Solved

Port 25 On Microsoft Exchange 2003

Posted on 2003-10-29
46
1,538 Views
Last Modified: 2010-03-19
Hi,

Got a bit of a problem...  Exchange 2003 works fine internally - but when I try through the internet, nothing happens.  I try telnetting to port 25 of my router and when config'd to the IP address of the current email server its fine - but when it points to the IP address of the Exchange server - its no go.  Like I say - internally its fine - I can telnet to the 192 address.

Any ideas?  I'm getting frustrated.

DP
0
Comment
Question by:dpwdc
  • 20
  • 13
  • 7
  • +4
46 Comments
 
LVL 7

Expert Comment

by:NicBrey
Comment Utility
You need to configure your router to forward traffic that hits it's outside interface on port 25 to your mail server's internal address.

What type of router do you have??
0
 
LVL 1

Expert Comment

by:Kubrik
Comment Utility

If you have configured incoming nat or pat on your router, remember to set the Default Gateway of your internal server with the IP of the router.
0
 
LVL 1

Expert Comment

by:Kubrik
Comment Utility
...the internal IP of your router.... (192.168.x.x)
0
 
LVL 7

Expert Comment

by:NicBrey
Comment Utility
Just one thing...
If you already have a mail server running, yur router is probably configured to forward port 25 to your current mail server.
You can not add another server to be accessed from the internet through the same router/connection on port 25.
The router have no idea to which server an email should be routed to.  You can only do port forwarding to one internal IP address per port.
0
 
LVL 1

Expert Comment

by:Kubrik
Comment Utility
NicBrey you're right if router has only one internet ip configured on its external interface.

dpwdc can you tell us how your router is configured?
0
 
LVL 1

Author Comment

by:dpwdc
Comment Utility
Back from lunch now so heres the answer to your queries!

Yes indeed I do have a mail server on port 25 already - however I am replacing my routers port forwarding setting not adding to it; so as far as the router is concerned there is only ever one server.

The router is configured to forward port 80 to my web server, and port 25 to my mail server.  I am swapping the value of the IP address for port 25 from 192.168.1.20 to 192.168.1.25 (which is irrelivant but easier to refer to in future comments).
0
 
LVL 7

Expert Comment

by:NicBrey
Comment Utility
What type of router is it??
Maybe there is an access list only allowing SMTP to 192.168.1.20 or a firewall blocking it ??
If your SMTP service is running on the server, there is no other reason why this should not work if you change the port forwarding on the router...
0
 
LVL 1

Author Comment

by:dpwdc
Comment Utility
Thats what I thought, its very frustrating!  We have 2 routers - one is a Zoom ADSL modem router thing, and the other is a D-Link - there cheep chatty things.  The mail server USED to be on port 106, and then 20, and now on to 25 (testing out different mail servers).
0
 
LVL 16

Expert Comment

by:_nn_
Comment Utility
Insisting on Kubrik's idea, since you haven't acknowledged that everything is ok on this side : what is the default gateway in the TCP/IP settings of your Exchange 2003 box ? Is it the internal address of the involved router ?
0
 
LVL 7

Expert Comment

by:NicBrey
Comment Utility

    Server-------------------- D-link -------------- Zoom ADSL------------- ISP              
192.168.0.20
Does your setup looks like this?  Your DSL router will then have the public routable IP address on the outside interface.
Do you have control over the DSL router as well??  The port forwarding is happening on the DSL router and not the D_Link.
Are you trying to configure the D-Link or ADSL router??
0
 
LVL 1

Expert Comment

by:Kubrik
Comment Utility
Can you explore internet on your 192.168.1.25 server?
0
 
LVL 1

Author Comment

by:dpwdc
Comment Utility
_nn_ - the default gateway is set to the router that Im testing with
NicBrey, no I have 2 lines - its like this:

              Server
        |                    |
    D-Link             Zoom
        |                    |
ADSL LINE1      ADSL LINE2

I'm currently altering the D-link router - but the same scenario happens when I tried with the other router.

Kubrik - I can surf away on 25.
0
 
LVL 1

Expert Comment

by:Kubrik
Comment Utility
Have you tried to save and restart router after your forwarding modifications?
0
 
LVL 1

Author Comment

by:dpwdc
Comment Utility
Kubrik - You have to do that everytime for it to take effect
0
 
LVL 7

Expert Comment

by:NicBrey
Comment Utility
You have to telnet to the outside interface IP of the router on port 25.  Is that what you are doing??
0
 
LVL 1

Expert Comment

by:Kubrik
Comment Utility
Have you another active service on 25 to map, so we can be sure that it isn't an Exchange problem but only net problem?
Like a webserver for example.
0
 
LVL 1

Author Comment

by:dpwdc
Comment Utility
NicBrey - Yea, thats what I'm doing - I'm telneting on port 25 to my external IP
telnet XXX.XXX.XXX.XXX 25 - which works when router is set to old mail, but not Exchange.

Kubrik - the only think on the server in question is Exchange.  And if i telnet 192.168.1.26 25 it works fine, problem is when its and external address - could that have something to do with it perhaps?!  Maybe theres a setting that only allows local IP addresses to connect to it?  I bet thats it - brb.
0
 
LVL 1

Author Comment

by:dpwdc
Comment Utility
PS, I dont like Windows 2003, Exchange 2003 and the whole active directory idea...  Should have used horde...
0
 
LVL 1

Author Comment

by:dpwdc
Comment Utility
it doesnt seem to be my flash of inspiration - its set to accept all incomming connections
0
 
LVL 7

Expert Comment

by:NicBrey
Comment Utility
If you put the Exchange server on the current server IP address, does it accepts telnet to port 25 ??
Maybe you should specify the IP address of the router in the exchange configuration - might be a new security setting to prevent SMTP relay  ?
0
 
LVL 1

Expert Comment

by:Kubrik
Comment Utility
The only thing that you can do is to investigate tcp traffic with a sniffer or on your server .25, or on pc in teh same lan if your pc's are connected with hubs, not switches.
Try with Ethereal and examine if the connection you try from external ip is tracked by the sniffer.

http://www.ethereal.org
0
 
LVL 1

Author Comment

by:dpwdc
Comment Utility
I cant set the IP the same or I'll get a conflict.  The server accepts local telnet to port 25.  Could it have something to do with the DNS settings?
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 
LVL 1

Expert Comment

by:Kubrik
Comment Utility
0
 
LVL 1

Author Comment

by:dpwdc
Comment Utility
Kubrik - Not ticked - but this might be along the right lines.
0
 
LVL 1

Expert Comment

by:Kubrik
Comment Utility
dpwdc, a thing...
When you try to connect with telnet from internet, you can see:

1- telnet connect but disconnect quickly
2- telnet says you: "Impossible connect...bla bla.."

what case?
0
 
LVL 1

Author Comment

by:dpwdc
Comment Utility
2
0
 
LVL 1

Expert Comment

by:Kubrik
Comment Utility
You telnet external ip from pc on internal lan?
Or you make a dialup internet connection to an isp and then telnet the external ip?
You have to telnet external ip from a pc outside your lan.
0
 
LVL 1

Author Comment

by:dpwdc
Comment Utility
interesting - I'll try the other line and see if that helps
0
 
LVL 1

Author Comment

by:dpwdc
Comment Utility
Same old connection on port 25 failed mumbo jumbo
0
 
LVL 1

Author Comment

by:dpwdc
Comment Utility
Its deffinatly Exchange and not the router - I have set it up now on port 26 (set a second SMTP host on port 26 on exchange), and kept the other one on port 25 for testing purposes - Exchange does nothin.

Does anyone know where Exchange blocks connections for people outside its IP range?
0
 
LVL 4

Expert Comment

by:Kokoglen
Comment Utility
In the Exchange System Manager look in
Servers - [Servername] - Protocols - SMTP
Right click on it and get properties and then look in the tab access, and then connection.  Although its a good idea to look at all the settings.  Thats where it CAN be blocked.

Troubleshooting other things: Make sure the machine doesnt have Internet Connection Firewall enabled.  And also, STOP and START the STMP service.

Also, just for sanity sake, can you ping the exchange server from the outside.  See if you can get to the HTTP OWA client from the outside...it just helps to flesh out the problem a bit.
0
 
LVL 1

Expert Comment

by:Kubrik
Comment Utility
http://support.microsoft.com/default.aspx?scid=kb;en-us;319880&Product=exch2003

But his telnet don't succeed in opening connection on port 25 of the server.

dpwdc have you tried with sniffer?
Have you seen if there is some log file on server?

0
 
LVL 1

Author Comment

by:dpwdc
Comment Utility
The log files are pretty blank - Im going to try re-installing exchange.
0
 
LVL 31

Expert Comment

by:qwaletee
Comment Utility
Hi Kubrik,

If you were thinking of dumping Exchange to start with, and now need to rebuild anyway, why not consider dumpin it   N O W ?

Best regards,
qwaletee
0
 
LVL 1

Expert Comment

by:Kubrik
Comment Utility
Sniffing tcp traffic no eh?
With sniifer if you see connections from external to server port 25, then it sure at 99% that is an exchange/os problem, and you can try reinstall.
If you see no traffic to port 25, then it means that the problem is on router.
0
 
LVL 1

Author Comment

by:dpwdc
Comment Utility
qwaletee - I wasnt thinking of dumping exchange to start with - but im running out of options.  

Having set the pop3/smtp server thingy that comes with Windows Server 2003 as a test (removed Exchange by the way) - that gives the same results - fine internally - no go externally.

Kubric - the url for the sniffer you sent seemed a bit wrong?  was someones homepage.  We did try a sniffer which said that POP3 was fine, HTTP was fine but no SMTP port - which is odd as port 110 isnt set to be open, and I dont have much faith in the sniffer we used.  Can you recomend one?
0
 
LVL 1

Author Comment

by:dpwdc
Comment Utility
Right,

Results of my next test - I set my workstation (Windows 2000) as an SMTP server - set the router to point to me, and that worked...  All fingers are pointing to Windows Server 2003 as far as I can tell?  There MUST be a default value somewhere I need to change.

BTW the server I did the POP3 server test was a different windows 2003 server.
0
 
LVL 1

Expert Comment

by:Kubrik
Comment Utility
Yes, correct home: www.ethereal.com

can you past here results of "ipconfig /all" and "route print" commands from cmd on your 2003 server?
0
 
LVL 7

Expert Comment

by:NicBrey
Comment Utility
Here is a nice protol analyser you can use for the test. (30 day trial)
http://www.lyonware.co.uk/Iris.htm

I also believe that it is just a setting that need to be changed on the server. I don't have much Exchange2003 experience, but maybe you should specify somewhere the address(es) that are allowed to connect on port 25.
0
 
LVL 1

Author Comment

by:dpwdc
Comment Utility
Aaaaah, ethereal...

Windows IP Configuration

   Host Name . . . . . . . . . . . . : files
   Primary Dns Suffix  . . . . . . . : testdomain.office
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : testdomain.office

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : ADMtek AN983 based ethernet adapter
   Physical Address. . . . . . . . . : 00-50-BF-9E-08-4A
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.1.25
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.238
   DNS Servers . . . . . . . . . . . : 192.168.1.25




IPv4 Route Table
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...00 50 bf 9e 08 4a ...... ADMtek AN983 based ethernet adapter
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.1.238     192.168.1.25     20
        127.0.0.0        255.0.0.0        127.0.0.1        127.0.0.1      1
      192.168.1.0    255.255.255.0     192.168.1.25     192.168.1.25     20
     192.168.1.25  255.255.255.255        127.0.0.1        127.0.0.1     20
    192.168.1.255  255.255.255.255     192.168.1.25     192.168.1.25     20
        224.0.0.0        240.0.0.0     192.168.1.25     192.168.1.25     20
  255.255.255.255  255.255.255.255     192.168.1.25     192.168.1.25      1
Default Gateway:     192.168.1.238
===========================================================================
Persistent Routes:
  None


0
 
LVL 1

Author Comment

by:dpwdc
Comment Utility
Im going to try using a 2000 server with exchange 2003 to see if Server 2003 is the problem.
0
 
LVL 1

Author Comment

by:dpwdc
Comment Utility
WOO HOO!  Least we've narrowed down the issue!  Works fine under Windows 2000, but not Windows 2003!
0
 
LVL 4

Expert Comment

by:Kokoglen
Comment Utility
In the configure your server wizard (the one that pops up at startup), you should have POP3/SMTP role NOT chosen, but you should have SMTP installed in the add remove windows components, which is inside the Application Server, IIS menu.  Is this the same on your system?

Are you using any group policies?
0
 
LVL 1

Author Comment

by:dpwdc
Comment Utility
That how it was set.  I have rolled back to Win2k now and it all works fine.
0
 
LVL 1

Accepted Solution

by:
GhostMod earned 0 total points
Comment Utility
PAQed, with points refunded (500)

GhostMod
Community Support Moderator
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Join & Write a Comment

Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now