RE: email from SBS being flagged as SPAM

Hello Customer,

Thank you for posting here.

From your post, I understand that your Exchange server hosts two email
domains. When sending emails to a certain domain by using one of your email
domains, the emails will be bounced back.

The receiving domain's admin said that the emails were flagged as 'fake
sender domain'.

Firstly I would like to explain that we don't recommend configuring the SBS
server in this way since it may cause some problems.

This issue can be caused by two different factors:

1. After you send an email to the receiving domain from company_two.com,
the receiving server looks for the PTR record for company_two.com. However,
since the IP addresses for company_one.com and company_two.com are the
same, it may find 'IP addresses PTR company_one.com' first. After that, it
will not look for PTR record any more. Since it cannot find 'IP addresses
PTR company_two.com' record, it considers the emails as 'fake sender
domain'.

2. After your server send EHLO to the receiving server, it may check the
FQDN set for the SMTP Virtual Server. If the FQDN is not the same as the
sender's email domain, even if the correct PTR record can be found in DNS,
the receiving server will still consider the emails as 'fake sender domain'.

For both scenarios, the only workaround is to stop performing reverse DNS
lookup on incoming emails on the receiving sever.

I am really sorry for the inconvenience that may cause.

If you would like to verify it, please send me following information:

1. Open the NDR message in Outlook. Click File-->Save As and then save it
as a .msg file. Then please send it as an attachment to
v-mzhuan@xxxxxxxxxxxxxx

2. Please let me know the two email domain names your server hosts and the
IP address of your mail server.

3. Please telnet the receiving domain's server and try to send an email by
using the problematic email domain and let me know the result.

Please refer to the following article for detailed steps:

XFOR: Telnet to Port 25 of IMC to Test IMC Communication
http://support.microsoft.com/?id=153119

Please capture screenshots of all the error messages.

4. Please enable SMTP log first, reproduce the issue, then send the log to
v-mzhuan@xxxxxxxxxxxxx:

NOTE: Please let me know the recipient's email address and the sender's
email address.

a. Open Exchange System Manager. Navigate to
Servers\ServerName\Protocols\SMTP\Default SMTP virtual server. Right-click
it and choose 'Properties'.

b. In General tab, check 'Enable logging' option. Click 'Properties'
button, enable *ALL* logging options in 'Advanced' tab.

c. Click 'OK' to close the dialog box. Restart the SMTP virtual server.

d. Reproduce the problem (send e-mail through external account). Wait for
10~20 minutes.

e. Go back to the server. Open Windows Explorer and navigate to
%systemroot%\system32\logfiles\smtpsvc1\ Gather the log file and send it to
me.

Please try the above steps at your earliest convenience. If you have any
concern, please feel free to let me know.

Best regards,

Manfred Zhuang(MSFT)
Microsoft Online Newsgroup Support

Get Secure! - www.microsoft.com/security

=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.
=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| From: Yofnik <yofnik@xxxxxxxxxxx>
| Newsgroups: microsoft.public.windows.server.sbs
| Subject: email from SBS being flagged as SPAM
| Date: Fri, 19 Oct 2007 11:24:26 -0700
| Organization: http://groups.google.com
| Lines: 26
| Message-ID: <1192818266.996980.217800@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
| NNTP-Posting-Host: 216.135.141.251
| Mime-Version: 1.0
| Content-Type: text/plain; charset="iso-8859-1"
| X-Trace: posting.google.com 1192818267 8722 127.0.0.1 (19 Oct 2007
18:24:27 GMT)
| X-Complaints-To: groups-abuse@xxxxxxxxxx
| NNTP-Posting-Date: Fri, 19 Oct 2007 18:24:27 +0000 (UTC)
| User-Agent: G2/1.0
| X-HTTP-UserAgent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1;
MathPlayer 2.10b; .NET CLR 1.1.4322; .NET CLR 2.0.50727),gzip(gfe),gzip(gfe)
| Complaints-To: groups-abuse@xxxxxxxxxx
| Injection-Info: q3g2000prf.googlegroups.com; posting-host=216.135.141.251;
| posting-account=ps2QrAMAAAA6_jCuRt2JEIpn5Otqf_w0
| Path:
TK2MSFTNGHUB02.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTFEEDS02.phx.gbl!TK2MSFTFE
EDS01.phx.gbl!news-out.cwix.com!newsfeed.cwix.com!newsfeed.stueberl.de!newsf
eed2.scan-plus.net!news.germany.com!postnews.google.com!q3g2000prf.googlegro
ups.com!not-for-mail
| Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:70466
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| Legitimate email from our users is being flagged as spam by receiving
| email servers. Here are the details why I think this is happening. I
| would appreciate any suggestions on how to resolve the issue.
|
| - Our single SBS server manages mail for two legitimate email
| domains - company_one.com and company_two.com
|
| - Our mail server has an address of mail.company_one.com
|
| - Mail sent from a user using the company_two.com domain bounces
| back. In discussion with network admins on receiving domains, the mail
| is being blocked because it is being flagged as a "fake sender
| domain". I believe this happends because our mail server has one
| domain name and the sending mail address has another domain name.
|
| Having an Exchange server manage mail for more than one domain can't
| be that rare of a thing. Is there something we need to do to keep this
| problem from happening? Is there a domain setting that I may be
| missing that states "mail.company_one.com" is a valid mail server for
| "domain_two.com"? Or something?
|
| Please help. This is becoming a significant burder on our
| organization.
|
| Thanks.
|
|

.

Loading