dmsander
asked on
Exchange 2010 SP1 - Can receive but cannot send mail
Hello there!
I have a fresh build of Server 2008 R2 with Exchange 2010 SP1 loaded. I have checked and re-checked all the prereqs, and have loaded my send connector for the internet (address space = * ). I thought that my ISP might be blocking outgoing mail so I changed the port as well. I see all my messages in the queue, they just won't go. I have no problems logging into OWA and receiving mail from various sources, but cannot send. I don't get any bounce backs or other errors that I can see. I've used the testexchangeconnectity site, and the SMTP tests reveal:
ExRCA is attempting to find the SPF record using a DNS TEXT record query.
ExRCA wasn't able to find the SPF record.
Other than that, I'm out of ideas- thanks for your insight!
Dane
I have a fresh build of Server 2008 R2 with Exchange 2010 SP1 loaded. I have checked and re-checked all the prereqs, and have loaded my send connector for the internet (address space = * ). I thought that my ISP might be blocking outgoing mail so I changed the port as well. I see all my messages in the queue, they just won't go. I have no problems logging into OWA and receiving mail from various sources, but cannot send. I don't get any bounce backs or other errors that I can see. I've used the testexchangeconnectity site, and the SMTP tests reveal:
ExRCA is attempting to find the SPF record using a DNS TEXT record query.
ExRCA wasn't able to find the SPF record.
Other than that, I'm out of ideas- thanks for your insight!
Dane
ASKER
I'd like to send the mail directly, as my ISP doesn't let me use their outgoing servers with an address other than their own.
[PS] C:\Windows\system32>Get-Se
AddressSpaces : {SMTP:*;1}
AuthenticationCredential :
Comment :
ConnectedDomains : {}
ConnectionInactivityTimeOu
DNSRoutingEnabled : True
DomainSecureEnabled : False
Enabled : True
ErrorPolicies : Default
ForceHELO : False
Fqdn : mail.sandersen.org
HomeMTA : Microsoft MTA
HomeMtaServerId : WEBBOX2
Identity : inet-mail
IgnoreSTARTTLS : False
IsScopedConnector : False
IsSmtpConnector : True
LinkedReceiveConnector :
MaxMessageSize : 10 MB (10,485,760 bytes)
Name : inet-mail
Port : 25
ProtocolLoggingLevel : None
RequireOorg : False
RequireTLS : False
SmartHostAuthMechanism : None
SmartHosts : {}
SmartHostsString :
SmtpMaxMessagesPerConnecti
SourceIPAddress : 0.0.0.0
SourceRoutingGroup : Exchange Routing Group (DWBGZMFD01QNBJR)
SourceTransportServers : {WEBBOX2}
TlsAuthLevel :
TlsDomain :
UseExternalDNSServersEnabl
[PS] C:\Windows\system32>Get-Se
AddressSpaces : {SMTP:*;1}
AuthenticationCredential :
Comment :
ConnectedDomains : {}
ConnectionInactivityTimeOu
DNSRoutingEnabled : True
DomainSecureEnabled : False
Enabled : True
ErrorPolicies : Default
ForceHELO : False
Fqdn : mail.sandersen.org
HomeMTA : Microsoft MTA
HomeMtaServerId : WEBBOX2
Identity : inet-mail
IgnoreSTARTTLS : False
IsScopedConnector : False
IsSmtpConnector : True
LinkedReceiveConnector :
MaxMessageSize : 10 MB (10,485,760 bytes)
Name : inet-mail
Port : 25
ProtocolLoggingLevel : None
RequireOorg : False
RequireTLS : False
SmartHostAuthMechanism : None
SmartHosts : {}
SmartHostsString :
SmtpMaxMessagesPerConnecti
SourceIPAddress : 0.0.0.0
SourceRoutingGroup : Exchange Routing Group (DWBGZMFD01QNBJR)
SourceTransportServers : {WEBBOX2}
TlsAuthLevel :
TlsDomain :
UseExternalDNSServersEnabl
The Send Connector configuration looks "Ok" for been able to send external emails
Can you try to telnet an External email server in order to check the followint things:
- That the O.S. firewall is not blocking port 25
- That the Antivirus or another software is not blocking port 25
- That your external firewall allows you to go to the internet using SMTP (TCP Port 25)
Follow this procedure:
(First install the telnet client, open Power Shell)
Import-Module ServerManager
Add-WindowsFeature Telnet-Client
(In order to try the telnet connection, open the command prompt or use Power Shell and write)
telnet 65.54.188.78 25
(In this example I have written the IP address of hotmail, you can try this one or write any server that you want)
It shall return a welcome message with the following information:
220 BAY0-PAMC1-F6.Bay0.hotmail
Let us know the result
ASKER
I made sure my firewalls allow 25.
