Re: DNS and email problem

---

• From: v-yanniw@xxxxxxxxxxxxxxxxxxxx ("Jenny wu [MSFT]")
• Date: Fri, 10 Mar 2006 08:09:03 GMT

---

Hi Bryce,

Thanks for using the SBS newsgroup. Also thanks for Fred's input.

From your description, I understand the issue to be: emails that are sent

to Comcast and Aol accounts fail and received NDR. If I am off base, please
don't hesitate to let me know.

Based on my research, AOL and many other major mail servers (such as
Comcast) are now blocking mail when they cannot resolve the sending e-mail
server. AOL is doing reverse DNS lookup on the Exchange/SBS box against the
recipient's address of the mail. The AOL.com mail server requires that a
valid reverse DNS record (known as PTR) for all of your domain's MX
records. AOL.com also requires that for every inbound SMTP connection, the
connecting SMTP server must have a valid PTR record even if an MX record
does not exist.

Related information:

554 DNS:B2
http://postmaster.info.aol.com/errors/554dnsb2.html

NOTE: This response contains a reference to a third party World Wide Web
site. Microsoft is providing this information as a convenience to you.
Microsoft does not control these sites and has not tested any software or
information found on these sites; therefore, Microsoft cannot make any
representations regarding the quality, safety, or suitability of any
software or information found there. There are inherent dangers in the use
of any software found on the Internet, and Microsoft cautions you to make
sure that you completely understand the risk before retrieving any software
from the Internet.

In most cases, we can resolve this issue by routing mail for the AOL.com
domain through an SMTP connector to a smart host. However, it depends that
the Smart Host you use is allowed by AOL.com.

Or, we need to use the following method to resolve this issue (both of them
needs the cooperation with your ISP):

1. Make sure that your public DNS records that are hosted on your DNS
server are correct. On your DNS server check the following:

a) You must have an MX record for your domain that points to a valid Host
(A) record. For example, the MX record for <contoso.com> points to
<mail.contoso.com>, which is a valid e-mail server.

b) Make sure that the Host (A) record points to a valid IP Address. For
example, make sure that <mail.yourcompany.com> points to <209.88.88.88>,
which is the correct public IP Address for your e-mail server.

2. For every SMTP or Exchange server that sends outbound Internet mail,
make sure that there is a valid PTR record for the Public IP address of
that sending SMTP or Exchange server. This may be a firewall, router, or
another device that used to publish your domain information to an IP
address that is visible by Internet hosts. For example, If your Exchange
server is behind a firewall with an internal IP of 10.10.10.1, and the
firewall has an external IP of 4.3.2.1. When the Exchange server sends mail
to AOL.COM through the firewall, the receiving mail server sees that the
4.3.2.1 IP address is connecting for SMTP Communication. The receiving mail
server performs a reverse DNS lookup against this IP address, not
necessarily the MX record. The AOL mail server must find a PTR for 4.3.2.1
pointing to a valid host record in the <contoso.com> domain.

Hope above information helps! I am happy to be of assistance to you and
look forward to your reply.

Have a nice day!

Sincerely,

Jenny Wu
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
======================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.
======================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------

From: "Fred" <apextester@xxxxxxxxxxx>
Newsgroups: microsoft.public.windows.server.sbs
Subject: Re: DNS and email problem
Date: 9 Mar 2006 22:10:04 -0800
Organization: http://groups.google.com
Lines: 57
Message-ID: <1141971004.352681.193310@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
References: <elMv$u9QGHA.5296@xxxxxxxxxxxxxxxxxxxx>
NNTP-Posting-Host: 67.160.12.178
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
X-Trace: posting.google.com 1141971009 25506 127.0.0.1 (10 Mar 2006

06:10:09 GMT)

X-Complaints-To: groups-abuse@xxxxxxxxxx
NNTP-Posting-Date: Fri, 10 Mar 2006 06:10:09 +0000 (UTC)
In-Reply-To: <elMv$u9QGHA.5296@xxxxxxxxxxxxxxxxxxxx>
User-Agent: G2/0.2
X-HTTP-UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US;

rv:1.7.12) Gecko/20050915 Firefox/1.0.7,gzip(gfe),gzip(gfe)

