Link to home
Start Free TrialLog in
Avatar of benjilafouine
benjilafouine

asked on

MS Exchange Cannot connect 10060

Hi, I decided to setup a second email server in my company for POP3 purpose. My ServerA is a MS Exchange 2010 server with domainA.com. My ServerB is a POP3/IMAP server (smartermail) associated with domainB.com.

Both servers are on the same building but each has a different public IP. My router manages the two IP addresses and it is dispatching the TCP ports to the appropriate servers. The public address of domainB.com is 184.xxx.33.242.

Everything is working well except that my ServerA (MS Exchange, domainA.com) is incapable of sending emails to ServerB (smartermail, domainB.com).

ServerB receives all emails from everywhere I tested and is also able to send emails to ServerA/domainA. ServerA/domainA is capable of sending everywhere but to serverB/domainB.

All my policies in my router have been reviewed by the manufacturer and they say its A1. My MS Exchange is returning me this error when I try to send to ServerB/domainB:

2014-03-20T17:17:19.149Z,ServerA Exchange SMTP Connector,08D10BB7805F0579,1,,184.xxx.33.242:25,*,,"Failed to connect. Error Code: 10060, Error Message: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 184.xxx.33.242:25"

My ServerA public address has a MX record set at my ISP (domainA.com) so that it can send emails directly but I did not do the for ServerB public address (kind of hard to do because it is a 4G connection (with fixed public IP address and no ports blocked, I am paying more for that).

Finally, if I set my MS Exchange to send through a SmartHost instead (my ISP smtp server), the emails are going through from ServerA to ServerB.

Would anyone know why this is happening?

Thanks.
Avatar of Adam Brown
Adam Brown
Flag of United States of America image

This is likely because the Exchange server sees the domain on your internal DNS, but doesn't see an MX record in that DNS zone. You can either configure a Send connector for the domain that the POP3 server uses and set it to use the POP3 as a smart host or you can add MX records to the internal DNS zone for your domainb.com mail server.
ASKER CERTIFIED SOLUTION
Avatar of benjilafouine
benjilafouine

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of benjilafouine
benjilafouine

ASKER

Wow!!!! I created the connector as you said in Exchange (to the best of my knowledge) and it worked!!!! Please explain this to me, I am dying for an explanation!!!

Benji.
If you have domainb.com listed as a DNS forward lookup zone in your AD domain, then the Exchange server will use that DNS information for lookups and no external info will be available. Usually that external info includes MX records. By default, Exchange uses MX records to route mail, so if it queries its own DNS servers for a record in Domainb.com and it returns that the DNS server has records for that domain on it, but no MX records, it can't route mail.

At any rate, you can create a new send connector by going to Organization Config > Hub Transport. Click the Send Connectors Tab, right click in the middle window and select New Send Connector. Give the connector a unique name and click Next. Click Add, then enter domainb.com under Address Space and click OK, then Next. Select Route Mail through the following smart hosts, then click Add. Enter the IP of the POP3 server. Click OK, then next. The authentication page will depend on what type of security you have on the POP3 server, most likely you can just select None. Then accept the rest of the defaults and click New. Once that's done, all mail sent from users on the Exchange server to Domainb.com will go directly to the POP3 server's SMTP interface.
To continue (I edited my last response in case you missed it), setting up the send connector instructs the Exchange server to route mail destined to the domain you configure the send connector with directly to an SMTP server rather than using DNS lookups to get routing info for email.
I understand very well how this new connector works (basically making an exception for domainB) but I am still trying to find where my Exchange server would pickup a wrong DNS record in AD. Unless the mix up happens at the router level (after all it manages both public IP addresses). This domainB has never been part of my MS Exchange and current AD structure as far as I know.

Where would I find such a record if it exists within my environment?
You would need to log in to a Domain Controller and open up DNS. Expand Forward Lookup Zones and see if DomainB.com is listed there. If it is, then your Exchange server is pulling DNS from there.
I had already done that in anticipation of your answer: negative. This domainB never existed in my AD domain before (or in my Exchange server). I had used it in a lab in a separate domain since last year (on and off) and that's it.

Nevertheless, my main Exchange server did send some emails to this domainB when I tested it last year and in my Outlook cache, I still had this domainB address embedded in my "on the fly" Outlook address book, which I deleted of course (today). But, hey, there could still be a trace of it somewhere as I know for a fact that a MS Exchange server takes very long to "forget". I deleted a domain from my Exchange server last month and for two weeks it kept looking for it internally.

I will wait for a response from my ISP and my router manufacturer but your certainly deserve the points to close this question.
I made some more testing. This situation only happens when both email servers are behind the same router (that has two fixed IP addresses). I moved my email server to a third site to test and everything was working.

My router manufacturer is still looking up the issue but creating the new connector is definitely the short route.
The connector to bypass the situation was a good idea but it was not the solution. The issue was a "loopback" issue with the router, meaning that one public IP address was not trusting the other public address because the emails were trying to take a shortcut inside the router between the two interfaces.

The manufacturer finally resolved by adding "any-trusted" in the two smtp rules that I had. I wish I could give more info about the manufacturer, the ports and the solution but my company is keeping a low-profile on its security features for security reasons (you will certainly understand why).

So once more, I came up with my own solution. But I will award you the points because you helped prove my point to the manufacturer who at first, dismissed my issue.
I've requested that this question be closed as follows:

Accepted answer: 0 points for benjilafouine's comment #a39943806

for the following reason:

The problem was in the router but the solution offered did work as a bypass.
You may want to change your close so it awards some points. Right now it awards none.
I will assign points.
I will retry closing this question.
Here is the close. Thanks.