Discussion:
FQDN
(too old to reply)
COB
2006-09-08 15:06:02 UTC
Permalink
We are having relay issues. Mail bouncing back with the "you do not have
permissions to send to this recipient. Unable to relay." I talked to the
ISP and they are going to look at the ptr and make sure that is ok.

In the meantime I have a dumb question because i should know this but
sometimes you look at things so much that it gets confusing.... In the Sys
Manager of Ex2003 on the smtp properties, Delievery, Advanced there is the
fully qualified domain name.

I have fqdn set to: mailservername.city.state.country. That is correct
isnt it? or should it just be the domain name: city.state.country?

I looked at Help and it says host+domain so I think i am ok but just want
verification.
Matt Kuzior [MSFT]
2006-09-08 16:33:43 UTC
Permalink
If your company domain name is "contoso.com" and your servers name is
"myserver" then it should be "myserver.contoso.com"

If you leave this setting blank it will default to
<YourComputerName>.<YourComputersDnsDomain>

It is the name that your server projects to potential connecting clients
that they expect to see when authenticating or validating identity of the
server. Generally you do not need to modify this setting unless you want to
advertise a different name than the computer actually has, perhaps to match
your MX and A records published in DNS, or if you want to match the name
published on a SSL certificate that you have installed.

When receiving anonymous messages over the internet, the value of this
setting does not make a difference. If you are domain joined and another
Exchange server wants to authenticate and relay messages to you, this
setting must be blank or reflect the computers actual Active Directory FQDN.
--
Please do not send email directly to this alias. This alias is for newsgroup
purposes only.

This posting is provided "AS IS" with no warranties, and confers no rights.


"COB" <***@discussions.microsoft.com> wrote in message news:9AB52E1D-1F9B-4CF5-9EDC-***@microsoft.com...
We are having relay issues. Mail bouncing back with the "you do not have
permissions to send to this recipient. Unable to relay." I talked to the
ISP and they are going to look at the ptr and make sure that is ok.

In the meantime I have a dumb question because i should know this but
sometimes you look at things so much that it gets confusing.... In the Sys
Manager of Ex2003 on the smtp properties, Delievery, Advanced there is the
fully qualified domain name.

I have fqdn set to: mailservername.city.state.country. That is correct
isnt it? or should it just be the domain name: city.state.country?

I looked at Help and it says host+domain so I think i am ok but just want
verification.
Gaz
2007-11-20 02:03:00 UTC
Permalink
OK I see what you're saying above, but we have a sticky problem here

Our domain is hosted in UK with a domain.com style address and the smtp
server FQDN is smtp.domain.com

Our LAN is in Thailand and the box hosting Exchange has a FQDN of
boxname.domain.local

Our Thai ISP says we must relay through FQDN smtp-adsl.totonline.net

All fine so far, however ......

... when we use relay through smart host, NOTHING leaves the server and
every mail times out after 36 hours. When we relay using DNS to resolve
addresses, everything except to mailhosts using Sender ID verification, goes
out OK. This means we cannot sent to Hotmail, AOL, Gmail etc.

Therefore, which FQDN do we put in that -delivery-advanced slot?

The exact error message we get when using DNS is -
The following recipient(s) could not be reached:

'***@hotmail.com' on 20/11/2007 01:49
There was a SMTP communication problem with the recipient's
email server. Please contact your system administrator.
<smtp.domainname.com #5.5.0 smtp;550 DY-001 Mail rejected by
Windows Live Hotmail for policy reasons. We generally do not accept email
from dynamic IP's as they are not typically used to deliver unauthenticated
SMTP e-mail to an Internet mail server. http://www.spamhaus.org maintains
lists of dynamic and residential IP addresses. If you are not an
email/network admin please contact your E-mail/Internet Service Provider for
help. Email/network admins, please visit http://postmaster.live.com for email
delivery information and support>

However, if we do not set to use DNS for sending mail in the virtual server,
we cannot send anything at all.

This problem started around 2 years ago, and is growing in intensity as more
webmail domains join the SenderID program. We are now having to refuse
orders from customers with emails in those domains, because we cannot reply
to their emails.

Gaz
Leif Pedersen [ MVP]
2007-11-25 22:03:14 UTC
Permalink
Hi,

You need to enter smtp-adsl.totonline.net as the smart-host on the SMTP
connector (and you need to make sure that they allow you to relay through
their server).

Leif
Post by Gaz
OK I see what you're saying above, but we have a sticky problem here
Our domain is hosted in UK with a domain.com style address and the smtp
server FQDN is smtp.domain.com
Our LAN is in Thailand and the box hosting Exchange has a FQDN of
boxname.domain.local
Our Thai ISP says we must relay through FQDN smtp-adsl.totonline.net
All fine so far, however ......
... when we use relay through smart host, NOTHING leaves the server and
every mail times out after 36 hours. When we relay using DNS to resolve
addresses, everything except to mailhosts using Sender ID verification, goes
out OK. This means we cannot sent to Hotmail, AOL, Gmail etc.
Therefore, which FQDN do we put in that -delivery-advanced slot?
The exact error message we get when using DNS is -
There was a SMTP communication problem with the recipient's
email server. Please contact your system administrator.
<smtp.domainname.com #5.5.0 smtp;550 DY-001 Mail rejected by
Windows Live Hotmail for policy reasons. We generally do not accept email
from dynamic IP's as they are not typically used to deliver
unauthenticated
SMTP e-mail to an Internet mail server. http://www.spamhaus.org maintains
lists of dynamic and residential IP addresses. If you are not an
email/network admin please contact your E-mail/Internet Service Provider for
help. Email/network admins, please visit http://postmaster.live.com for email
delivery information and support>
However, if we do not set to use DNS for sending mail in the virtual server,
we cannot send anything at all.
This problem started around 2 years ago, and is growing in intensity as more
webmail domains join the SenderID program. We are now having to refuse
orders from customers with emails in those domains, because we cannot reply
to their emails.
Gaz
Gaz
2007-11-26 10:26:01 UTC
Permalink
Hi Leif

I've done that several times, including switching in and out of it as the
router changes each dynamically-acquired IP from TOT - each of which I've
checked through www.spamhaus.org (and found all of them to be on the PBL in
red).

TOT absolutely point blank refuse to provide SMTP relaying regardless of the
subscription type you pay - in their limited English they simply state that
relay = spam = abuse and risk entire TOT IP range being blocked worldwide
(they sort of have a point about that under the Sender ID + SpamHaus cartel
system).

They've even gone so far as to arrive unannounced this morning to install a
T1 line (in addition to the ADSL) for a two month test to see if this will
resolve the email and other problems we've been having (rolls eyes at the
drasticness of it) luckily they're providing it free during the test period.

The only correlation I can find is that if by chance a non-PBL blocked IP
arrives on our router, email to Hotmail goes out, when it is a PBL blocked
IP, it does not.

This leads me to believe that the Microsoft et al Spamhaus-initiative has
rendered any Exchange server not on a fixed IP, to be worthless and a waste
of the license(s) purchase price...... unless Microsoft can promulgate an
ABSOLUTE fix for the issue. If not, well lets just say the words "action,
class, refund, worldwide" spring to mind, but not in that order, as gathering
on the horizon when word of this becomes mainstream knowledge.

Gaz
Post by Leif Pedersen [ MVP]
Hi,
You need to enter smtp-adsl.totonline.net as the smart-host on the SMTP
connector (and you need to make sure that they allow you to relay through
their server).
Leif
s***@hush.com
2007-11-26 15:03:29 UTC
Permalink
Post by Gaz
Hi Leif
I've done that several times, including switching in and out of it as the
router changes each dynamically-acquired IP from TOT - each of which I've
checked throughwww.spamhaus.org(and found all of them to be on the PBL in
red).
TOT absolutely point blank refuse to provide SMTP relaying regardless of the
subscription type you pay - in their limited English they simply state that
relay = spam = abuse and risk entire TOT IP range being blocked worldwide
(they sort of have a point about that under the Sender ID + SpamHaus cartel
system).
Sure *open relays* are not allowed on the internet, of course Spamhaus
will blacklist them and so will any ISP if they find one. You need to
use a secure (closed) relay and use SMTP Authentication to tell the
relay you're a customer. That's what everyone else does.
Post by Gaz
This leads me to believe that the Microsoft et alSpamhaus-initiative has
rendered any Exchange server not on a fixed IP, to be worthless and a waste
of the license(s) purchase price......
Well yes if you bought it to send mail 'direct-to-mx' off a dynamic
IP. Surely you didn't buy it for that purpose...
Post by Gaz
If not, well lets just say the words "action,
class, refund, worldwide" spring to mind
Or the words "read manual, use SMTP AUTH" ;)
Gaz
2007-11-26 16:15:00 UTC
Permalink
Yeah, thanks for nothing ***@hush.com

If reading the manual was the answer, do you think I'd be here looking for
assistance? As for SMTP AUTH - there is NO setting in Exchange Server 2000
to input credentials for that particular service (even with SP3 and post-SP3
applied) and the Sender ID "patchwork" v1.0 that was released for Exchange
2000 has been withdrawn by Microsoft and released by v2.0 which is only for
Win2003 and later hosting Exchange 2003 and later.

So far, I've spent around 2 years trying to resolve this problem (and only
learned of Sender ID about 2 months ago) a lot of which time has seen me
daily researching Technet and other resources. In the last month, we've
started to be affected by private domains in the SME sector issuing the same
error messages as we get when we send to Hotmail et al, which is why I've
stepped up the search for a solution.

...... and NO! I did not buy and install SBS2000 for the purpose you
suggested - I bought it for a solution which was working at the time of
purchase - authenticated LAN users sending transaction and customer support
emails via Exchange Server and DNS to the tens of thousands of customers we
have worldwide, then Microsoft and friends moved the goalposts rendering the
product virtually useless as a communications server until a solution is
located and implemented.

Microsoft broke it, Microsoft should fix it - simple statement of fact.
Gaz
2007-11-26 16:28:02 UTC
Permalink
Forgot to clarify - open relay has been "off" (closed) since the product was
first installed (and has never been opened even during testing various
fix-attempts).
Only LAN users with authenticated LAN logins and passwords are allowed to
send mail. All incoming mail to non-registered user names is filtered to a
scrutiny mailbox, therefore further preventing bounce-through relaying.
Anti-virus software is religiously updated nightly (on server and
workstations) and we have restrictive policies on items like number of
recipients (To / cc / bcc) per email etc with admin alerts if more than X
number of emails per minute are attempting to send.

And after a decade managing Exchange servers, I've never seen a setting in
the admin panels called SMTP AUTH (and believe me, I've looked). I know what
it is and what it does, but I cannot find a place to set it anywhere in
Exchange 4.5 / 5.0 / 5.5 or 2000 where the help files, manuals, Technet or
any other source refers to it as SMTP AUTH

..... so if someone would like to provide a step-by-step path to it, then
I'll shut up and go try it ;-)

Gaz
Post by s***@hush.com
Post by Gaz
Hi Leif
I've done that several times, including switching in and out of it as the
router changes each dynamically-acquired IP from TOT - each of which I've
checked throughwww.spamhaus.org(and found all of them to be on the PBL in
red).
TOT absolutely point blank refuse to provide SMTP relaying regardless of the
subscription type you pay - in their limited English they simply state that
relay = spam = abuse and risk entire TOT IP range being blocked worldwide
(they sort of have a point about that under the Sender ID + SpamHaus cartel
system).
Sure *open relays* are not allowed on the internet, of course Spamhaus
will blacklist them and so will any ISP if they find one. You need to
use a secure (closed) relay and use SMTP Authentication to tell the
relay you're a customer. That's what everyone else does.
Post by Gaz
This leads me to believe that the Microsoft et alSpamhaus-initiative has
rendered any Exchange server not on a fixed IP, to be worthless and a waste
of the license(s) purchase price......
Well yes if you bought it to send mail 'direct-to-mx' off a dynamic
IP. Surely you didn't buy it for that purpose...
Post by Gaz
If not, well lets just say the words "action,
class, refund, worldwide" spring to mind
Or the words "read manual, use SMTP AUTH" ;)
Loading...