Solved

cannot receive external mail

Posted on 2004-03-21
36
989 Views
Last Modified: 2008-02-01
I can send and recive internal mail

I can send external mail

But I cant receive external mail......
The NDR from external sender says..
Message delivery to elvis@mydomail.co.rw' delayed
SMTP module(domain mydomain.co.rw) reports:
 mail.mydomain.co.rw: no response
0
Comment
Question by:ealwali
  • 20
  • 16
36 Comments
 
LVL 8

Expert Comment

by:Emptyone
ID: 10644804
Have you tried to telnet your server from the outside?

telnet mail.mydomain.co.rw 25

If you are not able to do that, this is probably the problem

1) The DNS record is pointing to the wrong IP-address
Ping mail.mydomain.co.rw and see if you get the correct ip-address

2) SMTP is not open in the firewall
Check that port 25 is open in the firewall and pointing to your exchange server
0
 

Author Comment

by:ealwali
ID: 10647124
Which DNS record

my domain DNS   or

the ISP DNS

Thanks and please help
0
 
LVL 8

Expert Comment

by:Emptyone
ID: 10647136
Your ISP's record for your domain
0
 

Author Comment

by:ealwali
ID: 10647414
smtp is open on firewall ... I have confirmed that.


I cannot telnet my mailserver from outside on port 25... could it be because of firewall

if i ping ... mail.mydomain.co.rw I get ttl expired (from isp message)

what could be the the problem


thanks

0
 
LVL 8

Expert Comment

by:Emptyone
ID: 10647434
Check if you get the correct IP address when you ping mail.mydomain.co.rw

Check that the firewall is set up so that it forwards requests to the correct ip adress on you LAN
0
 

Author Comment

by:ealwali
ID: 10647510
Thanks am confirming the IP address...
please keep on online
0
 

Author Comment

by:ealwali
ID: 10647637
Thanks

Now I hadnt made any entry on DNS MX record

what DNS name do i need to put in the mx record and what domain do i specify

Thanks
Elvis
0
 
LVL 8

Expert Comment

by:Emptyone
ID: 10647648
The MX record should be your domain name.

mydomain.co.rw

This should point to a registered host. For instance mail.mydomain.co.rw.
0
 

Author Comment

by:ealwali
ID: 10647668
we have three entries

1. parent domain
2.host or domain
3. mail server

give me xamples on how to put the entries.
given my domain name you have

thanks again
0
 
LVL 8

Expert Comment

by:Emptyone
ID: 10647682
1. mydomain.co.rw
2. mail.mydomain.co.rw
3. mail.mydomain.co.rw

Not quite sure about number 2, but I believe that is how it should be. I asume you have a registration for mail.mydomain.co.rw pointing to the correct IP-address
0
 

Author Comment

by:ealwali
ID: 10647733
thanks
0
 

Author Comment

by:ealwali
ID: 10650515
When I telnet now .... The connections appears to go through ... but only gives me a blank DOS screen....
which does not respond to any command

then it times out

elvis

pliz reply
0
 
LVL 8

Expert Comment

by:Emptyone
ID: 10650538
What happens when you try to telnet from the LAN?

telnet exchangservername 25

0
 

Author Comment

by:ealwali
ID: 10655476
It Responds Perfectly.....

You see the problem is only from external otherwise my tests from internal are O.K

How do you make Active Directory Know that threre is an exchange server..... in the domain...
Where do you specify it???

Elvis
0
 
LVL 8

Expert Comment

by:Emptyone
ID: 10655483
If you have installed Exchange correctly, running /domainprep and /forestprep, it will set that up as is should.

Try going to www.dnsreport.com, type in your domain name and see what that says.

What are you using as firewall?
0
 

Author Comment

by:ealwali
ID: 10655587
CISCO PIX

We had exchange working then it went down a few weeks ago. I wasnt in that office yet.

Then they changed ISP..

Then I came into company..
So when I setup new exchange  I havent touched the PIX.... But am told by both new ISP and my predisecssor that they made neccessary change on PIX.......  because the rest are working..

I did forestprep and domain prep..

Thanks let me check  DNSREPORT.COM

Thanks for the comments you are so LOVELY..............  MMMMMMMWWwwa

Elvis



0
 

Author Comment

by:ealwali
ID: 10655636
This is what I found out from DNSREPORT.COM


WARNING. The parent servers (I checked with ns1.rwandatel.rw.) are not providing glue for all your nameservers. This means that they are supplying the NS records (host.example.com), but not supplying the A records (192.0.2.53), which can cause slightly slower connections, and may cause incompatibilities with some non-RFC-compliant programs. This is perfectly acceptable behavior per the RFCs. This will usually occur if your DNS servers are not in the same TLD as your domain (for example, a DNS server of "ns1.example.org" for the domain "example.com"). In this case, you can speed up the connections slightly by having NS records that are in the same TLD as your domain

(what is TLD)?????????

FAIL
A timeout occurred getting the NS records from your nameservers! None of your nameservers responded fast enough. They are probably down or unreachable. I can't continue since your nameservers aren't responding. .


INFO
Your NS records at the parent servers are:
213.255.208.58.gov.rw. [NO GLUE; No A record]
213.255.208.50.gov.rw. [NO GLUE; No A record]
[These were obtained from ns1.rwandatel.rw]



what does the FAIL mean ... please help???


0
 
LVL 8

Expert Comment

by:Emptyone
ID: 10655665
I'm not sure what TLD means, will check that.

But it looks like you have a connection problem on your server. Because I'm not able to ping it, neither telnet it on port 25. That is also why the DNSreport fails
0
Don't lose your head updating email signatures!

Do your end users still have the wrong email signature? Do email signature updates bore you or fill you with a sense of dread? You can make this a whole lot easier on yourself by trusting an Exclaimer email signature management solution. Over 50 million users do...so should you!

 

Author Comment

by:ealwali
ID: 10655672
What does this mean..??

[ERROR: I was unable to get an answer from the parent servers [ns1.rwandatel.rw], when I tried to find the NS records for mail.mydomain.co.rw.]

Who needs to sort out this... me or the ISP..

thanks in advance..


0
 

Author Comment

by:ealwali
ID: 10655692
Getting MX record for mydomain.co.rw... Got it!

Host Preference IP(s) [Country] mail.presidency.gov.rw. 20 62.56.183.52 [IL] mx.rwandatel.rw. 100 62.56.174.157 [IL] --------------------------------------------------------------------------------


Step 1:  Try connecting to the following mailserver:
         mail.mydomain.co.rw. - 62.56.183.52

Step 2:  If unsuccessful in step 1, try connecting to the following mailserver:
         mx.rwandatel.rw. - 62.56.174.157

Step 3:  If still unsuccessful, queue the E-mail for later delivery.
--------------------------------------------------------------------------------
Trying to connect to all mailservers:

   mail.mydomain.co.rw. - 62.56.183.52  [Could not connect: Could not connect to mail server (timed out).]
   mx.rwandatel.rw. - 62.56.174.157  [Successful connect: Got a good response [250 imuhizi@mydomain.co.rw will relay to a client address]]


HELP what do I need to do... is it my DNS or FIREWALL or WHAT..

Elvis
0
 
LVL 8

Expert Comment

by:Emptyone
ID: 10655695
It looks like you need to talk to your ISP.

But the domain you mentioned now is different than the one I tested
0
 
LVL 8

Expert Comment

by:Emptyone
ID: 10655735
Sorry, mixed your question with another one
0
 

Author Comment

by:ealwali
ID: 10655745
my IP
for mail is
62.56.183.52  
test this and tell me probalbe problem...

Elvis
0
 
LVL 8

Expert Comment

by:Emptyone
ID: 10655746
It looks like you have the MX record set up, but neither of your servers answer when trying to telnet them. Might be a firewall problem. But which of the ip-addresses mentioned is your mail server?
0
 

Author Comment

by:ealwali
ID: 10655756
I understand ... Just tery Test mine
0
 
LVL 8

Expert Comment

by:Emptyone
ID: 10655772
I have done a trace to that address. It stops on this IP:

62.216.0.178

Do you know where that is located?

Looks like there is some error in the routing with your ISP, but it could also be a firewall not configured correctly. Not able to telnet it on port 25 either
0
 

Author Comment

by:ealwali
ID: 10655781
62.56.183.52   is my mail server


0
 

Author Comment

by:ealwali
ID: 10655811
when i telnet    62.56.183.52   on port 25 you get no response right...... or it says connection timed out.....
mine shows like it is going through but then no reponse then  it says later on that connection to host lost.....

I dont know where 62.216.0.178 is located.....
ISP routing problem you say......

Now pliz give me a few steps i can use to correct problem...... step by step to eliminate others also .....
0
 
LVL 8

Accepted Solution

by:
Emptyone earned 100 total points
ID: 10655839
I get no response on your mailserver, that is correct.

From where are you running telnet to that IP?

