I have a Exchange server 2003 running on Windows 2003 and with a Windows 2000 Server as Domain Controller and another Windows 2000 Server as backup Domain Contoller. THe Backup Domain controller is old and i need to remove this server. I see in the exchange System Manager that the Recipients is pointing to this BDC. Can anyone help me with changing the entries that needs to be changed in Exchange so that i can remove all relavant entries to this BDC and replace with the Domain Controller. Thanks Navin Navin Balakrishnaraja Systems Analyst A to Z Information Services Tel: 770-664-6559 Cell: 404-729-7634 email: navin@xxxxxxxxxx <mailto:navin@xxxxxxxxxx> www.atozis.com ________________________________ From: Dan Klobnak [mailto:dan.klobnak@xxxxxxxxxxxxxxxxxxxxxxx] Sent: Mon 7/18/2005 7:55 AM To: [ExchangeList] Subject: [exchangelist] RE: "This message has been blocked because the HELO/EHLO domain is invalid" http://www.MSExchange.org/ It's confusing enough when folks hi-jack subjects...now people are actually thanking people on others' behalf. :) "Why, you are welcome Saleem"?!? John, appreciate your information, and sorry for the rambling nature of my original post; the research pulled me in a few possible directions, and I basically vomited my research onto the list. A few follow-ups. 1) Our 'public' DNS records, such as MX, etc., are hosted externally. As such, there is no entry for mail2.graphicsolutionsinc.com (or pmx.nazdar.com for that matter) within our internal DNS server (which, to me, would explain why I could not verify to my internal DNS when I went to change the properties of the SMTP Virtual Server). 1A) You state: "The SMTP server...FQDN is supposed to match what the PTR record says for the IP that it is connecting with." You also state: "Your MX record is mail2.graphicsolutionsinc.com. The A record for that says IP address is 67.65.36.129. However, the PTR record for the IP says pmx.nazdar.com. When you connect to mail2.graphicsolutionsinc.com, the greeting says pmx.nazdar.com." 1B) I see two issues here. 1) I need to resolve the DNS issues, so I can modify the SMTP server to match the PTR record. 2) Once completed, and my SMTP points to my PTR of pmx.nazdar.com, would this still cause issues, since my MX record refers to mail2.graphicsolutionsinc.com? I am thinking the more appropriate response is to address the PTR to reflect mail2.graphicsolutionsinc.com rather than pmx.nazdar.com (the sister company's SPAM server, which then forwards to our server.) (Observation: The fact that the MX record and PTR record do not match up seems to be somewhat common, even if not compliant. Example, when I compare the MX record of webelists.com to its PTR, there is a difference - MX: webelists.com.inbound15.mxlogic.net versus pointer p02n142.mxlogic.net) 2) ANY thoughts on the issue of SPF records? Are these a new requirement, or something the mail server community considers a Best Practice at this time? Again Thank You! Dan ---------------------------------------------------------------------- Subject: RE: "This message has been blocked because the HELO/EHLO domain is invalid" From: "saleem" <sroumald@xxxxxxxxxxxx> Date: Fri, 15 Jul 2005 11:34:41 -0400 X-Message-Number: 16 Thanks -----Original Message----- From: John Tolmachoff (Lists) [mailto:johnlist@xxxxxxxxxxxxxxxxxxx]=20 Sent: Friday, July 15, 2005 11:15 AM To: [ExchangeList] Subject: [exchangelist] RE: "This message has been blocked because the HELO/EHLO domain is invalid" http://www.MSExchange.org/ Your MX record is mail2.graphicsolutions.com. The A record for that says IP address is 67.65.36.129. However, the PTR record for the IP says pmx.nazdar.com. When you connect to mail2.graphicsolutions.com, the greeting says pmx.nazdar.com. Yes, you are treading in deep water. E-mail requires certain things to be set up correctly. You post kind of rambles on and is some what hard to understand. The SMTP server you are sending outgoing e-mail from will present its configured FQDN meaning host and domain. That FQDN is supposed to match what the PTR record says for the IP that it is connecting with. The NDR is at the correct point. Your server starts to connect to the receiving server, and during the handshake the receiving server says sorry, but I can not talk to you and then your server properly creates the NDR to send to the sender. When you say that changing the virtual name causes DNS problems indicates