Solved

SonicWall or Exchange issue- no outbound mail

Posted on 2004-08-04
8
731 Views
Last Modified: 2008-01-09
We swapped out a low budget firewall and installed a new SonicWall today and mail does not seem to be flowing.  As fate would have it, our ISP accidentally changed our MX yesterday so I understand why inbound mail doesn't reach us yet.  However, I can not send mail outbound either.  

From the Exchange 2000 server I can telnet at port 25 to a remote Exchange server ad get SMTP prompt.  Likewise, RDP to the remote server, I can telnet back to our internal Exchange and get SMTP.  If I look in the queues on Exchange, all mail is getting dumped to the "Messages with unreachable destination" queue.  I enabled SMTP logging and enabled diagnostic logging on SMTP, but can't seem to get any more info.

Any suggestions for things to try.  Would DNS present a problem for outbound mail?  I do have SonicWall IPS and email filtering, but they don't show anything SMTP related in the logs.

Thanks for anything,

Steve      
0
Comment
Question by:smeek
  • 4
  • 3
8 Comments
 
LVL 21

Accepted Solution

by:
marc_nivens earned 500 total points
ID: 11719387
Usually when messages go in the unreachable destination queue its because of stale link state data.  Run winroute (from the Exchange CD) and connect to your server.  Look for anything that says object not found in ds.  If you have these, its likely your problem.  Cleaning it up depends on how many servers you have.  If you just have one, reboot it.  If you have many, and you are seeing these symptoms let me know and I'll tell you how to clean it up on multiple servers.

0
 

Expert Comment

by:Thax
ID: 11720129
Quote: "Would DNS present a problem for outbound mail? "

Yes, Exchange 2000 / 2003 use DNS by default to send outbound. The remote Exchange server you Telnet'ed onto: Did you use its IP or its FQDN? Try and telnet to mail.hotmail.com 25 or similar. If that doesn't work but telnetting onto an IP address does, then i'd bet thats your problem.

Does normal internet access work on the new server?

Stephan
0
 
LVL 8

Author Comment

by:smeek
ID: 11720278
Marc- I will try and get a server restart in at the end of the day.  I thought we did a server restart, but turned out the person only restarted services on our single Exchange box.

Thax- I did telnet to the FQDN of one of the remote servers for testing.  I may not have explained well enough, there is not an issue with DNS resolution but rather rather our DNS records presented to external users.  I was just trying to make sure that those records would/would not impact outbound.

Thanks,

Steve
0
 
LVL 21

Expert Comment

by:marc_nivens
ID: 11720315
Before you reboot, be sure and run winroute to check for anything that says object not found in ds.
0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 8

Author Comment

by:smeek
ID: 11720583
I downloaded and ran.

Under the connector, it shows a red X and I see link state down.  See excerpt below.

( 39ea6dbe3336844f8cf583f9d3db84a7 ( CONFIG {4}SMTP {23}_39ea6dbe3336844f8cf583f9d3db84a7_S {b}[10.0.1.20] {57}/o=NAME/ou=First Administrative Group/cn=Configuration/cn=Connections/cn=NAME_SMTP 0 0 0 0 ffffffff ffffffff 0 1 0 () 0 () 0 () 0 ()  ARROWS ( {4}SMTP {1}* 1 ) BH ( 49cf8f9285cd564d8e707326dbbcac93 CONN_NOT_AVAIL {18}NAME.domain.com ) TARGBH () STATE DOWN)))  )

I don't see anything about an object not found.

Can I restart SMTP VS or the SMTP service?

Steve

 
0
 
LVL 21

Expert Comment

by:marc_nivens
ID: 11720708
Ok, this is definitely your problem.  Your only route to the internet is this connector.  Since its in a down state, anything outside your org would go directly to messages with an unreachable destination.  Now what causes an SMTP connector to the internet to enter a down state?  If its using DNS its never supposed to go down.  However, if you are smarthosting (which it sounds like you are) the connector can go down if a socket connection to the smarthost fails.  I would start by changing the smarthost entry to reflect the IP address of the smarthost instead of the FQDN.  Once you make this change it could take a couple of minutes to take effect.  You will know its working when the red x goes away in winroute.
0
 
LVL 8

Author Comment

by:smeek
ID: 11720771
Hmm.

I stopped and restart the VS and Service.  The link state showed as up after a few refreshes.  The queues were still backed up.  The state changed to down after a few minutes.

I am actually not using a Smart Host though the WinRoute called it a connector.  I will hold off any more until I can restart box.

Steve
0
 
LVL 21

Expert Comment

by:marc_nivens
ID: 11721169
But you actually are using a smarthost, the winroute data above says that you are (the entry for 10.0.1.20 is the IP you are smarthosting to, I'm assuming that's the sonicwall machine).  Since you restarted SMTP and the link showed down again within a few minutes, I doubt rebooting would do anything.  Try telnetting to 10.0.1.20 on port 25.  If you cannot get there, thats your problem.  Once that is fixed the connector will come back online.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now