Okay, so I've learned that my ISP completely locks down port 25. Is it possible to run this on another port? In Exchange powershell I ran the command:
Set-SendConnector -Identity inet-mail -port 28
But that didn't seem to work..
Okay, so I've learned that my ISP completely locks down port 25. Is it possible to run this on another port? In Exchange powershell I ran the command:
Set-SendConnector -Identity inet-mail -port 28
But that didn't seem to work..
from your DC can you get me this
dcdiag /v /e /TEST:DNS > c:\dcdiag.txt
Upload it here
Also check the guide here
http://www.exchangelog.info/2007/08/how-to-change-smtp-port-25-in-exchange.html
thanks
dcdiag /v /e /TEST:DNS > c:\dcdiag.txt
Upload it here
Also check the guide here
http://www.exchangelog.info/2007/08/how-to-change-smtp-port-25-in-exchange.html
thanks
ASKER
See attached.
dcdiag.txt
dcdiag.txt
is exchange 2010 directly connected on a public IP ?
Internet > Exchange ?
Usual configuration is
Internet > firewall > switch > exchange
Also exchange needs to be behind the firewall so that it can communicate with the DC
---
Your IP address shows that it's a public IP
Also it's a dynamic IP -probably through a ADSL/SDSL
You need to ask your ISP and get a public static IP
--
IP address: 69.131.30.251, fe80::fcf3:a0c2:46eb:8feb
DNS servers:
127.0.0.1 (webbox2.sandersen.org.) [Valid]
The A host record(s) for this DC was found
The SOA record for the Active Directory zone was found
The Active Directory zone on this DC/DNS server was found primary
Root zone on this DC/DNS server was not found
TEST: Forwarders/Root hints (Forw)
Recursion is enabled
Forwarders Information:
216.165.129.158 (<name unavailable>) [Valid]
216.170.153.146 (<name unavailable>) [Valid]
TEST: Delegations (Del)
Delegation information for the zone: sandersen.org.
Delegated domain name: _msdcs.sandersen.org.
Warning: Delegation of DNS server webbox2.sandersen.org. is broken on IP:2002:4583:1efb::4583:1e
DNS server: webbox2.sandersen.org. IP:69.131.30.251 [Valid]
Internet > Exchange ?
Usual configuration is
Internet > firewall > switch > exchange
Also exchange needs to be behind the firewall so that it can communicate with the DC
---
Your IP address shows that it's a public IP
Also it's a dynamic IP -probably through a ADSL/SDSL
You need to ask your ISP and get a public static IP
--
IP address: 69.131.30.251, fe80::fcf3:a0c2:46eb:8feb
DNS servers:
127.0.0.1 (webbox2.sandersen.org.) [Valid]
The A host record(s) for this DC was found
The SOA record for the Active Directory zone was found
The Active Directory zone on this DC/DNS server was found primary
Root zone on this DC/DNS server was not found
TEST: Forwarders/Root hints (Forw)
Recursion is enabled
Forwarders Information:
216.165.129.158 (<name unavailable>) [Valid]
216.170.153.146 (<name unavailable>) [Valid]
TEST: Delegations (Del)
Delegation information for the zone: sandersen.org.
Delegated domain name: _msdcs.sandersen.org.
Warning: Delegation of DNS server webbox2.sandersen.org. is broken on IP:2002:4583:1efb::4583:1e
DNS server: webbox2.sandersen.org. IP:69.131.30.251 [Valid]
ASKER
This "server" is directly connected to the Internet, with a public IP. While it's set to dynamic, the lease really doesn't expire (the IP is essentially static). Exchange is running on the DC- this is a small family implementation.
Can I use another port of outgoing messages?
---
Your IP address shows that it's a public IP
Also it's a dynamic IP -probably through a ADSL/SDSL
You need to ask your ISP and get a public static IP
Can I use another port of outgoing messages?