you have DNS problems, or virtual server configuration problems. John T eServices For You > -----Original Message----- > From: Dan Klobnak [mailto:dan.klobnak@xxxxxxxxxxxxxxxxxxxxxxx] > Sent: Friday, July 15, 2005 5:33 AM > To: [ExchangeList] > Subject: [exchangelist] RE: "This message has been blocked because the HELO/EHLO > domain is invalid" >=20 > http://www.MSExchange.org/ >=20 > I am resending this message, as I realized I had a bogus subject "RE: exchange > Digest", and it may have been rightfully ignored. My apologies... >=20 > Hi there, MSExchange 2000 Standard SP3 on a Windows 2003 server. Our users > received the following NDR when sending an external e-mail to one external domain. > Not a problem with other domains; and we can reach the domain if we use a hotmail > account or when I SMTP to it. I am hoping to communicate with the other SysAdmin. > Have not seen this one before, and have been doing some research. Based on the > research, I guess I can go in a couple of different directions, but was curious as to > your expert opinions/suggestions. >=20 > NDR: > The following recipient(s) could not be reached: > 'user@xxxxxxxxxxx' on 13/07/2005 9:26 > You do not have permission to send to this recipient. For assistance, contact your > system administrator. > <gsi-fs1.graphicsolutionsinc.com #5.7.1 smtp;554 5.7.1 This message has been > blocked because the HELO/EHLO domain is invalid.> >=20 > Note: the server generating the error is our mail server. The NDR is immediate, and > Message Tracking indicates an Event ID 1030 (NDR Generated), immediately after a > 1020 (Started Outbound Transfer). >=20 > Resubmitted, as I realized my subject was "RE: exchangelist digest: July 14, 2005" > and may have been rightly ignored... >=20 > Searching on: > "You do not have permission to send to this recipient." > Lead to options regarding being filtered by a SPAM...ie. Either on a list (which we tend > to not believe is the case, and pur T1 Provider, Megapath, stated if we were ID'd as > SPAMMER, they would be involved. I take that statement with a grain of salt). In any > event I verified our Open Relay status, and we're locked down. >=20 > 1. Any websites you'd recommend to check ourselves against for further > verification? >=20 > Another possibility may be an issue with a reverse lookup? Again, this is from a bunch > of sources, none that I would consider authoritive, so I could be misinterpreting. > However, our e-mail comes from our server, and our MX record's A record actually > points to a sister company's IP, as they filter SPAM for us before forwarding. There is > a difference of Public IPs. > Another option maybe the fact that we do not have an SPF record in our DNS > (something I learned about yesterday)? >=20 > Searching on: > "This message has been blocked because the HELO/EHLO domain is invalid" >=20 > Seemed to point to SMTP Virtual server setting. When I telnet to SMTP, my server > does not match the MX record, which to be compliant with RFC 2821 seems to be > required. The server reflects the actual server name. When I try to change properties > of the SMTP Virtual Server to my MX record, Mail2, I can not verify to my internal > DNS. I don't want to go to the issue of changing my server's name, and I am thinking > I can not have two entries within DNS pointing to the same IP, or is there a way to > accommodate? >=20 > Other option, modify my MX record to be reflect my server name? >=20 > I admit, I am treading some deep water here for me. Since we're successful with > 99.99 of other external e-mails, it is appealing to say it's the other side (the "been > blocked because the HELO/EHLO domain is invalid" certainly is not saying which > domain is invalid. When I SMTP their mail server, mail.printar.com, their server name > is simply printar.com, so they are not 'compliant' either.). However, since we have a > few loose ends on our side, I'd like to tighten us up, as I imagine the ongoing battle > with SPAM will simply be cause more of these errors. >=20 > Any other ideas, thoughts, would be GREATLY appreciated. >=20 > I can't seem to find anything regarding these search strings at MS support either, so I > assume I'm searching incorrectly. Thanks, Dan >=20 ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this MSEXchange.org Discussion List as: navin@xxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Report abuse to listadmin@xxxxxxxxxxxxxx