Verizon FIOS and Relay of SMTP messages


It came to my attention recently that there have been problems relaying mail to an external party from my mail server at home. I host some distribution lists and mailboxes for a small group my wife is involved with. They have a public domain setup with a few mailboxes. All the e-mail for that public domain comes through my Exchange server. Copies of the incoming messages are routed to internal mailboxes, but each mailbox is setup to forward a copy of every incoming message to that user’s home e-mail address.

So I kept getting these NDR messages (since I’m the administrator) and I hadn’t really had time to investigate until recently. When I started to take a look at the problem, I realized it only occurred when a particular sender would send a message to the users on the group’s public domain. Basically this person was sending mail to an address at the groups public SMTP domain. So my server would receive the mail, deliver it locally and then forward on a copy to each recipient’s home e-mail address. So that was the pattern of the problem, at least I had that figured out.

We recently switched to Verizon FIOS and after more checking, realized this issue started occurring right around the same time we made the switch. When looking in the event viewer on my Exchange server I found events saying that I had to authenticate to send mail as xxx user, which I knew was not my account. I checked the message tracking in Exchange and found that mail delivery worked fine locally, but failed when relaying a copy out to the user’s home e-mail address.

The issue it seems is that when Exchange forwards a copy back out to the user’s home account, it has the from address of the sender in the SMTP transmission. My server is configured to route all outgoing SMTP messages through Verizon’s outgoing SMTP server. But the user sending the original message was also using Verizon DSL with a verizon.net e-mail account. So when my server tried to relay the outgoing copy, it saw the from address and that it was a verizon.net account. I can only assume that Verizon has some type of account restrictions in place that prevented my server from relaying mail from this address while authenticated as my account. (I’m using SMTP authentication for outgoing mail through Verizon). The message would be blocked at this point and I’d get the NDR. So I naturally started looking at outgoing SMTP accounts with third parties for use with relaying. I toyed with the idea of setting up another SMTP connector for the recipient’s domain to bypass Verizon, but was weary of that due to PTR issues with my DNS, which could cause more problems than its worth.

I found a good SMTP relay service for only $15 a year, and was about to buy it when I decided to stop and try the SMTP connector in Exchange first, just to see if it work, or if hotmail (the home recipient with delivery problems) would reject the message if it did any type of PTR lookup on the sending mail server. I set everything up and sent a test message and was happy to see it was delivered successfully. I now route all outgoing mail to hotmail.com directly to the hotmail MX servers rather than route through Verizon. This way all other mail can go through Verizon, but anything sent to hotmail.com will go directly from my server to hotmail, which then resolves my problems of another verizon.net user relaying through my mail server. After more testing I have found this works well and saved me $15 a year.

Advertisements

About Joe

I am the author of this blog, IT engineer, husband, father, and somewhat of a nerd.

Posted on July 6, 2007, in Professional/Tech and tagged , , , , , , , , , . Bookmark the permalink. 4 Comments.

  1. Thanks man, just what I was looking for. Worked like a charm Thanks so much…

  2. Just as a followup on this post, ultimately Verizon prevented outbound SMTP port 25, so I had to use a third party SMTP relay service. I went with DNSExit for this and it has worked well for quite some time. The solution in my original post may not work for you if your ISP blocks outbound port 25, you may have to go wtih a third party.

  3. Thanks man, just what I was looking for. Worked like a charm Thanks so much…

  4. Just as a followup on this post, ultimately Verizon prevented outbound SMTP port 25, so I had to use a third party SMTP relay service. I went with DNSExit for this and it has worked well for quite some time. The solution in my original post may not work for you if your ISP blocks outbound port 25, you may have to go wtih a third party.

%d bloggers like this: