnsreport.com and our reverse dns is ok. That I
>> >> >> >> >would
>> >> >> >> >assume
>> >> >> >> > handles the ptr question and A record. I typed
>> >> >> >> > esi-extrusion.com
>> >> >> >> > in
>> >> >> >> > the
>> >> >> >> > domain and all things look ok minus a few misc errors.
>> >> >> >> >
>> >> >> >> > "Dan J.S." wrote:
>> >> >> >> >
>> >> >> >> >>
>> >> >> >> >> "ESI" <ESI@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> >> >> >> >> news:3C4D5C0B-DD8D-499E-8B18-FB3A4298E0BB@xxxxxxxxxxxxxxxx
>> >> >> >> >> >I am NOT an IT Professional. I just try to do my best as our
>> >> >> >> >> >company
>> >> >> >> >> >IT
>> >> >> >> >> > person. (someone has to do it). We use Windows server 2003
>> >> >> >> >> > for
>> >> >> >> >> > small
>> >> >> >> >> > business. We Use MS Exchange v 6.5 Build 7638.2 Service
>> >> >> >> >> > Pack
>> >> >> >> >> > 2.
>> >> >> >> >> > Our
>> >> >> >> >> > company
>> >> >> >> >> > can not send email to yahoo.com or aol.com addresses. The
>> >> >> >> >> > company
>> >> >> >> >> > that
>> >> >> >> >> > setup
>> >> >> >> >> > our server said " We don't handle your dns configuration,
>> >> >> >> >> > this
>> >> >> >> >> > is
>> >> >> >> >> > something
>> >> >> >> >> > you have to take up with Interland. However, the dns report
>> >> >> >> >> > is
>> >> >> >> >> > just
>> >> >> >> >> > flagging
>> >> >> >> >> > generic issues that will not cause you any harm and is not
>> >> >> >> >> > causing
>> >> >> >> >> > you
>> >> >> >> >> > any
>> >> >> >> >> > problems. What I believe is happening is the dns server at
>> >> >> >> >> > ESI
>> >> >> >> >> > is
>> >> >> >> >> > having
>> >> >> >> >> > an
>> >> >> >> >> > issue with dns lookups at your end. There is a tweak we
>> >> >> >> >> > can
>> >> >> >> >> > do
>> >> >> >> >> > to
>> >> >> >> >> > help
>> >> >> >> >> > it
>> >> >> >> >> > correctly work with aol and yahoo mail providers. It takes
>> >> >> >> >> > about
>> >> >> >> >> > 30
>> >> >> >> >> > minutes
>> >> >> >> >> > to implement. Is this something I can do? I do know my way
>> >> >> >> >> > around
>> >> >> >> >> > some
>> >> >> >> >> > things and am learning all I can. Can some nice soul out
>> >> >> >> >> > there
>> >> >> >> >> > shed
>> >> >> >> >> > some
>> >> >> >> >> > light on my agonies?
>> >> >> >> >> >
>> >> >> >> >>
>> >> >> >> >> I can tell you from experience, dealing with yahoo and aol
>> >> >> >> >> (and
>> >> >> >> >> especially
>> >> >> >> >> aol) is a pain in the ass. You probably need a reverse dns
>> >> >> >> >> record,
>> >> >> >> >> and
>> >> >> >> >> this
>> >> >> >> >> is something both your is needs to setup (called a ptr) and
>> >> >> >> >> you
>> >> >> >> >> may
>> >> >> >> >> also
>> >> >> >> >> need an a record in your dns that confirms your outgoing smtp
>> >> >> >> >> server
>> >> >> >> >> is
>> >> >> >> >> in
>> >> >> >> >> fact in your control. However, even after you do it, aol
>> >> >> >> >> keeps a
>> >> >> >> >> cache
>> >> >> >> >> for
>> >> >> >> >> weeks sometimes, so even though all is corrected, you may
>> >> >> >> >> still
>> >> >> >> >> have
>> >> >> >> >> issues.
>> >> >> >> >> Calling aol may help, but they are a bunch of arrogant
>> >> >> >> >> a-holes
>> >> >> >> >> when
>> >> >> >> >> dealing
>> >> >> >> >> with them (especially their email admins).
>> >> >> >> >>
>> >> >> >> >> good luck.
>> >> >> >> >>
>> >> >> >> >>
>> >> >> >> >>
>> >> >> >>
>> >> >> >>
>> >> >> >>
>> >> >>
>> >> >>
>> >> >>
>> >>
>> >>
>> >>
>>
>>
>>


.

Quantcast