---
Your IP address shows that it's a public IP
Also it's a dynamic IP -probably through a ADSL/SDSL
You need to ask your ISP and get a public static IP
This setup is really not advisable.
where is your domain controller ? your exchange server needs to talk to the DC/GC to do ad-lookups.
where is your domain controller ? your exchange server needs to talk to the DC/GC to do ad-lookups.
It leaves you open to so many things:
You will probably get attacked 30 times in a day through multiple spam / trojans bots
Usual configuration is
Internet > firewall > switch > exchange
Exchange is on a LAN IP of 192.168.1.10 etc
AD is on a LAN IP - 192.168.1.20
Port-forwarding is set in firewall for 25 80 443 to lan ip of exchange server.
You will probably get attacked 30 times in a day through multiple spam / trojans bots
Usual configuration is
Internet > firewall > switch > exchange
Exchange is on a LAN IP of 192.168.1.10 etc
AD is on a LAN IP - 192.168.1.20
Port-forwarding is set in firewall for 25 80 443 to lan ip of exchange server.
ASKER
Exchange is running on the DC. I know this is all not advisable. This is a very, very small implementation- I think it will be okay.
It wont be.
You will get hacked before you know it - they will drop some really small mail relays and use your exchange server to spam. Your IP will get blacklisted and your ISP will call you and ask if you are spamming.
this setup is very very risky.
You need a firewall
Sonicwall TZ - early series / anything will do.
Even if it is for 3 users.
You will get hacked before you know it - they will drop some really small mail relays and use your exchange server to spam. Your IP will get blacklisted and your ISP will call you and ask if you are spamming.
this setup is very very risky.
You need a firewall
Sonicwall TZ - early series / anything will do.
Even if it is for 3 users.
ASKER
I have a hardware firewall that passes the real IP, and symantec endpoint protection running on the server. Thanks for the insight on the security- Do you have any advice on why my mail won't send?
Go here
www.testexchangeconnectivity.com/
Test for outbound SMTP
Please post back the errors from there.
thanks
www.testexchangeconnectivity.com/
Test for outbound SMTP
Please post back the errors from there.
thanks
you need to have outgoing access by port 25. And you shall not change it because the standard port is 25, so this is the port that the other servers have configured
You shall ask to your ISP to open the TCP port 25 in order to be able to outgoing emails
You shall ask to your ISP to open the TCP port 25 in order to be able to outgoing emails
ISP's usually wont open port 25.
So you will have to ask your ISP for the smarthost config - so that you can relay off their SMTP server.
Also you need a PTR record for reverse DNS setup and I am wondering how you will do that without a fixed IP.
So you will have to ask your ISP for the smarthost config - so that you can relay off their SMTP server.
Also you need a PTR record for reverse DNS setup and I am wondering how you will do that without a fixed IP.
ASKER
I've used the testexchangeconnectity site, and the SMTP tests reveal:
ExRCA is attempting to find the SPF record using a DNS TEXT record query.
ExRCA wasn't able to find the SPF record.
If I can't open port 25, does anyone know of other smart hosts that are available?
ExRCA is attempting to find the SPF record using a DNS TEXT record query.
ExRCA wasn't able to find the SPF record.
If I can't open port 25, does anyone know of other smart hosts that are available?
Your ISP should be able to provide you one
Mxtoolbox also has a smarthost solution.
http://community.mxtoolbox.com/blog/2009/03/04/what-blacklists-are-and-how-mxtoolbox-helps/
Mxtoolbox also has a smarthost solution.
http://community.mxtoolbox.com/blog/2009/03/04/what-blacklists-are-and-how-mxtoolbox-helps/
ASKER
Update: I spoke with my ISP- It is confirmed that port 25 is completely blocked. However, the technician suggested that I not send from port 25, but using SSL and TLS on their ports. Does anyone know how to set those up?
Can you check with them about a smarthost to relay emails.
If they dont have one - ask them if you can relay off other smarthosts ?
If they dont have one - ask them if you can relay off other smarthosts ?
ASKER
It is possible if I get upgraded service or purchase a host somewhere. I would like to configure outgoing mail to process over tls and ssl ports instead of 25. Any ideas?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.
Have you created "Send Connectors", what configuration do you have?
You can go to Exchange Management Shell and write
Get-SendConnectors | Format-List
And it can return the information about your configuration
Another thing,
Are you planning to send the emails directly from your IP address or across your ISP?