Complaints-To: groups-abuse@xxxxxxxxxx
Injection-Info: j52g2000cwj.googlegroups.com; posting-host=67.160.12.178;
posting-account=w-5ebgwAAACac0RiTwak3E-L8BqlnK3b
Path:

TK2MSFTNGXA03.phx.gbl!TK2MSFTNGP08.phx.gbl!newsfeed00.sul.t-online.de!t-onli
ne.de!border2.nntp.dca.giganews.com!border1.nntp.dca.giganews.com!nntp.gigan
ews.com!postnews.google.com!j52g2000cwj.googlegroups.com!not-for-mail

Xref: TK2MSFTNGXA03.phx.gbl microsoft.public.windows.server.sbs:251329
X-Tomcat-NG: microsoft.public.windows.server.sbs

Have exactly the same problem with similar environment. Does it with
particular AOL and Comcast E-mail addresses.

Only thing is, I have been unable to recreate the problem using a
Comcast account.

Configured a Comcast account with full spam filtration and no problem.


Seems there is a wierd spam filter for certain accounts from AOL and
Comcast of which rejects mail sent from an invalid IP address and
domain name association. It may only be doing it with newly created
accounts at Comcast, AOL and others of where a certain query is
executed to filter off illegitmate mail...unfortunately doing it also
to legitimate mail having a bad mail server setting.

Found a link at Comcast of which shed a bit of light having to do with
reverse DNS, yet am still way in the dark on this:

http://www.comcast.net/help/faq/index.jsp?faq=Email118405

There is manager at the SBS of which allows for configuring the DNS of
which is yet another gordian knot from Microsoft to deal with.

Will be up late tonight researching this problem.

If you figure it out, please let me know.

Fred

Bryce wrote:

Hello:

I get emails back with this message: (I assume it's coming from our

exchange

server, maybe?)

---------------------------------------------
Your message did not reach some or all of the intended recipients.
Subject: Our company's name
Sent: 3/9/2006 4:24 PM
The following recipient(s) could not be reached:
'macy.fox@xxxxxxxxxxx' on 3/9/2006 4:24 PM
There was a SMTP communication problem with the recipient's email server.
Please contact your system administrator.
<ourcompany.org #5.5.0 smtp;521-EHLO/HELO from sender 70.xx.xx.xxx does

not

map to ourcompany.org in DNS>

-------------------------------------


What can I do. It looks like there is a DNS problem on our end?
99% of our email is fine though, but this person can't get anything to
comcast and sometimes to aol accounts.


Bryce.

.

---

• References:
  • DNS and email problem
    • From: Bryce
  • Re: DNS and email problem
    • From: Fred

• Prev by Date: RE: RWW and dynamic Default printer settings
• Next by Date: Re: odd mgration/upgrade ?
• Previous by thread: Re: DNS and email problem
• Next by thread: Re: DNS and email problem
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: DNS and email problem ... We've been having similar problems communicating with Comcast and AOL ... a reverse DNS to the wrong IP address for our mail server but I'm not ... (microsoft.public.windows.server.sbs) Re: Mail Stopped Sending My Messages ... accounts that are on my business server. ... Could it be that you receive mail through the business server, ... Comcast is my ISP for my home. ... (comp.sys.mac.system) Re: Error Number: 0x800CCC78 ... aka Kuay Tim ... The message could not be sent because the server rejected the sender's ... Called Comcast - no help ... Having the problem on ALL e-mail accounts on this computer and the exact ... (microsoft.public.windows.inetexplorer.ie6_outlookexpress) Re: sbs 2003 cant send email to AOL or Comcast ... I just want point AOL and Comcast at their ISP's mail server? ... and arange for them to set up the reverse DNS record accordingly. ... (microsoft.public.windows.server.sbs) Re: DNS and email problem ... I can't figure out if it's a problem on our DNS or theirs. ... It only appears to happen with comcast and aol, ... accounts at Comcast, AOL and others of where a certain query is ... (microsoft.public.windows.server.sbs)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Windows  > microsoft.public.windows.server.sbs  > 2006-03