Reverse DNS and Exchange 2007

One of the ways that spam is being attempted to be controlled is via reverse DNS entries. For example, if you attempt to send an email from a SMTP server to a Comcast email address, the first thing Comcast will attempt to do is resolve your sending IP address to a hostname. This generally means that your IP address can be considered "legitimate" but obviously this is not always the case. In my example, let's assume you had two separate Internet connections that you were load balancing. 50% of the time your connection went through one pipe, and the other 50% of the time it went through the other pipe. If your second IP address did not have a reverse DNS entry from your provider, then Comcast would block delivery of the email. AOL is also fairly notorious about doing this as well.

If you do not own your IP block, then you will need to contact your ISP and ask them to create a reverse DNS entry for your outgoing IP address to resolve to some host name, such as a MX record of some sort - mx03.yourcompany.com. Once this is complete and you can test via nslookup, then you can successfully send emails again to these providers. Just go into your Exchange 2007 Management Toolbox and go to the Queue viewer, find the offending queue and right click and hit retry. You should now see these emails flowing properly from your edge transport server.

DNS and IP entries play a big part of successful communication with other email servers outside your enterprise. Keep this in mind as you troubleshoot your external email flow.