We help IT Professionals succeed at work.

Win2K SMTPSVC event ID 4000 unable to deliver mail directly to the internet

jmckg
jmckg asked
on
1,543 Views
Last Modified: 2008-09-16
OS: Win2k
SP: Sp4 and all patches
IIS: 5.0
SMTPSVC problem
NO Exchange running on this machine(this is sitting in the DMZ just as a relay server)

Most domain fail with event ID 4000 Unable to bind to destination server in DNS. Sometime they go through fine.  Event viewe is full of this message. If I relay it to our ISP it goes fine.  I need to have this box deliver messages directly without having to go through the smart host/ISP.

Definitely not open relay. Only one other server can relay through this in addtion to my machine, which I am using to test.

I have no DNS problem.  I am able to telnet to port 25 to yahoo's mail server just fine.  I am able to telnet to this server from my machine to port 25 and submit a message but, it goes into the queue but, doesn't get delivered.  If I stop and start smtp it may go through.  some e-mails that I submitted yesterday haven't left the queue yet.  I got this notice from the server..  It is still sitting in the queue.

This is an automatically generated Delivery Status Notification.

THIS IS A WARNING MESSAGE ONLY.

YOU DO NOT NEED TO RESEND YOUR MESSAGE.

Delivery to the following recipients has been delayed.

       
Comment
Watch Question

CERTIFIED EXPERT
Top Expert 2013

Commented:
Start here

http://www.eventid.net/display.asp?eventid=4000&eventno=803&source=SMTPSVC&phase=1

I'll look around and see if I find anything else.

Thanks
Mike

Author

Commented:
Thanks Mike,
The binding order of the NICs article caught my attention.  The first one bound is for my smtp.  Has a valid public name in our zone file with our ISP.   So, that is not the problem. The rest do not apply to my case..
I just double checked the firewall rules, I am allowing any outbound connection from this server in the  DMZ.
I forgot to mention that I installed Metadata 2.0 yesterday as part of this trouble shooting.. I have run an etherreal trace.  I am yet to analyze it. I will post the solution if I find it.
Pls. help.

Author

Commented:
I think I fixed the problem.  I am using PIX firewall.  I had quite a few permit statements and then a deny statement to deny any other traffic to the private network and then I had another permit after that allowing any IP traffic out to the internet.

This should work technically but, just in case I specifically added a permit before the deny to allow this server to allow SMTP traffic and it works fantastic.

Before
access-list acl-DMZ permit tcp host 10.100.20.3 host 10.4.20.33 eq smtp (to send e-mail to the private side)
access-list acl-DMZ deny ip 10.100.20.0 255.255.255.0 10.0.0.0 255.0.0.0
access-list acl-DMZ permit ip 10.100.20.0 255.255.255.0 any (I thought this would cover sending e-mail to the public internet)

After:
access-list acl-DMZ permit tcp 10.100.20.3 255.255.255.255 any eq smtp
access-list acl-DMZ deny ip 10.100.20.0 255.255.255.0 10.0.0.0 255.0.0.0
access-list acl-DMZ permit ip 10.100.20.0 255.255.255.0 any (this should have covered to send e-mail out to the internet but, it didn't)

Problem solved.
Thanks

CERTIFIED EXPERT
Top Expert 2013

Commented:
Damn, kick ass troubleshooting, nice owrk man!!

Author

Commented:
I spoke too soon.  The problem is still there.  It just cleared a couple of tests quickly without any events but, it started to do the same thing again.
Help...!!!

Author

Commented:
Here is the perfect solution for this problem. At some point yesterday it did work and I broke it again.  Now, I think I have found a solution.

Under the network properties if you have mydomain.com for append DNS and DNS suffix for this connection then, it is looking for a DNS server (first one listed) to be one of the DNS server from mydomain.com.  For the second and third you can use your ISPs DNS servers.

If I change the order and move the internal DNS server all the way down and only use ISP's DNS server(as 1 and 2)it doesn't like it and comes back with event ID 4000 unable to bind to destination server in DNS.  



CERTIFIED EXPERT
Top Expert 2013
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION

Commented:
Thanks SO much for this solution.  I toiled around quite a bit with checking DNS and using smtpdiag.  Everything would look fine but I would still get these dreaded 'Event ID 4000' errors balking about DNS issues.

I went under Network Properties for the adapter - and simply CLEARED the checkbox under 'Append PARENT suffixes of the primary DNS suffix - and low and behold, it WORKED again finally!

Another thing to note:  I did not have to add a local DNS server - I kept both my ISP's DNS servers in the DNS.  I think this would be more reliable if you have a case like ours where I DO NOT forward on root hints for anything the locals can't resolve (because I don't want local Terminal Server users browsing the internet - i.e. no DNS for them, no internet - cheap and easy solution).

Thanks guys - Kevin
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.