Sending Mail from Exchange server to DASP, ExchangePop3, SMTP error

Hello all,

My organization is using DASP's Smartermail as our mail transfer agent. We connect to the Smartermail system using ExchangePop3 and pull the messages into our internal Exchange environment. We use the SMTP function of ExchangePop3 to push the mail back up to the internet.

While this solution works most of the time, we have encountered a couple of email addresses that we cannot send mail to through this method. We have verified that the email addresses are valid by logging directly into the webmail client and sending messages.

When we send messages to these addresses from our internal Outlook/Exchange/ExchangePop3 infrastructure, we get two error messages from our ExchangePop3.

The connection happens like this:

Accepted Recipient: <problem destination address>
Message received from <my email addres>. Sent from server: <IP of our Exchange server>
Message from <my address> routed to Internet queue.
Connected to address smtp.clayutility.org on port 25
Negative Response from SMTP server: 550 <problem address> No such user here
Recipient <problem address> rejected by server.
Negative response from SMTP server: 503 bad sequence of commands
Non-delivery report created.

The NDR just shows the "No such user here" error.

We used this exact same set up with our previous web host and did not have any trouble. They were running SmarterMail 4.3. I am stumped as to why this error sequence would only occur when sending to the problematic address via our internal Exchange. The message works fine if I bypass the DASP server and send directly, but that is not a viable option, as it requires opening up a bunch of stuff in the firewall.

I'm open to suggestions or clarification requests on this. Thanks in advance.

-Matthew Pence

 

Our smtp server requires smtp authentication if you are planning to send out email through our smtp server. The error messages you are getting does suggest that you are failing to pass the smpt authentication when you try to send out email. You may want to check and confirm that smtp authentication is setup correctly on your end.

 

Hi Raymond,

Thanks for a quick response.

I am aware of the requirement for authentication. ExchangePop3 allows for several options for authenticating outgoing mail. One allows me to use a single account to log in and send mail, and the other uses the sending account's credentials to send mail.

I am certain the account credentials are set up properly because I am able to send mail to other email addresses. Right now, this problem only happens when attempting to send an email message from my account to a business contact at idea.com.

I also am certain that it's a problem between my internal system and DASP. That is as much as I can tell right now.

 

Hi Bruce,

I did set it up to run like that for a while, and fixed the firewall to allow the exchange server to connect to any receiving server on port 25. However, I started receiving rejection notices from some mail servers because the IP from which the message was received doesn't match the reverse DNS lookup for the clayutility.org mx record.

Thanks.

 

Maybe this will help you. This is a log of the conversation between ExchangePop3 and sm12.discountasp.net:


[RECEIVE: 34 bytes]
220 sm12.internetmailserver.net

[TRANSMIT: 22 bytes]
EHLO clayutility.org

[RECEIVE: 106 bytes]
250-sm12.internetmailserver.net Hello [74.191.68.68]
250-SIZE 31457280
250-AUTH LOGIN CRAM-MD5
250 OK

[TRANSMIT: 12 bytes]
AUTH LOGIN

[RECEIVE: 18 bytes]
334 VXNlcm5hbWU6

[TRANSMIT: 34 bytes]
ZGVsaXZlcnlAY2xheXV0aWxpdHkub3Jn

[RECEIVE: 18 bytes]
334 UGFzc3dvcmQ6

[TRANSMIT: 22 bytes]
Q0NVQU1haWxEZWxpdmVy

[RECEIVE: 31 bytes]
235 Authentication successful

[TRANSMIT: 37 bytes]
MAIL FROM: <[email protected]>

[RECEIVE: 43 bytes]
250 OK <[email protected]> Sender ok

[TRANSMIT: 30 bytes]
RCPT TO: <[email protected]>

[RECEIVE: 43 bytes]
550 <[email protected]> No such user here

[TRANSMIT: 6 bytes]
DATA

[RECEIVE: 30 bytes]
503 Bad sequence of commands

 

I am still unable to send email to the idea.com domain via SMTP from my internal Exchange environment. Here is a summary of the facts:

-I can send mail to idea.com when using the webmail
-I can sent mail to idea.com when using a direct connection (not throughD DASP)
-I can send mail to all other domains through DASP via SMTP
-The conversation log between a successful and an unsuccessful message appears to be identical until the recipient address changes.
-I have no special rules set up for idea.com
-I cannot use a direct connection for all outgoing mail due to some servers rejecting mail if the dns record doesn't reverse back to the originating IP.

I'm wondering if there's something in the logs for the DASP sm12 server that might give us a clue as to what the problem is. Help?

 

I have an update on this issue. I just found out that the email does not go through via the Webmail either. It appears to be sent, and does not generate a NDR, but the intended recipient never receives the message.

That at least makes more sense. I have submitted a support ticket, but it was to inquire as to whether DASP can set up a PTR record so that Comcast and AOL can perform a reverse lookup on the server's IP address for the direct connection.

 

You have an SPF record for clayutility.org that is instructing the recipient server to reject your messages unless they come from specific IPs/servers.

clayutility.org. 3600 IN TXT "v=spf1 a mx ip4:96.31.40.56 mx:sm12.internetmailserver.net ip4:74.191.68.68 include:sm12.internetmailserver.net -all"

Using "-all" in an SPF record will make a lot of your mail disappear if there are any errors in the record. I can't give you any specific advice on your SPF record because you are running your own mail server, but you might want to read this.

Generally speaking, unless you really need to publish an SPF record, they tend to be more trouble than they are worth. And when you use "-all" you are just inviting more trouble.

 

Hi mjp,

I just recently set up the SPF with our local IP address to see if it would cause comcast to permit mail. The problem with sending mail from clayutility.org to idea.com was in effect before I set up the SPF record.

Support doesn't want anything to do with this, unfortunately. They don't seem to be accepting the fact that the problem is not just from my Exchange connection, but also from the webmail.

 

I finally received a response from support explaining the issue. This makes sense.

 

Ah - I should have picked up on the obvious answer, but I was too busy looking for a complicated answer. I did a whois on idea.com before responding to your post, but didn't look it up in our system, so I missed that (because their name servers do not point to us).