Hi all, Recently, due to the our primary email domain change (from a.com to ab.com), several internal users complain that external users do not receive mails from us. I checked our appliance and mails sent out fine. So, how could I find out what's problem? BTW, mails are routed to the appliance out. The appliance has DNS A and PTR record which has old domain name (app.a.com). Do I have to change our appliance public DNS A to app.ab.com? Thank you.

Did you add SPF records for your new domain?[string](0..33|%{[char][int](46+("686552495351636652556262185355647068516270555358646562655775 0645570").substring(($_*2),2))})-replace " "

I do think mjolinor is right. Here's the wizard, in case you don't know: Sender ID Framework SPF Record Wizard http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/MCTS: Messaging | MCSE: S+M | Small Business Specialist

On Sat, 21 Aug 2010 01:12:54 +0000, SGryzbowski wrote: >Recently, due to the our primary email domain change (from a.com to ab.com), several internal users complain that external users do not receive mails from us. > >I checked our appliance and mails sent out fine. So, how could I find out what's problem? > >BTW, mails are routed to the appliance out. The appliance has DNS A and PTR record which has old domain name (app.a.com). > >Do I have to change our appliance public DNS A to app.ab.com? You don't HAVE to, but you'll continue to encounter problems is you don't. --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP

Why should it pose a problem if the primary SMTP address does not match the DNS A and PTR record of the appliance? It is quite common these days to host several SMTP domains and route them through one SMTP gateway. In the above case, they could have added ab.com to a.com. Should the gateway (appliance) then be listed with app.a.com and app.ab.com. We don't do that for our customers. My domain name is different from the SMTP Smart Host. This worked very well for all outbound mail until recently, when some mail was rejected. Adding a Sender ID (SPF) solved that issue. Perhaps I'm a bit to tired, and my thinking is even worse than normal, but I think we were discussing something along these lines about a year ago: Exchange 2007 Server Cannot Send Mail To AOL http://social.technet.microsoft.com/Forums/en-US/exchangesvradmin/thread/0c75d61f-d708-40df-b7a5-2328c5e96327MCTS: Messaging | MCSE: S+M | Small Business Specialist

On Sat, 21 Aug 2010 23:25:30 +0000, Jon-Alfred Smith wrote: > > >Why should it pose a problem if the primary SMTP address does not match the DNS A and PTR record of the appliance? That depends on how appliance is acting. Is it a proxy or relay server? Does it simply pass-through the HELO\EHLO or does it use its own? Does the name in the PTR record for the IP address match the name in the HELO\EHLO? Does the IP address of the sending machine agree with the IP address returned from a DNS query on the name in the HELO\EHLO command? >It is quite common these days to host several SMTP domains and route them through one SMTP gateway. That's been a common practice for decades. It's not a recent phenomenon. But whether or not a receiving server will accept the connection (or subsequent e-mails) is a decision made by the people that run that system -- it's not something you get to decide. I've run across systems that won't accept e-mail if the domain in the MAIL FROM doesn't match the domain in the HELO\EHLO command! >In the above case, they could have added ab.com to a.com. Should the gateway (appliance) then be listed with app.a.com and app.ab.com. We don't do that for our customers. >My domain name is different from the SMTP Smart Host. If all the names/addresses match up then there *usually* isn't a problem. Whether that's the case for the question posed in this thread is unknown since neither the IP address or domain name are known. >This worked very well for all outbound mail until recently, when some mail was rejected. Adding a Sender ID (SPF) solved that issue. If the receiving server uses SPF to check the hostname in the HELO\EHLO that's what probable cured that. Not every implementation of SPF checks the hostname, though. You'd also have to have a SPF record for the hostname and not just for the domain name for it to work (unless your sending server uses just the domain name in the HELO\EHLO). >Perhaps I'm a bit to tired, and my thinking is even worse than normal, but I think we were discussing something along these lines about a year ago: That doesn't surprise me. :-) --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP

Hi Rich, I thought that I need to make sure our appliance which route our emails out has DNS and PTR record. I do not know that I need to make our appliance to match with our new primary email address ab.com. Just wonder if we route our mails out through Postini, will we still have a problem to send emails out? Thank you.

