Link to home
Start Free TrialLog in
Avatar of dpwdc
dpwdc

asked on

Port 25 On Microsoft Exchange 2003

Hi,

Got a bit of a problem...  Exchange 2003 works fine internally - but when I try through the internet, nothing happens.  I try telnetting to port 25 of my router and when config'd to the IP address of the current email server its fine - but when it points to the IP address of the Exchange server - its no go.  Like I say - internally its fine - I can telnet to the 192 address.

Any ideas?  I'm getting frustrated.

DP
Avatar of NicBrey
NicBrey

You need to configure your router to forward traffic that hits it's outside interface on port 25 to your mail server's internal address.

What type of router do you have??

If you have configured incoming nat or pat on your router, remember to set the Default Gateway of your internal server with the IP of the router.
...the internal IP of your router.... (192.168.x.x)
Just one thing...
If you already have a mail server running, yur router is probably configured to forward port 25 to your current mail server.
You can not add another server to be accessed from the internet through the same router/connection on port 25.
The router have no idea to which server an email should be routed to.  You can only do port forwarding to one internal IP address per port.
NicBrey you're right if router has only one internet ip configured on its external interface.

dpwdc can you tell us how your router is configured?
Avatar of dpwdc

ASKER

Back from lunch now so heres the answer to your queries!

Yes indeed I do have a mail server on port 25 already - however I am replacing my routers port forwarding setting not adding to it; so as far as the router is concerned there is only ever one server.

The router is configured to forward port 80 to my web server, and port 25 to my mail server.  I am swapping the value of the IP address for port 25 from 192.168.1.20 to 192.168.1.25 (which is irrelivant but easier to refer to in future comments).
What type of router is it??
Maybe there is an access list only allowing SMTP to 192.168.1.20 or a firewall blocking it ??
If your SMTP service is running on the server, there is no other reason why this should not work if you change the port forwarding on the router...
Avatar of dpwdc

ASKER

Thats what I thought, its very frustrating!  We have 2 routers - one is a Zoom ADSL modem router thing, and the other is a D-Link - there cheep chatty things.  The mail server USED to be on port 106, and then 20, and now on to 25 (testing out different mail servers).
Insisting on Kubrik's idea, since you haven't acknowledged that everything is ok on this side : what is the default gateway in the TCP/IP settings of your Exchange 2003 box ? Is it the internal address of the involved router ?

    Server-------------------- D-link -------------- Zoom ADSL------------- ISP              
192.168.0.20
Does your setup looks like this?  Your DSL router will then have the public routable IP address on the outside interface.
Do you have control over the DSL router as well??  The port forwarding is happening on the DSL router and not the D_Link.
Are you trying to configure the D-Link or ADSL router??
Can you explore internet on your 192.168.1.25 server?
Avatar of dpwdc

ASKER

_nn_ - the default gateway is set to the router that Im testing with
NicBrey, no I have 2 lines - its like this:

              Server
        |                    |
    D-Link             Zoom
        |                    |
ADSL LINE1      ADSL LINE2

I'm currently altering the D-link router - but the same scenario happens when I tried with the other router.

Kubrik - I can surf away on 25.
Have you tried to save and restart router after your forwarding modifications?
Avatar of dpwdc

ASKER

Kubrik - You have to do that everytime for it to take effect
You have to telnet to the outside interface IP of the router on port 25.  Is that what you are doing??
Have you another active service on 25 to map, so we can be sure that it isn't an Exchange problem but only net problem?
Like a webserver for example.
Avatar of dpwdc

ASKER

NicBrey - Yea, thats what I'm doing - I'm telneting on port 25 to my external IP
telnet XXX.XXX.XXX.XXX 25 - which works when router is set to old mail, but not Exchange.

Kubrik - the only think on the server in question is Exchange.  And if i telnet 192.168.1.26 25 it works fine, problem is when its and external address - could that have something to do with it perhaps?!  Maybe theres a setting that only allows local IP addresses to connect to it?  I bet thats it - brb.
Avatar of dpwdc

ASKER

PS, I dont like Windows 2003, Exchange 2003 and the whole active directory idea...  Should have used horde...
Avatar of dpwdc

ASKER

it doesnt seem to be my flash of inspiration - its set to accept all incomming connections
If you put the Exchange server on the current server IP address, does it accepts telnet to port 25 ??
Maybe you should specify the IP address of the router in the exchange configuration - might be a new security setting to prevent SMTP relay  ?
The only thing that you can do is to investigate tcp traffic with a sniffer or on your server .25, or on pc in teh same lan if your pc's are connected with hubs, not switches.
Try with Ethereal and examine if the connection you try from external ip is tracked by the sniffer.

http://www.ethereal.org
Avatar of dpwdc

ASKER

I cant set the IP the same or I'll get a conflict.  The server accepts local telnet to port 25.  Could it have something to do with the DNS settings?
Avatar of dpwdc

ASKER

Kubrik - Not ticked - but this might be along the right lines.
dpwdc, a thing...
When you try to connect with telnet from internet, you can see:

1- telnet connect but disconnect quickly
2- telnet says you: "Impossible connect...bla bla.."

what case?
Avatar of dpwdc

ASKER

2
You telnet external ip from pc on internal lan?
Or you make a dialup internet connection to an isp and then telnet the external ip?
You have to telnet external ip from a pc outside your lan.
Avatar of dpwdc

ASKER

interesting - I'll try the other line and see if that helps
Avatar of dpwdc

ASKER

Same old connection on port 25 failed mumbo jumbo
Avatar of dpwdc

ASKER

Its deffinatly Exchange and not the router - I have set it up now on port 26 (set a second SMTP host on port 26 on exchange), and kept the other one on port 25 for testing purposes - Exchange does nothin.

Does anyone know where Exchange blocks connections for people outside its IP range?
In the Exchange System Manager look in
Servers - [Servername] - Protocols - SMTP
Right click on it and get properties and then look in the tab access, and then connection.  Although its a good idea to look at all the settings.  Thats where it CAN be blocked.

Troubleshooting other things: Make sure the machine doesnt have Internet Connection Firewall enabled.  And also, STOP and START the STMP service.

Also, just for sanity sake, can you ping the exchange server from the outside.  See if you can get to the HTTP OWA client from the outside...it just helps to flesh out the problem a bit.
http://support.microsoft.com/default.aspx?scid=kb;en-us;319880&Product=exch2003

But his telnet don't succeed in opening connection on port 25 of the server.

dpwdc have you tried with sniffer?
Have you seen if there is some log file on server?

Avatar of dpwdc

ASKER

The log files are pretty blank - Im going to try re-installing exchange.
Hi Kubrik,

If you were thinking of dumping Exchange to start with, and now need to rebuild anyway, why not consider dumpin it   N O W ?

Best regards,
qwaletee
Sniffing tcp traffic no eh?
With sniifer if you see connections from external to server port 25, then it sure at 99% that is an exchange/os problem, and you can try reinstall.
If you see no traffic to port 25, then it means that the problem is on router.
Avatar of dpwdc

ASKER

qwaletee - I wasnt thinking of dumping exchange to start with - but im running out of options.  

Having set the pop3/smtp server thingy that comes with Windows Server 2003 as a test (removed Exchange by the way) - that gives the same results - fine internally - no go externally.

Kubric - the url for the sniffer you sent seemed a bit wrong?  was someones homepage.  We did try a sniffer which said that POP3 was fine, HTTP was fine but no SMTP port - which is odd as port 110 isnt set to be open, and I dont have much faith in the sniffer we used.  Can you recomend one?
Avatar of dpwdc

ASKER

Right,

Results of my next test - I set my workstation (Windows 2000) as an SMTP server - set the router to point to me, and that worked...  All fingers are pointing to Windows Server 2003 as far as I can tell?  There MUST be a default value somewhere I need to change.

BTW the server I did the POP3 server test was a different windows 2003 server.
Yes, correct home: www.ethereal.com

can you past here results of "ipconfig /all" and "route print" commands from cmd on your 2003 server?
Here is a nice protol analyser you can use for the test. (30 day trial)
http://www.lyonware.co.uk/Iris.htm

I also believe that it is just a setting that need to be changed on the server. I don't have much Exchange2003 experience, but maybe you should specify somewhere the address(es) that are allowed to connect on port 25.
Avatar of dpwdc

ASKER

Aaaaah, ethereal...

Windows IP Configuration

   Host Name . . . . . . . . . . . . : files
   Primary Dns Suffix  . . . . . . . : testdomain.office
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : testdomain.office

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : ADMtek AN983 based ethernet adapter
   Physical Address. . . . . . . . . : 00-50-BF-9E-08-4A
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.1.25
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.238
   DNS Servers . . . . . . . . . . . : 192.168.1.25




IPv4 Route Table
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...00 50 bf 9e 08 4a ...... ADMtek AN983 based ethernet adapter
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.1.238     192.168.1.25     20
        127.0.0.0        255.0.0.0        127.0.0.1        127.0.0.1      1
      192.168.1.0    255.255.255.0     192.168.1.25     192.168.1.25     20
     192.168.1.25  255.255.255.255        127.0.0.1        127.0.0.1     20
    192.168.1.255  255.255.255.255     192.168.1.25     192.168.1.25     20
        224.0.0.0        240.0.0.0     192.168.1.25     192.168.1.25     20
  255.255.255.255  255.255.255.255     192.168.1.25     192.168.1.25      1
Default Gateway:     192.168.1.238
===========================================================================
Persistent Routes:
  None


Avatar of dpwdc

ASKER

Im going to try using a 2000 server with exchange 2003 to see if Server 2003 is the problem.
Avatar of dpwdc

ASKER

WOO HOO!  Least we've narrowed down the issue!  Works fine under Windows 2000, but not Windows 2003!
In the configure your server wizard (the one that pops up at startup), you should have POP3/SMTP role NOT chosen, but you should have SMTP installed in the add remove windows components, which is inside the Application Server, IIS menu.  Is this the same on your system?

Are you using any group policies?
Avatar of dpwdc

ASKER

That how it was set.  I have rolled back to Win2k now and it all works fine.
ASKER CERTIFIED SOLUTION
Avatar of GhostMod
GhostMod
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial