Hi guys,
I'm hoping someone can help me pinpoint this ongoing problem we are having with our outbound mail sitting on our server and giving "Delivery is delayed to these recipients or groups" errors.
Some will eventually get through and are filtered straight to the recipients spam folder others never get there.
Messages sent from the same address without attachments seem to get through more reliably, however sometimes still get stuck in the recipients Spam folder.
I believe it is something to do with our domain name configuration but I don't know where to look next.
Our setup is as follows: On our internal LAN we have one domain joined Exchange Server configured as CAS, Hub, Mailbox. All our mailboxes are hosted on this server, and all Client Workstations and User accounts are in this same domain. We only use one domain
in AD.
This exchange server is configured to receive mail from two Authoritative Domains which are our external domain names santaclara.com.gt and bellavista.com.gt. Some users mailboxes are configured to use santaclara.com.gt SMTP email addresses and others are configured
to use bellavista.com.gt SMT addresses. Both our external domains are hosted by JustHost, and have MX records pointing to mail.santaclara.com.gt and mail.bellavista.com.gt respectively.
The santaclara.com.gt domain has an A-record pointing mail.santaclara.com.gt to the static IP address of our Cisco router. It also has SPF records as follows:
Host RecordTXT ValueTTL
@v=spf1 a mx mx:mail.santaclara.com.gt ip4:190.149.222.173 a:bellavista.com.gt include:mail.santaclara.com.gt mx:bellavsita.com.gt -all14400
www-bellavista-com-gtv=spf1 a mx mx:mail.santaclara.com.gt ip4:190.149.222.173 a:bellavista.com.gt include:mail.santaclara.com.gt mx:bellavsita.com.gt -all14400
The bellavista.com.gt domain has an A-record pointing mail.bellavista.com.gt to the static IP address of the same Cisco router. It also has an SPF record as follows:
Host RecordTXT ValueTTL
@v=spf1 a mx ptr:santaclara.com.gt ip4:190.149.222.173 a:santaclara.com.gt include:mail.santaclara.com.gt mx:santaclara.com.gt -all14400
The Cisco box has a firewall rule to route all mail traffic to the TMG 2010 server it is directly connected to in the perimeter network. This TMG 2010 box is also connected to the internal network and is configured as an Exchange Edge Server.
We have two send connectors configured on the Hub Server, both are EdgeSync subscriptions to the TMG box: The first is inbound to domain; the second is domain to internet. Both are configured with the FQDN set to "mail.santaclara.com.gt" There is
one receive connector configured, the default connector, and this has its FQDN configured as "srv-mail1.hq.santaclara.com.gt" which is the true FQDN of the exchange server and can’t be changed to match the send connectors.
I have checked our domains are not blacklisted, and performed outbound SMTP tests for both using the Microsoft Remote Connectivity Analyzer and everything seems to check out OK:
santaclara.com.gt test results
Performing Outbound SMTP Test
The outbound SMTP test was successful.
Test Steps
Attempting reverse DNS lookup for IP address 190.149.222.173.
The Microsoft Connectivity Analyzer successfully resolved IP address 190.149.222.173 via reverse DNS lookup.
Additional Details
The Microsoft Connectivity Analyzer resolved IP address 190.149.222.173 to host mail.santaclara.com.gt.
Performing Real-Time Black Hole List (RBL) Test
Your IP address wasn't found on any of the block lists selected.
Test Steps
Checking Block List "SpamHaus Block List (SBL)"
The address isn't on the block list.
Additional Details
IP address 190.149.222.173 wasn't found on RBL.
Checking Block List "SpamHaus Exploits Block List (XBL)"
The address isn't on the block list.
Additional Details
IP address 190.149.222.173 wasn't found on RBL.
Checking Block List "SpamHaus Policy Block List (PBL)"
The address isn't on the block list.
Additional Details
IP address 190.149.222.173 wasn't found on RBL.
Checking Block List "SpamCop Block List"
The address isn't on the block list.
Additional Details
IP address 190.149.222.173 wasn't found on RBL.
Checking Block List "NJABL.ORG Block List"
The address isn't on the block list.
Additional Details
IP address 190.149.222.173 wasn't found on RBL.
Checking Block List "SORBS Block List"
The address isn't on the block list.
Additional Details
IP address 190.149.222.173 wasn't found on RBL.
Checking Block List "MSRBL Combined Block List"
The address isn't on the block list.
Additional Details
IP address 190.149.222.173 wasn't found on RBL.
Checking Block List "UCEPROTECT Level 1 Block List"
The address isn't on the block list.
Additional Details
IP address 190.149.222.173 wasn't found on RBL.
Checking Block List "AHBL Block List"
The address isn't on the block list.
Additional Details
IP address 190.149.222.173 wasn't found on RBL.
Performing Sender ID validation.
Sender ID validation was performed successfully.
Test Steps
Attempting to find the SPF record using a DNS TEXT record query.
The SPF record was found.
Additional Details
SPF record found: "v=spf1 a mx mx:mail.santaclara.com.gt ip4:190.149.222.173 a:bellavista.com.gt include:mail.santaclara.com.gt mx:bellavsita.com.gt -all"
Parsing the SPF record and evaluating mechanisms and modifiers.
The SPF record was parsed and evaluated successfully.
Test Steps
Evaluating A Record lookup mechanism: "+a"
Additional Details
The DNS A Record lookup for IP address 190.149.222.173 found no match for domain 'santaclara.com.gt'.
Evaluating MX mechanism: "+mx"
The MX mechanism indicated a positive status.
Additional Details
The Microsoft Connectivity Analyzer matched MX lookup for santaclara.com.gt to IP address 190.149.222.173.
bellavista.com.gt test results
Performing Outbound SMTP Test
The outbound SMTP test was successful.
Test Steps
Attempting reverse DNS lookup for IP address 190.149.222.173.
The Microsoft Connectivity Analyzer successfully resolved IP address 190.149.222.173 via reverse DNS lookup.
Additional Details
The Microsoft Connectivity Analyzer resolved IP address 190.149.222.173 to host mail.santaclara.com.gt.
Performing Real-Time Black Hole List (RBL) Test
Your IP address wasn't found on any of the block lists selected.
Test Steps
Checking Block List "SpamHaus Block List (SBL)"
The address isn't on the block list.
Additional Details
IP address 190.149.222.173 wasn't found on RBL.
Checking Block List "SpamHaus Exploits Block List (XBL)"
The address isn't on the block list.
Additional Details
IP address 190.149.222.173 wasn't found on RBL.
Checking Block List "SpamHaus Policy Block List (PBL)"
The address isn't on the block list.
Additional Details
IP address 190.149.222.173 wasn't found on RBL.
Checking Block List "SpamCop Block List"
The address isn't on the block list.
Additional Details
IP address 190.149.222.173 wasn't found on RBL.
Checking Block List "NJABL.ORG Block List"
The address isn't on the block list.
Additional Details
IP address 190.149.222.173 wasn't found on RBL.
Checking Block List "SORBS Block List"
The address isn't on the block list.
Additional Details
IP address 190.149.222.173 wasn't found on RBL.
Checking Block List "MSRBL Combined Block List"
The address isn't on the block list.
Additional Details
IP address 190.149.222.173 wasn't found on RBL.
Checking Block List "UCEPROTECT Level 1 Block List"
The address isn't on the block list.
Additional Details
IP address 190.149.222.173 wasn't found on RBL.
Checking Block List "AHBL Block List"
The address isn't on the block list.
Additional Details
IP address 190.149.222.173 wasn't found on RBL.
Performing Sender ID validation.
Sender ID validation was performed successfully.
Test Steps
Attempting to find the SPF record using a DNS TEXT record query.
The SPF record was found.
Additional Details
SPF record found: "v=spf1 a mx ptr:santaclara.com.gt ip4:190.149.222.173 a:santaclara.com.gt include:mail.santaclara.com.gt mx:santaclara.com.gt -all"
Parsing the SPF record and evaluating mechanisms and modifiers.
The SPF record was parsed and evaluated successfully.
Test Steps
Evaluating A Record lookup mechanism: "+a"
Additional Details
The DNS A Record lookup for IP address 190.149.222.173 found no match for domain 'bellavista.com.gt'.
Evaluating MX mechanism: "+mx"
The MX mechanism indicated a positive status.
Additional Details
The Microsoft Connectivity Analyzer matched MX lookup for bellavista.com.gt to IP address 190.149.222.173.
Any light, pointers links that anyone can throw my way I will be very grateful for!!
TIA, Jon