Re: Configuring Exchange as Mail Server General Advice
- From: "Billy" <billydotburrowsatntlworld.com>
- Date: Sat, 28 Apr 2007 15:36:59 +0100
Thanks for the replies!
I deleted the old MX records and things seemed to work almost as soon as for
sending mail but I can not receive any mail and do not know if this is a
misconfiguration with my exchange server, firewall issue or because of any
related propagation times.
When sending mail to my server it bounces with reported errors of:
This Message was undeliverable due to the following reason:
"Each of the following recipients was rejected by a remote mail server.
The reasons given by the server are included to help you determine why
each recipient was rejected.
Recipient callout failed for user@xxxxxxxxxx from
mtaout02-winn.ispmail.ntl.com"
I have been to the suggested dns sites and have got the following back but
only a vague idea of what its all about:
"WARNING. The parent servers (I checked with g.gtld-servers.net.) are not
providing glue for all your nameservers. This means that they are supplying
the NS records (host.example.com), but not supplying the A records
(192.0.2.53), which can cause slightly slower connections, and may cause
incompatibilities with some non-RFC-compliant programs. This is perfectly
acceptable behavior per the RFCs. This will usually occur if your DNS
servers are not in the same TLD as your domain (for example, a DNS server of
"ns1.example.org" for the domain "example.com"). In this case, you can speed
up the connections slightly by having NS records that are in the same TLD as
your domain."
FAIL: You have one or more missing (stealth) nameservers. The following
nameserver(s) are listed (at your nameservers) as nameservers for your
domain, but are not listed at the parent nameservers (therefore, they may or
may not get used, depending on whether your DNS servers return them in the
authority section for other requests, per RFC2181 5.4.1). You need to make
sure that these stealth nameservers are working; if they are not responding,
you may have serious problems! The DNS Report will not query these servers,
so you need to be very careful that they are working properly.
ns2.hosteurope.com.
ns.hosteurope.com.
This is listed as an ERROR because there are some cases where nasty problems
can occur (if the TTLs vary from the NS records at the root servers and the
NS records point to your own domain, for example).
ERROR: One or more of the nameservers listed at the parent servers are not
listed as NS records at your nameservers. The problem NS records are:
ns.123-reg.co.uk.
ns2.123-reg.co.uk.
WARNING: We cannot test to see if your nameservers are all on the same Class
C (technically, /24) range, because the root servers are not sending glue.
We plan to add such a test later, but today you will have to manually check
to make sure that they are on separate Class C ranges. Your nameservers
should be at geographically dispersed locations. You should not have all of
your nameservers at the same location. RFC2182 3.1 goes into more detail
about secondary nameserver location.
Your DNS servers leak stealth information in non-NS requests:
Stealth nameservers are leaked [ns.hosteurope.com.]!
Stealth nameservers are leaked [ns2.hosteurope.com.]!
This can cause some serious problems (especially if there is a TTL
discrepancy). If you must have stealth NS records (NS records listed at the
authoritative DNS servers, but not the parent DNS servers), you should make
sure that your DNS server does not leak the stealth NS records in response
to other queries.
WARNING: Your SOA (Start of Authority) record states that your master
(primary) name server is: ns.hosteurope.com.. However, that server is not
listed at the parent servers as one of your NS records! This is legal, but
you should be sure that you know what you are doing
WARNING: Your SOA REFRESH interval is : 86400 seconds. This seems high. You
should consider decreasing this value to about 3600-7200 seconds (or higher,
if using DNS NOTIFY). RFC1912 2.2 recommends a value between 1200 to 43200
seconds (20 minutes to 12 hours, with the longer time periods used for very
slow Internet connections), and if you are using DNS NOTIFY the refresh
value is not as important (RIPE recommend 86400 seconds if using DNS
NOTIFY). This value determines how often secondary/slave nameservers check
with the master for updates. A value that is too high will cause DNS changes
to be in limbo for a long time.
ERROR: None of your mail server(s) seem to have reverse DNS (PTR) entries (I
didn't get any responses for them). RFC1912 2.1 says you should have a
reverse DNS for all your mail servers. It is strongly urged that you have
them, as many mailservers will not accept mail from mailservers with no
reverse DNS entry. You can double-check using the 'Reverse DNS Lookup' tool
at the DNSstuff site (it contacts your servers in real time; the reverse DNS
lookups in the DNS report use our local caching DNS server).
ERROR: I could not complete a connection to any of your mailservers!
mail.domain.com: Could not connect without glue or A record.
If this is a timeout problem, note that the DNS report only waits about 40
seconds for responses, so your mail *may* work fine in this case but you
will need to use testing tools specifically designed for such situations to
be certain.
As always thank you for any help with this!
.
- Follow-Ups:
- Re: Configuring Exchange as Mail Server General Advice
- From: Lanwench [MVP - Exchange]
- Re: Configuring Exchange as Mail Server General Advice
- References:
- Prev by Date: Re: outlook over https keeps asking username/password
- Next by Date: Re: Connectivity issue driving me nuts!
- Previous by thread: Re: Configuring Exchange as Mail Server General Advice
- Next by thread: Re: Configuring Exchange as Mail Server General Advice
- Index(es):
Relevant Pages
|
