Incoming and outgoing mails stuck in smtp queues

Which version of Exchange?
And what exactly did you do to close the open relay? If it is Exchange 200x then it is relay secure out of the box and doesn't actually require anything to be changed.

I would also go to dnsreport.com and enter your domain name and see if that flags any errors.

Simon.

Thanks for the quick response - Exchange 2000. (Running SBS 2000). I've done the dnsreport thing and it's looking ok. To be honest I've forgotten the steps I followed to close the relay. It was late into the night last night. I followed steps I found either on a post here or on theMS support site. The relay restrictions under the default smtp virtual server are:
allow all except the list below, (which is blank)
and
allow all computers which successfully authenticate... is ticked.

under connection it also
allow all except the list below, (which is blank)
 
and under authentication everything is ticked, and there's no entry in the TLS default domain box

One of those settings is actually leaving you as an open relay.

Change "All except the list below" to "Only the list below" and leave the list blank.

If you don't have any users connecting to your server to send email via SMTP (Outlook Express etc) then you can disable the computers which authenticate as well. This does NOT affect users connecting with Outlook to Exchange.

Authentication is OK.

Are you using an SMTP Connector to send email? You only need a connector for outbound email - it doesn't affect inbound at all.
If you select one of the messages in the queues what does the reason code say?

It might be that your ISP has stopped you from sending email because you are open...

Simon.

When I change relay setting as you described, (only the list below and blank) the computers connecting setting my incoming test mail from a yahoo account was returned with...  (I've x'd out the personal details)
Hi. This is the qmail-send program at yahoo.com.
I'm afraid I wasn't able to deliver your message to the following
addresses.
This is a permanent error; I've given up. Sorry it didn't work out.

<xxxx@xxxxx.ie>:
xx.xx.xx.xx does not like recipient.
Remote host said: 550 5.7.1 Unable to relay for xxxx@xxxx.ie
Giving up on xx.xxx.xxx.xx.

Presuming that the IP address that you have hashed out is your valid address, that sounds like it is Exchange or something else in front of Exchange not knowing it is responsible for the domain. Have you verified that the IP address on the MX records is correct?

Make sure that you aren't confusing relay control with connection control. On the connection tab it should be "All accept the list below".

Simon.

Nope. Definitely under relay - Relay Restrictions settings seem to need to be set to "All Except the list below" which is blank. I've unticked "Allow all computers which successfully authenticate to relay" as we're using outlook.
Under the connections tab we have all except the list below too, and it's also blank.
The Ip address on the mx records must be ok because the mails are now arriving as far as the server and sitting there. The problem is getting them from there to the user mailboxes.
Getting desperate

Which queue are they sitting in?

Simon.

incoming mails are all sitting in a queue called the same as the domain name, (without the mail. prefix. Outgoing mails are in a queue for yahoo.com, (there's only 2 mails there because that's allt hat I've sent to test)

That's odd. You shouldn't have a queue with that name. That means Exchange doesn't know it is responsible for that domain and is trying to send the messages out. Except they cannot get out.
Need to fix the inbound stuff first, because I suspect that if you fix outbound all that email in the queues will go back out and cause a loop.

Have you rebooted the server? If not, do so. Don't do anything else other than a simple reboot. If any errors are flagged, post back. Need the full content of the error message - error number, service text etc.

Simon.

Server's been rebooted a few times and it's coming back fine. The av software was out of date so I've checked and found a few viruses there. Netsky.p and melissa both showed up using panda's online scan. They're removed, but is it possible they changed/screwed up some settings?

I am starting to think that something has got screwed up. SMTP or IIS in general.
Have you check your Recipient Update Polices to ensure the domain is listed?
Anything in the event logs?

Simon.

Where do I check the recipient update policies? Event logs were showing up a load of WMI-related errors, which are cleared up now. There's also a load of perflib 1010 errors showing up. There was a problem with print spooler too which is now resolved. Perflib errors still there though. Got a hotfix from M/S which didn't resolve. Based on that mess, it's pretty likely that smtp/iis/something else got fubar'd. I'm reluctant to start re-installing though, because it sounds like it should be a pretty straight forward thing. Or am I underestimating exchange?

Recipient Polices - ESM, Recipients, Recipient Update Services. Right click on the default policy and choose Properties. Click on the "Email Addresses (policy)" tab. Your domain should be listed in the @domain.com format.

If it is IIS then this is the article that you need to refer to: http://support.microsoft.com/default.aspx?kbid=320202

Follow it VERY carefully. It is one of those things that if you aren't 100% sure then you will have to speak to MS.

Simon.

Thanks for the help Simon. I had a look at those articles, and they seem fairly straight forward so I'll give that a shot at lunch time and let you know how it goes. Even if it turns out that the recipient policy sorts it I'm inclined to think a re-install makes more sense, because we have no idea how it got changed anyway. It's a small office and no-one there would go near the server. I'm only in very occassionally, and I didn't go near there. Hopefully I'll be psoting in about 4 hours with a success story. Fingers crossed

Ok so, the re-install is complete, (with one or two hairy moments but we won't go into that.) What I have now is my list of queues, the first one being the domain (local delivery in brackets) which is empty with a little green arrow. Next is messages awaiting directory lookup, with the same arrow, and then messages waiting to be routed, also with the arrow. All three of these directories are empty. After that are a load of remote delivery domains, all of which have mails and are either in active or retry status. Almost all the mails in these folders have a sender of either postmaster@XXX where xxx is my domain, or a sender of <>. Are these all outgoing mails, and should any incoming mails be in the first three folders, (or rather the second and third folders, assuming the first is for mails sent from internal to internal users.) Or am I way off the mark? I've now changed the setting on relay to only the list below and blank, and mails aren't bouncing back when I send them from yahoo. Problem is they're not actually arriving either.

PS event log now showing the following - (I've yyy'd out the domain name but it is one from an outgoing mail)
Message delivery to the remote domain yyyyyy.com' failed for the following reason: The remote server did not respond to a connection attempt.

Messages from postmaster@ or <> are bounced messages - aka NDR messages.

You need to some tests to see whether you can actually send and receive SMTP traffic.

For receiving, go to dnsreport.com and enter your domain name as before. See if it can actually connect.

For sending, find out the address of your ISPs SMTP server.
Then on the server itself go in to a command prompt and enter the following text:

telnet smtp.isp.net 25
Where smtp.isp.net is the address of your ISPs SMTP server. You should get a response back. If you don't - and the command window just sits there then the SMTP traffic isn't getting out of your network.

Have any of the messages that you have sent in bounced back yet?

Simon.

no bouncebacks yet. dnsreport shows no MX record but finds an a record.
When dnsreport tries to connect to a specific address it gets...
[Could not connect: Got an unknown RCPT TO response: 550 5.7.1 Unable to relay for postmaster@

I can telnet to my isp's server ok.
 
I can also telnet to my server by server name, (This is from the server itself, it doesn't allow me to telnet to the domain name or to the ip address the domain name resolved to). When I do that though, the ehlo give a good response, ending in 250 OK. Mail from:me@yahoo.com looks ok but the `rcpt to:postmaster@xxx.xx' give me a message saying 550 5.7.1 Unable to relay for postmaster@xxx.xx

Lack of MX record isn't good. While some hosts will use the A host record, it isn't a recommended configuration. You need to get that fixed. That is probably stopping the email coming in.

Do you have postmaster@ attached to something?

Simon.

I actually did it to a valid internal account, (instead of postmaster), and got the above result. Should I delete and recreate the smtp connector?

I just restated the default smtp virtual server and re-enabled the queues, and now each of the domains listed is prefixed with the name of the smtp connector, and suffixed by (SMTP Connector - Remote Delivery). I'm wondering is there a problem with the connector. Also, I just noticed that one of those queues has two mails in it, with neither the sender or the receiver belonging to this domain. I think therefore they're spam;)
There are only two messages in the file system under mailroot\vs1\queue, so I'm wondering if I can delete them/that queue, and if I do will it free things up.
Grasping at straws???

What does the SMTP Connector do? Is it to send the email through another server (your ISP?). If not then remove it - Exchange doesn't need it, it is quite capable of delivering email on its own.

Simon.

Deleted the connector. Also deleted those spam messages in exchange, (they're gone from the queue folder in mailroot\vs1 too.
Still not sending out any mails though.

What else is on this machine? Anything that could be interfering with the SMTP traffic? AV, Antispam, anything like that?
What do the queues say is the error? Can you try another domain - not Yahoo? Something that isn't likely to have a high level of spam filters on it?

It looks like it might be coming down to one of two solutions.

1. Call MS.
2. If possible, build another machine, migrate everything out to that machine (email, public folders etc), then remove the original server, wipe and rebuild. Then swing everything back. If you decide to go that route then there are some precautions to take to ensure that everything works ok.

Simon.

I was just considering option 2 there. There's some weird sh!t going down here. I've removed any viruses & spyware, (including some v.nasty porn that took over my homepage), got the AV s/w running properly, and now I realise that my print spooler has been renamed as Internet Access Control. Don't know how all this happenned but it's a bit of a mess. I think Exchange just highlighted it beacuse it's the highest impact. These guys have had no mail for a week but I think I'm going to leave it for now and start from scratch tomorrow. Thanks for all the help Simon, I really appreciate it. If I get to the bottom of it I'll let you know

Just realised I never posted the solution here. After much heartache and agony, I eventually restored the registry from a system state backup. That sorted out the print issues straight away, and then I did a re-install of IIS and Exchange. The exchange re-install failed suggesting that outlook had been installed on the pc and that the mapi32.dll was the outlook version. Eventually restored that from the same backup as the system state and reinstalled ok. Problem was down to corrupt registry and various config files being corrupt./