Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

NDR to Secondary Mail Servers 1

Status
Not open for further replies.

mmaxx

MIS
Oct 23, 2001
56
US
To All:

Our single server E2K is working fine except for one thing. We are unable to send mail to any internet domain with more than one mx records and whose primary mail server (or whose mx preference is the lowest) is down. I use to test external mail servers.

My painful workaround for now is to modify our internal DNS to have their secondary mail server as an alias of the first.

Pls. help! Thank you...
 
(Here's an update since I posted the same problem on another E2K Forum)

Queue Status = Retry
Delivery Failures = 22 (or other number until the message bounce back)

Since the fedex.com primary mail server is down
(mapper.mail.fedex.com), I can not telnet 25 to it. I can only telnet 25 to their secondary server smtp.dmz.fedex.com).

If you mean whether our internal DNS telnet session give the same result; the answer is yes, that is before I made the DNS changes.


From: &quot;Chris...&quot; <e2k@m...>
Date: Tue Jan 13, 2004 4:04 am
Subject: RE: [Exchange2000] Re: NDR from Secondary Mail Servers


When in the queue, what do the details say for the reason it is in the
queue? Does your internal DNS provide the same results? Can you telnet
to either host successfully from your Exchange server?

-----Original Message-----
From: mmaxx
Posted At: Sunday, January 11, 2004 6:59 PM
Subject: [Exchange2000] Re: NDR from Secondary Mail Servers

I'm sorry Ed...but I'm not making this up. Now you are scaring me..
Have I screwed up our E2K installation???
Specifically, sending an e-mail to admin@fedex.com The message just sits in the outbound queue until it times out (NDR).

Their primary e-mail server is down and the only way for me to send e-mail successfully was to manually modify our internal DNS. Using and selecting E-mail Validation, I have these results:

Validation results
Success

canonical address: <admin@fedex.com>

MX records preference exchange IP address (if included)
100 mapper.mail.fedex.com [0.0.0.0]
200 smtp.dmz.fedex.com [0.0.0.0]
SMTP session

[Contacting mapper.mail.fedex.com [199.81.10.44]...]
[Connection refused]
[Contacting smtp.dmz.fedex.com [199.81.193.118]...]
[Connected]
220 mx11.sac.fedex.com ESMTP Sendmail 8.12.6p2/8.12.3; Sun, 11 Jan
2004 18:48:46 -0600 (CST)
EHLO Network-Tools.com
250-mx11.sac.fedex.com Hello gateway.consumer.net [66.46.181.116],
pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-DELIVERBY
250 HELP
NOOP *** See < for an explanation
of this session
250 2.0.0 OK
NOOP *** HexValidEmail COM 1.2
<cb2dc578f9be810f7d54402a66c0b818418f456f>
250 2.0.0 OK
RSET
250 2.0.0 Reset state
VRFY admin
252 2.5.2 Cannot VRFY user; try RCPT to attempt delivery (or try
finger)
RSET
250 2.0.0 Reset state
EXPN admin
502 5.7.0 Sorry, we do not allow this operation
RSET
250 2.0.0 Reset state
MAIL FROM:<admin@N...>
250 2.1.0 <admin@N...>... Sender ok
RCPT TO:<admin@f...>
250 2.1.5 <admin@f...>... Recipient ok
RSET
250 2.0.0 Reset state
QUIT
221 2.0.0 mx11.sac.fedex.com closing connection
[Connection closed]
 
I am exepriencing the same issue you described. do you have a resolution?

Our environment is Windows 2000 server SP4
Exchange 2000 updated up to post SP3 roll-up.

When the destination refuses the connection it takes the Exchange several days to "find" a responding MX.

Microsoft has serveral KB articles describing this issue; however, they all reference hotfixes pre SP1.

Thanks
 
We are also using Symantec Spam filter gateway and I have a suspicion of that this might be culprit.

I only have a workaround solution. We have a Symantec Firewall where all our DC resolves all external DNS querries. I just modify the Firewall's built-in DNS to point to the correct MX record for every domain whose primary MX is unreachable.
 
mmaxx,
The problem that you have is the same problem that we just resolved. We also run Exch2k and Symantec Enterprise Firewall v7.04. We could send mail to everyone except one partner. They had a disabled primary mail server but were accepting all their mail on their secondary email servers MX address. Our Symantec Firewall was the problem. In The firewall configuration -> Access Controls -> Proxy Services -> SMTPD proxy properties -> Flow Control Tab... Make sure that you check the box that says to disable flow control checking. This is the problem. Good luck with your firewall.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top