big daddy fatsacks
2[H]4U
- Joined
- Aug 10, 2001
- Messages
- 2,312
okay, this has been plaguing me for a week now and i thought it was fixed. perhaps not though.
last weekend i changed our email infrastructure to include an smtp relay through which incoming mail would be filtered. the flow of outgoing mail was not altered- our exchange server still connects directly to the internet to send mail. there were however, changes made to the firewall to accomodate the new setup so perhaps i botched something there.
so, mail comes in to the firewall where it is redirected to a windows server running fluffy the smtp guard dog. that does some spam blocking, etc and passes the mail onto our exchange server. the exchange server connects straight out to the internet to send. there is symantec AV and ihatespam running on the exchange server itself.
those changes were made 10 days ago, and all last week i was having problems with outgoing email. everything coming in worked great. going out the problem was tricky. we were able to send email to a lot of people. however, it seems that certain entire domains became unreachable. shell.com and hotmail.com to name 2. also, i could send email to my gmail account, but it would take like 15-20 minutes to arrive.
in any case the problem seemed to rest with domains so i thought it could possibly be a DNS issue. i changed the DNS servers used by our mail server from local, root, root, and local to local, ISP, ISP, local. also, i noticed that the firewall was blocking any DNS requests from all but our 2 local DNS servers anyway so i added an allow for the email server. so this morning i come in and the queue on my email server has gone down to a normal level. it was huge on friday. i send my gmail account an email and it arrives in about 3 minutes. i think "great, all fixed."
now i see that we are still having trouble reaching a few domains. i tried a certain domain about 30 minutes ago and the msg has not gotten there yet. now here comes the kick in the pants. from the email server i am able to run nslookup to find the mx records for basically ANY domain that we cannot get email through to. then i can telnet to port 25 of the primary mx record and get their smtp banner, send a helo, and get a hello back. so it seems as if the connection is completely fine. and yet, i am unable to actually get an email through to them.
i'm baffled. i just sent an email to my gmail and wildmail accounts. gmail was fine, but i got an unable to send to that recipient msg for my wildmail.com account. running some google searches on the "You do not have permission to send to this recipient." msg i see a lot of posts about our mail server possibly being on an RBL and the recipient mail servers are blocking us using that list. well, i went to rbl.org and MAPS and ran our IP through their RBL checks and they come back clean.
so again i say it, i'm baffled. can anyone provide some insight? further troubleshooting ideas? i'd greatly appreciate it.
thanks,
billy ocean
last weekend i changed our email infrastructure to include an smtp relay through which incoming mail would be filtered. the flow of outgoing mail was not altered- our exchange server still connects directly to the internet to send mail. there were however, changes made to the firewall to accomodate the new setup so perhaps i botched something there.
so, mail comes in to the firewall where it is redirected to a windows server running fluffy the smtp guard dog. that does some spam blocking, etc and passes the mail onto our exchange server. the exchange server connects straight out to the internet to send. there is symantec AV and ihatespam running on the exchange server itself.
those changes were made 10 days ago, and all last week i was having problems with outgoing email. everything coming in worked great. going out the problem was tricky. we were able to send email to a lot of people. however, it seems that certain entire domains became unreachable. shell.com and hotmail.com to name 2. also, i could send email to my gmail account, but it would take like 15-20 minutes to arrive.
in any case the problem seemed to rest with domains so i thought it could possibly be a DNS issue. i changed the DNS servers used by our mail server from local, root, root, and local to local, ISP, ISP, local. also, i noticed that the firewall was blocking any DNS requests from all but our 2 local DNS servers anyway so i added an allow for the email server. so this morning i come in and the queue on my email server has gone down to a normal level. it was huge on friday. i send my gmail account an email and it arrives in about 3 minutes. i think "great, all fixed."
now i see that we are still having trouble reaching a few domains. i tried a certain domain about 30 minutes ago and the msg has not gotten there yet. now here comes the kick in the pants. from the email server i am able to run nslookup to find the mx records for basically ANY domain that we cannot get email through to. then i can telnet to port 25 of the primary mx record and get their smtp banner, send a helo, and get a hello back. so it seems as if the connection is completely fine. and yet, i am unable to actually get an email through to them.
i'm baffled. i just sent an email to my gmail and wildmail accounts. gmail was fine, but i got an unable to send to that recipient msg for my wildmail.com account. running some google searches on the "You do not have permission to send to this recipient." msg i see a lot of posts about our mail server possibly being on an RBL and the recipient mail servers are blocking us using that list. well, i went to rbl.org and MAPS and ran our IP through their RBL checks and they come back clean.
so again i say it, i'm baffled. can anyone provide some insight? further troubleshooting ideas? i'd greatly appreciate it.
thanks,
billy ocean