t.lesh

random uselessness... most of the time.

RSS
Archive

Posts tagged email

Oct 17

451 4.4.0 DNS query failed after P2V, Exchange 2010

So, the P2V conversion completed successfully on our Exchange 2010 server. I brought the virtual machine into full production Friday night and everything looked great. First thing Monday morning I get a call from our CLO that mail is being delayed and not reaching external mail recipients. I did a quick Google search and discovered that this would happen in Exchange 2007 and it was a bug, but we’re running 2010. I finally figured out what the issue was and I kicked myself.

My solution was to open EMC and go to Server Configuration -> Hub Transport. Right-click on your server’s name and open Properties. Make sure that External DNS Lookups and Internal DNS Lookups both have valid entries. Our entries were blank since the network hardware changed. As soon as I corrected these and clicked OK, mail started flowing outbound again!

May 7

Sender Policy Framework confusion…

So, I think I’ve finally got SPF figured out after going through the reference material at http://www.openspf.org/SPF_Record_Syntax. I needed to use SPF to further assist our GFI MailEssentials installation tag SPAM. Here is the TXT DNS record that I added to our public DNS server:

v=spf1 ip4:xx.xx.x.192/26 mx a:sub.domain.com mx:sub.domain.com -all

Check the SPF Record Syntax page above, but I’ll just briefly explain each mechanism. You must begin the record with “v=spf1”. Next I listed “ip4:xx.xx.x.192/26” so that any mail the originates from any server in xx.xx.x.193 to xx.xx.x.254 is valid. I then added the “mx” mechanism, and I probably don’t need to because that is probably covered in the ip4 mechanism, but that says that any mail coming from the listed MX servers in DNS are valid. I then added the subdomain “a:sub.domain.com mx:sub.domain.com” so that mail from “sender@sub.domain.com” would be valid. Lastly, the “-all” mechanism says that if none of these mechanisms match when doing the SPF lookup the email fails the check.

Now, since we run Exchange 2003 and I control the domain.com domain locally through MS DNS, I also added a TXT record to these internal records: “v=spf1 ip4:192.168.10.0/24 ip4:192.168.20.0/24 mx -all”