Q
Problem solve Get help with specific problems with your technologies, process and projects.

Still receiving inbound SMTP e-mail at a defunct domain

You've removed the MX record from an old domain, yet incoming e-mail is still being received -- what should you do? SearchExchange.com expert David Sengupta explains how to troubleshoot this problem.

I have a client running Microsoft Exchange 2000 and they've changed their company name and DNS domain name. They are receiving inbound SMTP e-mail to the new domain fine. Even though I've removed the MX record from the old domain (two weeks ago) and removed the domain from the recipient policy, I can still connect to the SMTP server and send to bob@olddomain.com.

I've also removed the old e-mail address from all users, groups, etc. No matter what I try, I can still connect...

to the old server via telnet (IP address) 25 and send to bob@olddomain.com. I've rebooted the server as well. Do you have any ideas?

VIEW MEMBER FEEDBACK TO THIS ASK THE EXPERT Q&A.

The first thing I'd do is spend some time drilling in the public-facing DNS record associated with the "olddomain.com" domain. Make sure you are (1) on the Internet when you do this and (2) are looking specifically at the authoritative DNS record.

If public clients can send mail to your old SMTP address, then they are getting an MX record from somewhere, which means that the MX record still exists. Once you've found the MX record, determine exactly which IP address corresponds to the server accepting Internet mail, and telnet into that server.

Then use the banner to confirm that this is indeed the server that you are assuming is your Internet gateway, and not an intermediary firewall or other rogue (or forgotten/overlooked) SMTP gateway.

Between those steps I think you'll figure out what's going on.

Bottom line: I think something is wrong in your assumptions … and some deeper digging will turn something up.


MEMBER FEEDBACK TO THIS ASK THE EXPERT Q&A:

In this reply, you suggested that the user had likely missed finding an old MX record when e-mail for a retired domain was continuing to flow into their e-mail server. There is another explanation -- spammers. (And that's probably one of the reasons they wanted to change their domain name in the first place.)

Spammers remember the IP address of the e-mail server for a LONG time. I have one domain that I retired from e-mail service more than five years ago. It still advertises its presence with NS records, but there are no A or MX records in it. None of the NS records points to the same IP address as the old mail server. But when I go check logs, there they are -- messages pointed to the server using the old domain name just like it was yesterday, and every single one is spam. (I've even tried pointing the MX record to 127.0.0.1, but it doesn't help.)

The best solution is to insure that the Exchange server doesn't recognize that domain name and it will just drop the messages on the floor. (Look in Recipient Policies and Recipient Update Services in Exchange System Manager.) They'll still pay the price for handling the initial transaction, but at least they won't have to handle the entire message.

It would also help to reassign the IP address for the mail server for the new domain and not use the old address for anything related to inbound e-mail. At least then the packets won't have anywhere to go.
—Greg M.


Do you have comments on this Ask the Expert Q&A? Let us know.
Related information from SearchExchange.com:

  • Tutorial: A primer on DNS and MX records
  • Learning Guide: How to fight spam on Exchange Server
  • Reference Center: DNS tips and resources
  • Reference Center: SMTP tips and resources

  • Dig Deeper on Exchange Server setup and troubleshooting

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    Start the conversation

    Send me notifications when other members comment.

    Please create a username to comment.

    -ADS BY GOOGLE

    SearchServerVirtualization

    SearchCloudComputing

    SearchSQLServer

    SearchEnterpriseDesktop

    SearchVirtualDesktop

    Close