Issue with send connector and I.S.P settings !
Hi all !My company is using an Exchange 2007 server (single server with latest SP and up to date) to send emails to our users and to Internet.Our domain name is managed by a registrar (all records are ok).Evrything is working properly for incoming and outcoming emails, no message left in the queue, A.D ok, D.N.S ok.I would simply like to settle our problem with some companies using reversedns checking solutions to fight against spam !For instance, I can't send emails to "Aol.com" and a french company using the mechanism mentioned above and I'll certainly have more coming.When I'm sending an email to these companies, I get this message from my server (translated in english for the most important parts) :La remise a échoué pour ces destinataires ou listes de distribution : (delivery failed for these recipients or...)'xx.xxxxx@gia.fr'Votre message n'a pas été remis en raison des stratégies de sécurité. (Your message couldn't be delivered due to security strategies)Microsoft Exchange ne tentera plus de remettre ce message pour vous. (Microsoft Exchange will no longer attempt to deliver this message for you)Fournissez le texte de diagnostic suivant à votre administrateur système. (Please communicate the following diagnostic to your I.T administrator)L'organisation suivante a refusé votre message : smtp17.msg.oleane.net. (The following Organisation bounced your message : ...) _____ Envoyé par Microsoft Exchange Server 2007 (Sent by Microsoft...)Informations de diagnostic pour les administrateurs : (Diagnostic data for your I.T Admin)Serveur de génération : XXXEXCHANGE.MONNOMDEDOMAINE.frxx.xxxxx@gia.frsmtp17.msg.oleane.net #550 5.7.1 Access denied - Reverse IP with this generic domain name is considered as source of spam ##En-têtes de message d'origine : Received: from XXXEXCHANGE.MONNOMDEDOMAINE.fr ([fe80::...:b93c:6c0e]) byXXXEXCHANGE.MONNOMDEDOMAINE.fr ([fe80::791e.....:6c0e%10]) with mapi; Thu, 18Feb 2010 13:24:33 +0100From: Prenom NOM <user@MONNOMDEDOMAINE.fr>To: "'xx.xxxxx@gia.fr'" <xx.xxxxx@gia.fr>Return-Receipt-To: <user@MONNOMDEDOMAINE.fr>Date: Thu, 18 Feb 2010 13:24:31 +0100Subject: Envoi message contournementThread-Topic: Envoi message contournementThread-Index: AcqwlVc4r3Rej3lMRhO6rqo7QIZcIQ==Message-ID: <159EEE83C9EADD4987FD74B9F06B41183704C1FADD@XXXEXCHANGE.MONNOMDEDOMAINE.fr>Accept-Language: fr-FRContent-Language: fr-FRX-MS-Has-Attach:X-MS-TNEF-Correlator:acceptlanguage: fr-FRContent-Type: multipart/alternative;boundary="_000_159EEE83C9EADD4987FD74B9F06B41183704C1FADDXXXEXCHANGEP_"MIME-Version: 1.0My domain name is no longer listed in the usual RBL lists (MX Toolbox checked yesterday, not listed).FYI, I've implemented an SPF record a few months ago, I use GFI Mail Essentials v14.0 to fight spam as well as Microsoft filters updates.Our I.S.P doesn't want to modify the reversedns record (as a small company, our subscription doesn't allow this operation) and simply offers to use a procedure to send all our emails through their smtp host relay.The point is that I don't want to choose this solution since I want to be able to log everything.Their procedure requires to modify smtp port from usual port 25 to 587 and use a specific smtp host or I.P address as well as the authentication used for our subscription.I initially tried to send a test email through Outlook creating an account with all the specific settings.The operation was successful.I then tried to create a send connector where I mentioned all the data required but, unfortunately, the message is still stuck in the queue with the following eror message :"421 4.2.1 Unable to connect. " Attempted failover to alternate host, but that did not succeed. Either there are no alternate hosts, or delivery failed to all alternate hosts.It looks obvious to me since port 587 is not used to send the email, but I can't figure out how to set my Exchnage Server to send ONLY emails to the specific domain names with the which I have a problem merely creating a send connector !Does anybody have an idea to solve this problem !?Help would be greatly appreciated !Kind regards,Phil.
February 20th, 2010 9:53pm

Exchange will choose the send connector with the most specific namespace to send an email, so if you have a send connector with a namespace of *, and one with a namespace of aol.com, it will always choose the second one for email to aol. I belive you can set the ISP's mail server as the relay host in the EMC, but you'll need to go to the EMS and use the set-sendconnector cmdlet to change the port number.
Free Windows Admin Tool Kit Click here and download it now
February 21st, 2010 2:12am

AOL has some very strict and complex requirements:AOL SMTP Error Messageshttp://postmaster.aol.com/Postmaster.Errors.html#421dnsnr Smart Host using Port 587 http://forums.msexchange.org/m_1800467895/mpage_1/key_/tm.htm#1800467906MCTS: Messaging | MCSE: S+M | Small Business Specialist
February 21st, 2010 2:50am

Hi Mjolinor & Jon-Alfred !Thanks so much for your kind help !I've started my EMC and feverishly typed the commands first of all to check out the "check ports" command and I got the right answer for both and each identified connector !I then set about to type the magic command "Set-SendConnector –Identity “Your Send Connector Name” -Port 587", got the prompt back with no error message, then got back to my queue manager, refreshed the console and sighed with relief at last when the line displayed the much looked after number "0" !Alleluia men !I'm a glad man !I've sent a test email to a friend who is one of the recipients in the company we used to send emails to and I'm now expecting the answer !I'll let you know ASAP if I get a successful one !I will then proceed with an AOL address to be sure everything is working properly !Thanks so much again to both of you,"You made my day", "Hasta la vista" men ! ;-)Philippe.Edit : At 1:35 PM (GMT + 1:00), 3 hours after my first tests I still had no answer to my emails but no immediate NDR as it used to be... Is this possible that I'm sending to a blackhole@email.com !!?? LOL :-)
Free Windows Admin Tool Kit Click here and download it now
February 21st, 2010 12:04pm

I'd send an email to your ISP, and ask them to check their logs and queues and see if they left there.
February 21st, 2010 4:21pm

Did you add the ISP's outbound mail servers to your SPF records?
Free Windows Admin Tool Kit Click here and download it now
February 21st, 2010 4:40pm

This is of course correct. Sender ID Framework SPF Record Wizard http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/MCTS: Messaging | MCSE: S+M | Small Business Specialist
February 21st, 2010 5:31pm

Hi mjolinor !Thx again for your prompt answer ! ;-)Regarding your first answer, this is one of the 3 main French I.S.P and except "world" and "big" companies, they couldn't care less !I could give it a try, but I feel convinced that nothing will be done !I guess that going through our I.S.P "pipes" for the email transfered through this dedicated send connector, I will no longer get any receipt, am I right !?As for your second answer, here's the syntax used in my SPF record :v=spf1 ip4:127.0.0.1 a mx ~allDo you think it should be modified ?Regards,Philippe.
Free Windows Admin Tool Kit Click here and download it now
February 21st, 2010 5:34pm

You have to include your smart host:v=spf1 mx ptr:smtp.online.no mx:mx.mydomain.com include:smtp.online.no -allmx.mydomain.com here i my own domainsmtp.online.no is my smart host.Run through the wiazard once more.MCTS: Messaging | MCSE: S+M | Small Business Specialist
February 21st, 2010 5:40pm

Just a piece of advice about the wizard and questions asked since I don't feel certain for all the settings :For the following questions what should I mention : - Do any other servers send mail from mydomainname.fr? --> I mentioned my specific "smtp-msa.orange.fr" I guess ? - You can describe them by giving "arguments" to the a:, mx:, ip4:, and ptr: mechanisms. mx: takes domain names and approves all the MX servers of these domains. To keep the wizard short we left out ptr:, but it works analogously. ? --> This is where I should mention "ptr:smtp-msa.orange.fr" as well as "mx:mx.mydomainname.fr" ? - Could mail from philolga.fr originate through servers belonging to some other domain? If you send mail through your ISP's servers, and the ISP has published an SPF record, name the ISP here. --> That's the most delicate point to me : should I mention my registrar "mx.ovh.com" as well as my I.S.P mx record or just one ? I've used this site : " http://who.is/dns/orange.fr/ " to get the MX record, but the point is that the specific smtp address I should use (smtp-msa.orange.fr) is not listed ( 193.252.22.72) !! The only MX record mentioned here is : "smtp-in.orange.fr" and the I.P address is diffrent : 193.252.22.92 !! Since I.S.P have many records, how can I be sure which one should be used in my SPF record ?Following your instructions I should get something like that : "v=spf1 a mx a:smtp-msa.orange.fr mx:mydomainname.fr include:mx.ovh.com include:smtp-msa.orange.fr ?all "Is that correct !?Thx again for your kind help,Philippe. Edit : At 8:15 PM (GMT + 1:00) I got the answer from one AOL user ! Seems like it's not such an unfathomable black hole ! ;-)
Free Windows Admin Tool Kit Click here and download it now
February 21st, 2010 6:52pm

Hi(Our I.S.P doesn't want to modify the reversedns record (as a small company, our subscription doesn't allow this operation) and simply offers to use a procedure to send all our emails through their smtp host relay)you must have your reverse dns (it is a must) move your domain name to other ISP you will face a lot of problems with many other email serversRegards A.Karam
February 22nd, 2010 12:20am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics