Server's email address ??

Check the headers of one of the emails you send to yourself, it should have a "received from" followed by a name and the ip address of your server. maybe that's what he wants? It should just be servername@domain.com or something though.

sprkymrk wrote:

Check the headers of one of the emails you send to yourself, it should have a "received from" followed by a name and the ip address of your server. maybe that's what he wants? It should just be servername@domain.com or something though.

thank you

I posted another thread

http://techexams.net/forums/viewtopic.php?t=32439

this is why he wants the information

and this is exactly what he asked for incase there is a misunderstanding between us

"in regards to sender verification

Many servers do this as an effort to avoid spam, making sure we can actually mail back to the sender. It has a nice little name for it, but I call it sender verification.

The question that I originally asked you was what is the email address the abcmail uses to verify and you never answered it. For example, userA@publiclaw.com sends a message to userB@mydomain.com. I seriously doubt that abcmail says HELO "I'm userB@mydomain.com trying to RCPT to userA@theirdomain.com”. Most likely it is something like postmaster@blahblahblah.com or administrator@blahblahblah.com. What is the email address that abcmail uses to perform sender verification???? To be perfectly honest, it's most likely not administrator@mydomain.com because if it was, our server will approve it and thus your server would not fail sender verification. It's probably something like administrator@abcmail.com or whatever which we do not have listed as an approved address and therefore your attempt to verify sender is failing with us and subsequently failing at abcmail and ultimately not being delivered to userB@mydomain.com. Follow??? This would explain why mydomain.com can always send to us, but we cannot (from time to time) send to mydomain.com. Your verification process is failing on our end because we don't know from what email address abcmail is attempting to verify messages we send."

any idea???

As far as I know, sender verification is commonly done as a bounce message. If his server is rejecting bounce messages, that's his problem, not yours.

sprkymrk wrote:

As far as I know, sender verification is commonly done as a bounce message. If his server is rejecting bounce messages, that's his problem, not yours.

I do agree with you there

problem is he is becoming increasingly more frustrating to deal with and pretty unprofessional

I am going to suggest that he white list my mx record IP

it is my understanding that if he does this any email coming from my mail exchanger will be accepted regardless of what email address it is coming from

this should resolve this issue if it is what he is claiming

Are you running an Exchange server? You can check here to see if you are using Sender Verification:

To specify Sender ID filtering options:

Start System Manager
Double-click Global Settings.
Right-click Message Delivery, and then click Properties.
Click the Sender ID Filtering tab.

You can tell it to "Accept" even if verification fails, then see if that clears up your problem.

Sender ID filtering doesn't use an e-mail address for a server for verification. It uses an SPF record within the sending server's DNS to verify that the sending server is in the SPF record which is a list of allowed SMTP Sending servers for that domain. If you have Sender ID filtering turned on, and the sending domain doesn't have an SPF record with their sending server, it'll increase the SCL value of the sending message and it can block the message depending on configuration.

So for example, if you have Sender ID filtering turned on, the other org sends mail, you have it set to reject mail from servers that don't have SPF, it'll reject their e-mail. Tell that organization to create an SPF record or turn off your sender id filtering or keep sender id on but tell it to accept messages so when the message hits IMF, IMF will take the Sender ID failure into consideration when adjusting SCL for acceptance/rejection.

Thanks guys

I have it set to Accept regardless of whether or not they have and SPF record

I was quite confident in there not being any issue with the configuration but not being an exchange guru I wanted to make sure

I'll admit my knowledge of exchange logs is probably not the best

but could either of you explain to me exactly what is happening below

2008-03-05 21:10:52 64.105.113.202 OutboundConnectionCommand SMTPSVC1 myserver - 25 RCPT - TO:<user3@theirdomain.com> 0 0 4 0 1375 SMTP - - - -

2008-03-05 21:10:52 64.105.113.202 OutboundConnectionResponse SMTPSVC1 myserver - 25 - - 250+user3@theirdomain.com+Address+Okay 0 0 39 0 1593 SMTP - - - -

the other companies admin claims the above info proves my server is sending an email to there server to verify that user3@theridomain.com is an actual accont on the box

but since Sender verification checks and SPF record and doesn't send and email what is occurring above?

As I said, having it set to accept doesn't mean it'll definitely be accepted. It just means it's passed to the Intelligent Message Filter (IMF) which is the Content Filtering mechanism in 2007. That does some more checking and takes the Sender ID filtering into consideration for the final SCL value. If the SCL value is above your threshold, and depending on your configuration, it could be blocked.

Has their domain been checked by a blacklist site? Get their sending server's IP address and go here:
http://www.mxtoolbox.com/blacklists.aspx?AG=GBL&gclid=CMHZ2_XRzY8CFRsTawod7wtS9w

DNStuff.com also has checks but it costs money.

Do this for reading logs:
http://www.msexchange.org/tutorials/Logging_the_SMTP_Service.html

I do that every time I read logs. Makes it much easier to read.

I've have checked mxtoolbox.com and they are not blacklisted

this issue is intermittent and when the emails fail their user receives

Subject: RE: test

Sent: 3/13/2008 7:03 AM

The following recipient(s) could not be reached:

admin@mydomain.com on 3/13/2008 7:01 AM

You do not have permission to send to this recipient. For assistance, contact your system administrator.

<charlie.theirdomain.net #5.7.1 smtp;550 5.7.1 Unable to relay for admin@mydomain.com>

I checked the IMS filter on my exchange 2k3 box and it is set as follow

Block messages with an SLC Rating greater than : 8

when blocking messages: take no action

[/img]

That's a pretty high SCL rating anyways. The issue is intermittent as in it doesn't happen to often from domain to domain or is it intermittent with the same user to user?

undomiel

Is this in reference to this same issue? http://www.techexams.net/forums/viewtopic.php?t=32184

I'll stand by what I had said earlier then. Their relay isn't setup properly or that user's Outlook is not setup for proper authentication.

royal wrote:

That's a pretty high SCL rating anyways. The issue is intermittent as in it doesn't happen to often from domain to domain or is it intermittent with the same user to user?

That is a bit hard to answer because I have one user who seems to never say he get's complaints about their email going through but another who seems to have issues more often than not with them

it seems when I'm notified of the issue and we try some tests that it will fail on my postmaster, personal account and admin accounts as well

I guess it is fibroblast domain to domain when the issue occurs

I have already whitelisted them in our spam software (GFI)

undomiel wrote:

Is this in reference to this same issue? http://www.techexams.net/forums/viewtopic.php?t=32184

I'll stand by what I had said earlier then. Their relay isn't setup properly or that user's Outlook is not setup for proper authentication.

Yes it is the exact same issue reffered to in that thread

Their admin is just saying my server validation check must be failing intermittently and that is why mail mail flow works sometimes and other it does now

Well tell them to make sure their sending server has a PTR record as well as an SPF record in public DNS. I would do the same on your side. Also, try setting the SMTP connectors to respond to EHLO via the public FQDN of what the PTR record maps to. So if the PTR maps to mail.domain.com which should be the ip address Exchange sends from, set the EHLO response to also be mail.domain.com.

This will ensure both servers have a more optimal setup for internet validation.

royal wrote:

Well tell them to make sure their sending server has a PTR record as well as an SPF record in public DNS. I would do the same on your side. Also, try setting the SMTP connectors to respond to EHLO via the public FQDN of what the PTR record maps to. So if the PTR maps to mail.domain.com which should be the ip address Exchange sends from, set the EHLO response to also be mail.domain.com.

This will ensure both servers have a more optimal setup for internet validation.

I'm not exactly sure what you mean with the connector if it is I should configure, he should configure or we both should

I do not currently have an SPF record but that will be fixed ASAP

I looked at their PTR records and they do not resolve like mine do

they have 2 mx records say alpha.theirdomain.com and delta.theirdomain.com with ip 100.100.100.1 and 100.100.100.2 as examples

but the the PTR's are not saying 100.100.100.1 resolves to alpha.theirdomain.com instead they resolve to www.mywebsite.com

my records on the other hand with my PTR record 200.200.200.1 resolves to which is my mail exchanger record

I 'm not sure if this info is helpful

blargoe

<charlie.theirdomain.net #5.7.1 smtp;550 5.7.1 Unable to relay for admin@mydomain.com>

^^
It seems apparent that their server is refusing to relay the message to your email server. He has something messed up on his end and doesn't know how to fix it.

Smallguy wrote:

[I looked at their PTR records and they do not resolve like mine do

they have 2 mx records say alpha.theirdomain.com and delta.theirdomain.com with ip 100.100.100.1 and 100.100.100.2 as examples

but the the PTR's are not saying 100.100.100.1 resolves to alpha.theirdomain.com instead they resolve to www.mywebsite.com

my records on the other hand with my PTR record 200.200.200.1 resolves to which is my mail exchanger record

I 'm not sure if this info is helpful

They are probably hosting multiple services on the same server. Have you tried:

nslookup
set type=mx
200.200.200.1

And see what comes up?

blargoe wrote:

<charlie.theirdomain.net #5.7.1 smtp;550 5.7.1 Unable to relay for admin@mydomain.com>

^^
It seems apparent that their server is refusing to relay the message to your email server. He has something messed up on his end and doesn't know how to fix it.

Yes I've mentioned this to him several times but he just becomes externally defensive and states it works fine for everyone else so it must be my server