Exchange message failures and DNS

C

ciggwin

Supreme [H]ardness
Joined
May 30, 2006
Messages
4,861
Hi all,

I've got a ton of Exchange Delivery Status Failures. They come in and users forward them to me pretty regularly. The message is ALWAYS:

Could not deliver the message in the time limit specified. Please retry or contact your administrator. <mailsvr.domain.domain.com #4.4.7>
Click to expand...

When the internal domain was set up, it was set up just as you see in the error message... domain.domain.com - so the FQDN of the Exchange 2003 Standard server is mailsvr.domain.domain.com and I think this is where the problem lies.

I believe this is a reverse DNS problem, but I don't know enough to be sure. I've done reverse DNS lookups on both of our public IP addresses and one returns mail.domain.com and the other returns mailsvr.domain.com. However when sending from the mail server the SMTP banner is mailsvr.domain.domain.com - verified via telnet on the mail server.

Could this mismatch in reverse DNS vs. SMTP banner be why the mail is bouncing back? If I have our ISPs change the reverse DNS records to match the FQDN/SMTP banner (which I believe it should be in the first place if I understand reverse DNS correctly...) will that do anything extremely bad?

Sorry if I can't be more specific with IPs & FQDNs but I have to keep the privacy :)
 
If you bring up ESM....expand, servers, protocols, smtp, right click your default SMTP Virtual Server to bring up its properties, click on the delivery tab, then click the advanced button..what does it say in the field for fully-qualified domain name?
 
YeOldeStonecat said:
If you bring up ESM....expand, servers, protocols, smtp, right click your default SMTP Virtual Server to bring up its properties, click on the delivery tab, then click the advanced button..what does it say in the field for fully-qualified domain name?
Click to expand...

servername.domain.domain.com (referenced as "mailsvr.domain.domain.com" in OP)
 
There we go...you can rename that...and simply restart the SMTP service...you don't have to bounce your server.

And then maybe rebuild and update the RUS.
 
YeOldeStonecat said:
There we go...you can rename that...and simply restart the SMTP service...you don't have to bounce your server.

And then maybe rebuild and update the RUS.
Click to expand...

If I rename it, does it have the potential to "break" anything?

Also not sure what RUS is.

Thanks for the quick replies guys :) This has been a problem for months - even before I started apparently.
 
I've renamed quite a few on the fly..never broke anything.
RUS = Recipient Update Service..related to active directory. When I make changes to active directory, such as default recipient policies...group policy, e-mail related things...I often rebuild and update that to "nudge things along". For small servers/networks...not a biggie, but sometimes on much larger networks..esp when the DCs are loaded...it can speed things up so you don't have to wait for normal active directory activity to get to it overnight.
 
YeOldeStonecat said:
I've renamed quite a few on the fly..never broke anything.
RUS = Recipient Update Service..related to active directory. When I make changes to active directory, such as default recipient policies...group policy, e-mail related things...I often rebuild and update that to "nudge things along". For small servers/networks...not a biggie, but sometimes on much larger networks..esp when the DCs are loaded...it can speed things up so you don't have to wait for normal active directory activity to get to it overnight.
Click to expand...

OK and to be sure, I am renaming it to servername.domain.com and then I should also update my reverse DNS records to point to servername.domain.com as well?

As an added bonus, I have servername.domain.com in DNS pointing to our mail server IP. I have always wondered if reverse DNS should be servername.domain.com or simply mail.domain.com - currently nothing is set up in DNS for mail.domain.com.
 
Yeah...for example, of the active directory name of my network is catspad.local
I have Exchange usually set for say...catspad.org for the default recipient policy.
And my server name is "catsbeast"...I'll put catsbeast.catspad.org in that FQDN spot of the SMTP connector I mentioned above.

And I'll make an a-record pointing back to that in my public DNS, and with the ISP I'd do a PTR for that..if I was sending e-mail directly..but I never do that, I always use an SMTP smart host for both incoming and outgoing. example..postini..or actually we do our own smart host service for clients.

The RUS 'n stuff... down below in the MMC..right click and see your options there.
 
YeOldeStonecat said:
Yeah...for example, of the active directory name of my network is catspad.local
I have Exchange usually set for say...catspad.org for the default recipient policy.
And my server name is "catsbeast"...I'll put catsbeast.catspad.org in that FQDN spot of the SMTP connector I mentioned above.

And I'll make an a-record pointing back to that in my public DNS, and with the ISP I'd do a PTR for that..if I was sending e-mail directly..but I never do that, I always use an SMTP smart host for both incoming and outgoing. example..postini..or actually we do our own smart host service for clients.

The RUS 'n stuff... down below in the MMC..right click and see your options there.
Click to expand...

Alright I will rename it and restart the SMTP service. Then I will get the ISPs to change the PTR records in the reverse DNS lookup. The a-record already exists for the FQDN I am going to use, so I don't need to add that to our DNS. It points to the IP of the Exchange server.

However we do use Postini but AFAIK it is only for incoming mail. When I send a message, nothing in the header shows anything about Postini. It shows as coming from our mail server with the funky FQDN at the moment.

One last question... do I need reverse DNS on both ISPs? Since we have a block of IPs with both ISP1 and ISP2 and the Exchange server is only on one IP on ISP1, I wouldn't think that I need a reverse DNS PTR record on ISP2 ... is that correct?

Really appreciate all the assistance :)
 
The PRT record only needs to be on the IP address the exchange server sends mail from.
 
Renamed the FQDN to server.domain.com and restarted SMTP service with no issues this morning.

Sent an e-mail to my GMail account and it came through from server.domain.com

Hopefully this fixes the issues! Thanks for the [H]elp guys :)
 
You must log in or register to reply here.
Back
Top