On Sun, 22 Aug 2010 13:05:13 +0000, SGryzbowski wrote: >I thought that I need to make sure our appliance which route our emails out has DNS and PTR record. I do not know that I need to > >make our appliance to match with our new primary email address ab.com. > >Just wonder if we route our mails out through Postini, will we still have a problem to send emails out? In almost every case, having the HELO\EHLO data match the name returned in a PTR query, and having the IP address agree with the results of an A query, is all that matters. You will, however, encounter situations where people read into the RFCs things that are not there. You have no control over their management of their e-mail system. For those exceptions you'll have to deal directly with the administrators of that system to arrive at an understanding of how to deliver e-mail to them. --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP

Hi Rich, Thank you. If I add our appliance to the new domain's MX records (points to our app.a.com), will it sovle the issue we face? Just wonder if you host several domains emails, how do people usually do? (I just checked alico.com's MX records that points to aig.com)

On Sun, 22 Aug 2010 17:51:34 +0000, SGryzbowski wrote: >If I add our appliance to the new domain's MX records (points to our app.a.com), MX records are used to determine where to send email. If your appliance is expected to be the place where e-mail is delivered from the Internet then by all means add the appliance's A record name to your MX record(s). >will it sovle the issue we face? You haven't determined what the problem is. You've only stated the symptom. If e-mail isn't being delivered, do you receive a NDR? If you do, what does it say? If your SMTP logs show the e-mail is accepted by the other domain and the message never arrives in their inbox then you have no way to know what the problem is unless you contact the admin at the other system. >Just wonder if you host several domains emails, how do people usually do? Make sure the DNS records (A, MX, PTR) are all correct. --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP

Hi Rich, Thank you for the help. >You haven't determined what the problem is. You've only stated the >symptom. If e-mail isn't being delivered, do you receive a NDR? If you >do, what does it say? No NDR. >If your SMTP logs show the e-mail is accepted by >the other domain and the message never arrives in their inbox then you >have no way to know what the problem is unless you contact the admin >at the other system. Yes, I did send the email log to the admin of other company. I suspect that the problem is ours as 5 different customers did not receive mails from us last Friday. The only change we have is that we changed our primary email address to ab.com. The appliance has DNS and A record app.a.com (as I stated before) So, what should I do now: 1) add DNS record for our appliance to app.ab.com and PTR record Should I add the SPF record for the new domain? ( asI did not add the SPF record for the old domain before) Thank you very much!

On Mon, 23 Aug 2010 00:57:03 +0000, SGryzbowski wrote: >>You haven't determined what the problem is. You've only stated the >symptom. If e-mail isn't being delivered, do you receive a NDR? If you >do, what does it say? >No NDR. Well, that sounds like the message was accepted by the other system. >If your SMTP logs show the e-mail is accepted by >the other domain and the message never arrives in their inbox then you >have no way to know what the problem is unless you contact the admin >at the other system. >Yes, I did send the email log to the admin of other company. I suspect that the problem is ours as 5 different customers did not receive mails from us last Friday. And you see in the logs that the other system accepted the message? IOW, there's a 250 response to the MAIL FROM, RCPT TO, a 3xx response to your DATA\BDAT, and a 2xx response at the end of the message? If you do, then the answer has to come from the receiving system operator since you have no visibility into their system. >The only change we have is that we changed our primary email address to ab.com. Then perhaps the only reason your mail was accepted previously was that they'd white-listed your domain name? Again, presumably, since they've accepted the message for delivery only they can answer what they did with the message. >The appliance has DNS and A record app.a.com (as I stated before) Is the appliance acting as a proxy or relay? When connection to the other system is made, what is ther name in the HELO\EHLO command? Does that name match the name in the PTR record for the IP address and the IP address in the A record for the name in the HELO\EHLO? >So, what should I do now: 1) add DNS record for our appliance to app.ab.com and PTR record Until you say whether the name in the HELO\EHLO matches the name in the PTR record, and the A record for that name matches the IP address used by the appliance I can't say what will fix your problem -- and the real problem hasn't yet been identified. >Should I add the SPF record for the new domain? ( asI did not add the SPF record for the old domain before) Why would you NOT do that? Alos, do you have a TXT record with SPF data for the name in the HELO\EHLO command? --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP

Hi Rich, Thank you for taking time to help me. >Why would you NOT do that? >Alos, do you have a TXT record with SPF data for the name in the >HELO\EHLO command? I have check out SPF and fond out how should add SPF record without causing any problem? ---

On Tue, 24 Aug 2010 01:48:20 +0000, SGryzbowski wrote: > > >Hi Rich, > >Thank you for taking time to help me. >Why would you NOT do that? >Alos, do you have a TXT record with SPF data for the name in the >HELO\EHLO command? I have check out SPF and fond out how should add SPF record without causing any problem? --- I'm not sure if that's a statement or a question! This FAQ should provide you with examples: http://www.openspf.org/FAQ/Examples The very first heading "Basic Example" has an example that seems to fit your need. --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP