On and off, since moving the users to the new Exchange server, some e-mail messages have bounced with a failure message that says:
You do not have permission to send to this recipient. For assistance, contact your system administrator.
< server.domain.local #5.7.1 SMTP; 550 5.7.1 Requested action not taken: message refused>
First things first, I wanted to ensure that we aren’t blacklisted so I used some online DNS tools to check. The first one I used (on advice from an internet forum) was the DNS Report on DNSStuff.com which (using the quick check without a user account) told me that I was on spam blacklists. Yikes! I don’t like to sign up for things that try to scare me into using their free trials so I Googled around a little to find a spam blacklist lookup to verify that the info was correct (and found that it wasn’t true).
I dug around a little more on dnsstuff.com because I remember when it wasn’t pushing for memberships so hard it was quite useful, it has a few neat tools on there if you click on “Free Tools”. I feel a little guilty not signing up when it’s useful but I don’t like a hard-sell. I don’t answer the door for random doorknockers either. Get off’a my lawn!
Here are a few that I liked for this task:
- Spam DB lookup on iptools.com didn’t show that the domain was on any blacklist. Lots of very handy tools on this site.
- http://www.dnsbl.info- Shows your status on a number of spam databases, none of which we were listed on.
- CheckDNS is a nice analysis tool, it tests your mail server’s HELO/EHLO and checks your name servers for problems.
- http://www.zonecheck.fr – Does a bunch of tests and the warnings at the bottom are quite human-friendly yet thorough.
- IntoDNS.com – This site is probably my favourite, it’s user interface is great, nice and clear, and the green or red indicators on the results page make it nice and easy to read.
We appear to have a problem at our ISP, the SOA is different to the NS records but that should only be a problem if the nameserver is unavailable so shouldn’t be denying mail. I’ve entered a reverse DNS PTR record so the IP should resolve. Therefore, I am pretty sure that the reason it’s bouncing is that we’re advertising domain.local instead of domain.tld.
To remedy this:
1. Open up Exchange System Manager and expand “Administrative Groups” -> First Administrative Group -> Servers -> [servername] -> Protocols -> SMTP
2. In the right-hand pane, you should see “Default SMTP Server”, right-click it and select “Properties” from the menu.
3. In the “Default SMTP Virtual Server Properties” dialog box, select the Delivery tab and click the Advanced button. In the field “Fully Qualified Domain Name”, type the FQDN of the server that is sending out SMTP mail and then press OK (twice).
I think that ought to do the trick, but if not my next blog entry will likely be about using SMTPDiag. 
