SMTP Connector sending to some, but not to all? 2

[kixtart]

Hello, I'm stuck on this one. I set up Exchange2000 with all the latest service packs on both Win2k and Exchange2k. I can receive all email (from different domains and internally) just fine.

However, I can not send mail to all. I can send to hotmail.com, yahoo.com, internally, and the Dept. of Justice. I can NOT send to comcast.net or aol.com. Atleast this is all I've tested so far. The messages just remain in my queue until NDR. Originally I though Comcast,net blacklisted me, but then I found out I couldn't send to Aol.com. I've only had this box up and running for 2 weeks.

Any ideas?
Thanks,
Gary

 

[kixtart]

UPDATE:
Still can't send to AOL.COM or COMCAST.NET.

Comcast has told me that the blacklist according to email, not IP, and that I am not blacklisted. They, nor I, can figure the problem out.

For AOL, I have followed a thread to AOL's postmaster service that will check to see if my server has OPEN RELAY enabled. I have shut off the OPEN RELAY but am waiting for confirmation that AOL is happy. Until then, I may still be blacklisted. Apparently, AOL blocks everyone until they run this check for OPEN RELAY.

I also reapplied all service packs.
HELP!
Gary

 

[Admstng]

this is not my area, but it seems like you'll take anything you'll get about now...

seems liek IMAP (internal network) POP3 "I can send to hotmail.com, yahoo.com, internally, and the Dept. of Justice." is all working fine.. i'm thinking that maybe SMTP is NOT working. do you have a firewall running maybe? well SMTP is running on port 25, so make sure thats open.. and go into system manager and check out protocols>smtp, see if anything is unusuall there.. hope this help some, goodluck

 

[kixtart]

Here is a copy of the NDR to COMCAST.NET (exact same NDR for AOL.COM (4.4.7)):

Your message did not reach some or all of the intended recipients.

Subject: test comcast
Sent: 6/6/2003 3:28 PM

The following recipient(s) could not be reached:

'########@comcast.net' on 6/8/2003 3:40 PM
Could not deliver the message in the time limit specified. Please retry or contact your administrator.
<server.domain.com #4.4.7>

Gary

 

[kixtart]

Thanks Admstng,
I am behind a firewall. Port 25 for SMTP is open, out and in. All email is definitely going out SMTP. In Exchange System Manager (or ESM) I can see Hotmail, Yahoo, and the others all under the SMTP queue go out as successful. In this same area, I see the hung email going to AOL.COM and COMCAST.NET just sitting as &quot;RETRY&quot;, which is the only thing that I see unusual.

Gary

 

[Admstng]

if you haven't already.. post here..

http://www.experts-exchange.com/

these forums are littel faster and there are some very smart guys over here..

 

[gzejer]

Hey,

I am also with Comcast and I am having exactly the same problem. I am not able to send to AOL or ASAPSOFTWARE.com but I know that the problem is somewhere with the DNS server being unable to send to AOL. I am also able to send messeges to any other domains as far as I can see. All messages from AOL come back to me as NDRs. They sit in the Queue for a few hours. I do get email from the AOL or ASAPSOFTWARE users. I verified that I have an MX record since AOL checks for that but still it is the same story.

Greg

 

[kixtart]

Hey Greg,
Are you able to send to Comcast.net? I am still working on this problem.

Gary

 

[gzejer]

I am getting closer to figure it out. I know that It has something to do with the DNS and reverse lookup. I am going to install yet another email software to see if it is my DNS server or something else.

 

[Sohni]

Have you checked that you have right fully qualified domain name inserted. Your server identifies itself by it and other check that domain name and IP Address are &quot;compatible&quot;.

 

[gzejer]

I believe that it has something to do with the reverse domain lookup. In my case if I lookup my domain zejer.com I can resolve without any problems. Now, if I try to resolve the IP address it responds with ATT.net I think AOL does not resolve because they filter IP addresses that do not have a proper reverse lookup. Let me know what you think Gary

 

[Sohni]

Gzejer was talking about the same thing as I.

You have to register you e-mail server's hostname (and IP)with your service provider. You also have to register it as a MX record. It takes about 8 hours before other servers update their respective information.

After that you insert into SMTP server's properties that registred host name as FQDN.

 

[kixtart]

Greg,
That was exactly what I was thinking. I have a cable modem and use Comcast for my ISP. When I do a reverse lookup, I get some weird Comcast FQDN. I have set all records correctly. A record for mail.xxxxxx.net points to correct public IP, MX record points to mail.xxxxxx.net with a priority of 10, another A record for

http://www.xxxxxx.net

points to the correct public IP. I use my registrar for DNS Name Servers. (my real domain name hase been substituted with xxxxxx)

Also, Greg, your Name Server (snoopy) points to an internal address (10.100.10.1). Why? I mean, why not be an external IP?

Gary

 

[Comptek4]

You should try doing a NSLOOKUP on the on the domain or a tracert on the IP address. If the trace fails send the error report to the service it failed on. I could not send mail to the address below this it what I sent them and it was fixed. (I.E. Below)
Tracing route to ville.k12.nj.us over a maximum of 30 hops:

1 <10 ms <10 ms <10 ms 10.1.245.244
2 <10 ms <10 ms <10 ms rt1.wood.k12.nj.us
3 <10 ms 10 ms <10 ms 209.146.47.33
4 * * * Request timed out.
5 * * * Request timed out.
6 * * * Request timed out.
7 * * * Request timed out.

 

[kixtart]

Yes, I have done all that. I have called Comcast, just haven't told them these details:

Tracing route to portal.comcast.net [24.153.64.7]
over a maximum of 30 hops:

1 10 ms 10 ms 9 ms 10.75.24.1
2 15 ms 25 ms 9 ms 10.75.24.1
3 24 ms 9 ms 9 ms 172.30.102.209
4 9 ms 10 ms 10 ms 172.30.102.238
5 10 ms 42 ms 9 ms 172.30.102.122
6 14 ms 13 ms 9 ms 172.30.102.187
7 10 ms 11 ms 11 ms 172.30.100.250
8 35 ms 13 ms 10 ms 68.48.0.162
9 43 ms 13 ms 24 ms 12.126.168.9
10 13 ms 47 ms 12 ms tbr1-p012201.wswdc.ip.att.net [12.123.9.74]
11 38 ms 13 ms 12 ms gar1-p340.abnva.ip.att.net [12.123.217.10]
12 11 ms 11 ms 13 ms 12.119.141.26
13 12 ms 11 ms 13 ms 24.153.66.132
14 * * * Request timed out.
15 15 ms 13 ms 25 ms portal.comcast.net [24.153.64.7]

Trace complete.

I have become very accustomed to using ping, tracert, and nslookup.

Gary

 

[Sohni]

I understand that 172.30.102.209 is your external IP address. You have no host name associated with that address. No wonder other e-mail providers do not let your messages through. You look like a spammer.

Call your service provider right now and register a host name associated with your external address. Registering it in your own server is not enough.

 

[kixtart]

Nope, follow that a little closer. My public IP (which isn't on there) is 68.86.186.x. I used nslookup to verify that my A record resolves name to IP and my MX record defines mail.xxxxxx.net, in which I have another A record to resolve mail.xxxxxx.net to IP as well.

In the above trace route, after I leave my internal domain (192.168.x.x), the next hops stay internal to Comcast's domain (hops 1 - 7), which are private IP's (both 10.75.x.x and 172.30.x.x).

Hop 8, which is the first Comcast public IP, enters the public realm. Hop 8's IP of 68.48.x.x must also be near my DNS servers from Comcast as my external DNS servers begin with 68.48.x.x.

Hop 9 - 12, I can't account for but appears to be on ATT's backbone.

Hop 13, trace enters Comcasts' Pennsyvania location.

Hop 14, I will just assume this is still in Comcast PA, but the Requests Time Out.

Hop 15, trace hits the target of portal.comcat.net (from this server I'm sure it sends to an email server farm for execution).

Now, to point out something. I did the same thing for AOL.com and another .com (which I won't name) and get a worse reuslt from tracert. On both tests, after about 15 hops, the trail goes dead (all Request Time Outs from Hop 16 and on). HOWEVER, I CAN send email to the .com that I didn't name but not to AOL.

Just remember, I can receive ALL email.

Next idea?
Gary

 

[Comptek4]

Go to the web site DNSSTUFF.com do a reverse lookup on your server. If the destination is resolved but no A recored is found the servers using reverse DNS verification on the address will not accept your mail. I am going throught this right now. My ins. company can send to me but i cant send to them. My ISP is correcting this right now. Also try doing a trace rought from DNSstuff.com to your mail server. Try this and post results if it fails so I can see if it is the same problum I have. Thanks

 

[kixtart]

Yes, I tried this before. The results from that URL are:

Answer:
68.86.186.x PTR record: pcp04235633pcs.gnscrp01.va.comcast.net. [TTL 43200s] [A=68.86.186.x]

I substituted the last octet of my IP with x. I realize that this isn't my mail server/domain. The reason for this is because I have a Cable Modem using DHCP. I aleady am aware that my IP can change and that I will need to make a few IP changes to get back online but I don't have a choice. Where I live it's Dialup or Cable, no DSL.

I was talking to someone else about this issue and they said that their ISP causes the same thing, but he can send email to Comcast and AOL.

Here's what I am about to try, please let me know what you think. I want to redirect the DNS servers from my registrar to my internal DNS server. I have just finished setting up my internet Domain's DNS zone(Windows 2000) which is different from my local zone. The reason for this is because my registrar (register.com) has limited DNS input. I need to use their custom GUI's to add entries and there are no options for reverse lookup or PTR records. My thought is that if I can control all the DNS details and publish a PTR record pointing to my domain, I can get an accurate NAME from a reverse lookup.

Sugestions?

Gary

 

[kixtart]

Well now, I did a SPAM database lookup and found 99.25% ok, but one site (out of 150+ sites) had this to say (about Comcast, not me):

IP address 68.86.186.x is listed here as comcast.net.misc spam. Comcast does not provide static ip addresses - they only provide DHCP with a moderately long lease time, and that does not qualify as a static ip address. We get a LOT of spam attempts from Comcast address space, and since even the same spammer keeps moving around, it is not feasible to block them by specific ip address. Therefore, we don't accept mail from Comcast customer ip addresses.

This is so frustrating. If the reason is because of the SPAM list above or the reverse lookup pointing to a comcast server then basically Comcast is blocking Comcast clients who use their own email and home...all of them...that's Bull$*@^ !!!

Again, what if I route DNS internally (see previous post) to attempt to fix the reverse lookup?
Gary