I believe you should talk to your ISP and check with them that the routing is corrct to your mailserver. You migth give them the IP I gave you and tell them that a tracert from internet stopped at that address
0
 

Author Comment

by:ealwali
ID: 10674931
PLEASE explain to me what all the following mean ... I got it from DNSREPORT...

I havent solved my PROBLEM YET...

Parent

PASS Missing Direct Parent check OK. Your direct parent zone exists, which is good. Some domains (usually third or fourth level domains, such as example.co.us) do not have a direct parent zone ('co.us' in this example), which is legal but can cause confusion.

INFO
NS records at parent servers Your NS records at the parent servers are:

mail.mydomain.co.rw. [213.255.207.58 (NO GLUE; CNAME encountered->mydomain.co.rw.)] [UK]

[These were obtained from charlie.terracom.rw]
PASS Parent nameservers have your nameservers listed OK. When someone uses DNS to look up your domain, the first step (if it doesn't already know about your domain) is to go to the parent servers. If you aren't listed there, you can't be found. But you are listed there, with 3 entries.
WARN Glue at parent nameservers

WARNING. The parent servers (I checked with charlie.terracom.rw.) are not providing glue for all your nameservers. This means that they are supplying the NS records (host.example.com), but not supplying the A records (192.0.2.53), which can cause slightly slower connections, and may cause incompatibilities with some non-RFC-compliant programs. This is perfectly acceptable behavior per the RFCs. This will usually occur if your DNS servers are not in the same TLD as your domain (for example, a DNS server of "ns1.example.org" for the domain "example.com"). In this case, you can speed up the connections slightly by having NS records that are in the same TLD as your domain.
NS INFO NS records at your nameservers Your NS records at your nameservers are:

mail.mydomain.co.rw. [TTL=14400]
bravo.terracom.rw. [TTL=14400]
charlie.terracom.rw. [TTL=14400]

 
PASS All nameservers report identical NS records OK. The NS records at all your nameservers are identical.  
PASS All nameservers respond OK. All of your nameservers listed at the parent nameservers responded.
PASS Nameserver name validity OK. All of the NS records that your nameservers report seem valid (no IPs or partial domain names).
PASS Number of nameservers OK. You have 3 nameservers. You must have at least 2 nameservers (RFC2182 section 5 recommends at least 3 nameservers), and preferably no more than 7.
PASS Lame nameservers OK. All the nameservers listed at the parent servers answer authoritatively for your domain.
PASS Missing (stealth) nameservers OK. All 3 of your nameservers (as reported by your nameservers) are also listed at the parent servers.
PASS Missing nameservers 2 OK. All of the nameservers listed at the parent nameservers are also listed as NS records at your nameservers.

FAIL
No CNAMEs for domain ERROR: mail.mydomain.co.rw has a CNAME entry (mydomain.co.rw.); it is not valid to have a CNAME entry and NS entries for 213.255.207.58. See RFC1912 2.4 and RFC2181 10.3 for more information.
FAIL No NSs with CNAMEs ERROR: mail.mydomain.co.rw. has a CNAME entry (mydomain.co.rw.); it is not valid to have a CNAME entry and NS entries for mail.mydomain.co.rw.. See RFC1912 2.4 and RFC2181 10.3 for more information.
 
WARN Nameservers on separate class C's WARNING: We cannot test to see if your nameservers are all on the same Class C (technically, /24) range, because the root servers are not sending glue. We plan to add such a test later, but today you will have to manually check to make sure that they are on separate Class C ranges. Your nameservers should be at geographically dispersed locations. You should not have all of your nameservers at the same location. RFC2182 3.1 goes into more detail about secondary nameserver location.
PASS All NS IPs public OK. All of your NS records appear to use public IPs. If there were any private IPs, they would not be reachable, causing DNS delays.
INFO Nameservers versions Your nameservers have the following versions:

213.255.207.58: "9.2.1"
 
PASS NS TTL discrepancy OK. Your NS records at your authoritative DNS servers have TTLs that match those of the parent servers. This is prevents some odd problems that could otherwise occur.
PASS Stealth NS record leakage Your DNS servers do not leak any stealth NS records (if any) in non-NS requests.
SOA INFO SOA record Your SOA record [TTL=14400] is:
Primary nameserver: mail.mydomain.co.rw.
Hostmaster E-mail address: mydomain.co.rw.
Serial #: 0
Refresh: 0
Retry: 0
Expire: 0
Default TTL: 0
 
FAIL NS agreement on SOA Serial # ERROR: Your nameservers disagree as to which version of your DNS is the latest! 4294967295 versus 0! This is OK if you have just made a change recently, and your secondary DNS servers haven't yet received the new information from the master. I will continue the report, assuming that 0 is the correct serial #.
PASS SOA MNAME Check OK. Your SOA (Start of Authority) record states that your master (primary) name server is: mail.mydomain.co.rw.. That server is listed at the parent servers, which is correct.
 
PASS SOA RNAME Check OK. Your SOA (Start of Authority) record states that your DNS contact E-mail address is: mydomain@co.rw. (techie note: we have changed the initial '.' to an '@' for display purposes).  
WARN SOA Serial Number WARNING: Your SOA serial number is: 0. That is OK, but the recommended format (per RFC1912 2.2) is YYYYMMDDnn, where 'nn' is the revision. For example, if you are making the 3rd change on 02 May 2000, you would use 2000050203. This number must be incremented every time you make a DNS change.
FAIL SOA REFRESH value WARNING: Your SOA REFRESH interval is : 0 seconds. This seems very low. You should consider increasing this value to about 3600-7200 seconds. RFC1912 2.2 recommends a value between 1200 to 43200 seconds (20 minutes to 12 hours). A value that is too low will unncessarily increase Internet traffic.
FAIL SOA RETRY value WARNING: Your SOA RETRY interval is : 0 seconds. This seems very low. You should consider increasing this value to about 120-7200 seconds. The retry value is the amount of time your secondary/slave nameservers will wait to contact the master nameserver again if the last attempt failed.
FAIL SOA EXPIRE value WARNING: Your SOA EXPIRE time is : 0 seconds. This seems very low. You should consider increasing this value to about 1209600 to 2419200 seconds (2 to 4 weeks). RFC1912 recommends 2-4 weeks. This is how long a secondary/slave nameserver will wait before considering its DNS data stale if it can't reach the primary nameserver.  
FAIL SOA MINIMUM TTL value WARNING: Your SOA MINIMUM TTL is : 0 seconds. This seems very low (unless you are just about to update your DNS). You should consider increasing this value to somewhere between 3600 and 10800. RFC2308 suggests a value of 1-3 hours. This value used to determine the default (technically, minimum) TTL (time-to-live) for DNS entries, but now is used for negative caching.
MX INFO MX Record Your 2 MX records are:
CNAME: mail.mydomain.co.rw.->mydomain.co.rw. [TTL=14400] 0 mydomain.co.rw. [TTL=14400] IP=213.255.207.58 [TTL=14400] [UK]
 
PASS Invalid characters OK. All of your MX records appear to use valid hostnames, without any invalid characters.
PASS All MX IPs public OK. All of your MX records appear to use public IPs. If there were any private IPs, they would not be reachable, causing slight mail delays, extra resource usage, and possibly bounced mail.
WARN MX records are not CNAMEs WARNING: When I looked up your MX record, your DNS server returned a CNAME. This is an unusual situation, and I can't handle it -- the following MX tests may not work properly. The problem is:
mail.mydomain.co.rw.->mydomain.co.rw.
 
PASS MX A lookups have no CNAMEs OK. There appear to be no CNAMEs returned for A records lookups from your MX records (CNAMEs are prohibited in MX records, according to RFC974, RFC1034 3.6.2, RFC1912 2.4, and RFC2181 10.3).
PASS MX is host name, not IP OK. All of your MX records are host names (as opposed to IP addresses, which are not allowed in MX records).
PASS Multiple MX records OK. You have multiple MX records. This means that if one is down or unreachable, the other(s) will be able to accept mail for you.
PASS Duplicate MX records OK. You do not have any duplicate MX records (pointing to the same IP). Although technically valid, duplicate MX records can cause a lot of confusion, and waste resources.
FAIL Reverse DNS entries for MX records ERROR: The IP of one or more of your mail server(s) have no reverse DNS (PTR) entries (if you see "Timeout" below, it may mean that your DNS servers did not respond fast enough). RFC1912 2.1 says you should have a reverse DNS for all your mail servers. It is strongly urged that you have them, as many mailservers will not accept mail from mailservers with no reverse DNS entry. You can double-check using the 'Reverse DNS Lookup' tool at the DNSstuff site. The problem MX records are:
58.207.255.213.in-addr.arpa [No reverse DNS entry (rcode: 3 ancount: 0)]
 
Mail FAIL Connect to mail servers ERROR: I could not connect to one or more of your mailservers:
mail.mydomain.co.rw: Could not connect without glue or A record.
 
WARN Mail server host name in greeting WARNING: One or more of your mailservers may be claiming to be a host other than what it really is (the SMTP greeting should be a 3-digit code, followed by a space or a dash, then the host name). This probably won't cause any harm, but may be a technical violation of RFC821 4.3 (and RFC2821 4.3.1).

mydomain.co.rw claims to be host bravo.terracom.rw.

 
PASS Acceptance of NULL <> sender OK: All of your mailservers accept mail from "<>". You are required (RFC1123 5.2.9) to receive this type of mail (which includes reject/bounce messages and return receipts).
FAIL Acceptance of postmaster address ERROR: One or more of your mailservers does not accept mail to postmaster@mail.mydomain.co.rw. Mailservers are required (RFC822 6.3, RFC1123 5.2.7, and RFC2821 4.5.1) to accept mail to postmaster.

mydomain.co.rw's postmaster response:
    >>> RCPT TO:<postmaster@mail.mydomain.co.rw>
    <<< 550-test.dnsstuff.com (test.DNSreport.com) [69.2.200.182] is currently not
550-permitted to relay through this server. Perhaps you have not logged into
550-the pop/imap server in the last 30 minutes or do not have SMTP
550 Authentication turned on in your email client.

 
WARN Acceptance of abuse address WARNING: One or more of your mailservers does not accept mail to abuse@mail.mydomain.co.rw. Mailservers are expected by RFC2142 to accept mail to abuse.

mydomain.co.rw's abuse response:
    >>> RCPT TO:<abuse@mail.mydomain.co.rw>
    <<< 550-test.dnsstuff.com (test.DNSreport.com) [69.2.200.182] is currently not
550-permitted to relay through this server. Perhaps you have not logged into
550-the pop/imap server in the last 30 minutes or do not have SMTP
550 Authentication turned on in your email client.

 
WARN Acceptance of domain literals WARN: One or more of your mailservers does not accept mail in the domain literal format (user@[0.0.0.0]). Mailservers are technically required RFC1123 5.2.17 to accept mail to domain literals for any of its IP addresses. Not accepting domain literals can make it more difficult to test your mailserver, and can prevent you from receiving E-mail from people reporting problems with your mailserver. However, it is unlikely that any problems will occur if the domain literals are not accepted.

mydomain.co.rw's postmaster@[213.255.207.58] response:
    >>> RCPT TO:<postmaster@[213.255.207.58]>
    <<< 501 : domain literals not allowed

 
PASS Open relay test OK: All of your mailservers appear to be closed to relaying. This is not a thorough check, you can get a thorough one here.
mydomain.co.rw OK: 550-test.dnsstuff.com (test.DNSreport.com) [69.2.200.182] is currently not 550-permitted to relay through this server. Perhaps you have not logged into 550-the pop/imap server in the last 30 minutes or do not have SMTP 550 Authentication turned on in your email client.
 
WWW FAIL WWW Category ERROR: I couldn't find any A records for www.mail.mydomain.co.rw. But I did find a referral to bravo.terracom.rw. (and maybe others). If you want a website at www.mail.mydomain.co.rw, you will need an A record for www.mail.mydomain.co.rw. If you do not want a website at www.mail.mydomain.co.rw, you can ignore this error.
0
 
LVL 8

Expert Comment

by:Emptyone
ID: 10674955
Set your mx record to point to bravo.terracom.rw, I am able to connect to it on both IP address and hostname. Believe that should do the trick
0
 

Author Comment

by:ealwali
ID: 10675127
Give me the Steps.....  I guess I am now understanding that????

From DNS console then How??

Thanks and am waiting earnestlry???

Elvis
0
 

Author Comment

by:ealwali
ID: 10675186
Bye the way i am to do this on my DNS or ISP dns

Thanks in advance

0
 
LVL 8

Expert Comment

by:Emptyone
ID: 10675290
This must be done on you ISP's DNS, I asume you don't have your DNS open to the internet?
0
 

Author Comment

by:ealwali
ID: 10675373
Please give me the steps and the Commands

Thanks again
0
 
LVL 8

Expert Comment

by:Emptyone
ID: 10675421
Are you administering the ISP's DNS through a web tool? If not, then I would recommend that you asked your ISP to set it up for you.
0

Featured Post

Why do Marketing keep bothering you?

Is your marketing department constantly asking for new email signature updates? Are they requesting a different design for every department? Do they need yet another banner added? Don’t let it get you down! There is an easy way to manage all of these requests...

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Junk folder 23 109
How to redirect our OWA exchange 2016 address 3 37
Custom attributes in Exchange 8 37
outlook, MIME 6 6
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now