?
Solved

Unable to receive email from Internet client on Exchange Server 2003

Posted on 2005-04-19
9
Medium Priority
?
384 Views
Last Modified: 2012-08-14
 
 i am very new in Exchange my company gave me a project to run Email
 system to be accessable from any side of the especially for MD  i have
 been trying to do by many ways but no charm here is the details of my
 network;
 
 1.      Windows 2003 server ENT + Exchange 2003 + Win DNS        server name
         x1.mydomain.net         ip 192.168.x.xx
          this have only 1 NIC
 
 2.    Windows 2003 Server Ent + Wingate Proxy NAT enable            "   "   
 "                x2.mydomain.net        IP 192.168.x.x
         DSL 256k connection with public IP                          
                                           
                               ip  62.150.xxx.xx
 
 3.    mydomain.net is registered with domain host company                  
                                           
           ip  65.19.xxx.xx
 
 I added my x1 server as mx on hositng co DNS Settings and DSL info but
 no charm
 
 i can not receive mail from outside but sending and local email system
 is working perfectly no error at all.
 
 Please Help
 
 
 

0
Comment
Question by:miroofi
  • 5
  • 4
9 Comments
 
LVL 104

Expert Comment

by:Sembee
ID: 13814694
This seems like you have two issues:

1. Receiving external email.
2. Allowing access to Exchange from outside.

For receiving email from outside, the problem appears to be your network infrastructure and domain settings.  

Your MX record needs to point at a host that is external to the Internet. In this scenario this appears to be "x2". Yet you have configured your MX records to point at "x1". Does this machine have an external IP address?
If not, then you need to change the MX to point at the device that does have an external IP address, then configure port forwarding to forward port 25 to the Exchange server.

However personally I would consider a redesign of your infrastructure.

Drop the proxy server as the default gateway to the Internet and put a Router/Firewall in between the network and the Internet.
Depending on what sort of budget is available to you would depend on what you could use, but even a cheap Linksys device would o the job, although if there is budget something like a small Cisco PIX or Netscreen would be a better choice.
Then configure that device to forward traffic on port 25 (SMTP) to your Exchange server.
This will make traffic management much easier.

For the second issue, you have a number of choices.

1. VPN - the traditional choice. Will allow external users to use all of Exchange/Outlook and access other network resources inside. Will run on most Windows OS.
2. IMAP - another popular choice - but only allows access to email.
3. POP3 - as IMAP, although has its drawbacks in that it is too easy to pull email off the server.
4. OWA - Outlook Web Access - read your email with any standard web browser. Nothing to stop you from implementing this as well as any other solution you might use as it makes a good fall back or something that an external user can use from any machine.

5. RPC over HTTPS. If you have the infrastructure to support it (Windows 2003 Server, Exchange 2003, in a Windows 2003 mixed domain or higher, plus Windows XP SP2 and Outlook 2003 on the clients), then this is the best choice after VPN. The full feature set of Outlook is available to you, but without the need for VPN. Setup can be problematic, but there are lots of articles on this site and others about how to do it.

Simon.
Exchange MVP.
0
 

Author Comment

by:miroofi
ID: 13815707
Dear Simon,

Thanks for reply, the section of port forwarding from x2 to x1 is already done, and i already added my mx of x2 on hosting co. DNS setting. I read a huge amount of articles but still no success in this regard. Oh one thing I forget to tell that my DSL having dynamic IP but current ip which we have its more than 5 month old means no line drop such a long time. i asked the service provider about this issue they sain we did not mak any restriction to run any kind of servers you have.

After this thing start working I will go for the router but meanwhile i have to run through this way.

one more thing: my local domain is "mydomain.net" and my registered domain is also the same.  does it make any difference.

regards,


Imran
0
 
LVL 104

Expert Comment

by:Sembee
ID: 13815939
Having the same domain for the Windows domain and email domain is not a problem.

Have you tested your port forwarding?

Go to dnsreport.com and enter your domain name. This will run a series of tests which include connecting to your Exchange server.

Although you have a semi-static IP address, you cannot guarantee that it will stay the same forever, and DNS changes can take 48 hours to replicate. Therefore you may want to look at using a dynamic DNS service to ensure that any IP changes are replicated quickly.

http://www.amset.info/exchange/dynamicip.asp

Simon.
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 

Author Comment

by:miroofi
ID: 13825139
Dear Simon,

1 issue is solved, i received email from any client out side world (internet).
The problem is that i entered x2.mydomain.net in mx record, i delete x2 only and i start receiving email from Internet including all of my local users received it.

issue 2:  i think it is also some DNS issue

A records
~~~~~~

mydomain.net 86400 IN A 65.19.xxx.xx  
*.mubarakia.net 86400 IN A 65.19.xxx.xx  
x2.mydomain.net 86400 IN A 62.150.xx.xx  

MX records
~~~~~~~
mydomain.net   IN MX 10 62.150.xx.xx
   
CNAME records
~~~~~~~~~~

mail.mydomain.net 86400 IN CNAME x2.mydomain.net  
pop.mydomain.net 86400 IN CNAME mydomain.net  

These are the current DNS settings on hosting company DNS server.

How my users can access their mail boxes through browsers, and email clients.

best regards,


Imran






0
 
LVL 104

Accepted Solution

by:
Sembee earned 375 total points
ID: 13827918
Your MX record isn't valid.

mydomain.net   IN MX 10 62.150.xx.xx

An MX record cannot be an IP address. it must be a host. While this will not be a problem for some servers, it is very bad practise and you should resolve it. The DNS report should have told you that.

Change the MX to mail.domain.com and email should flow correctly.
Change the POP record as well to mail.domain.com - using just domain.com is also poor practise and can cause problems.

For web browser access, use OWA. This is configured automatically but should be secured by an SSL certificate. A StarterSSL from RapidSSL will be fine. They have a whitepaper on their web site about how to request and install a certificate.
Get the certificate in the name of mail.domain.com - this gives the users a nice easy name to remember.

Once installed, open port 443 (https) through your firewall and point it at your Exchange server.

For email clients you have the choices that I have already outlined.

Simon.
Exchange MVP.
0
 

Author Comment

by:miroofi
ID: 13831795
i did it as you said and i recive email without any porblem from out side (internet) but my users uable to retrive their emails from internet (out side of local network).
what to do?

new changes in DNS like this
A records
~~~~~~

mydomain.net 86400 IN A 65.19.xxx.xx  
*.mubarakia.net 86400 IN A 65.19.xxx.xx  
x2.mydomain.net 86400 IN A 62.150.xx.xx  

MX records
~~~~~~~
mydomain.net   IN MX 10    x2.mydomain.net

CNAME records
~~~~~~~~~~
mail.mydomain.net 86400 IN CNAME x2.mydomain.net  

i already done the procedure for ssl and it is working fine.

when i did check on dnsreport.com i have 2 errors and i don't know how to solve them.

ERROR 1:
======
The IP of one or more of your mail server(s) have no reverse DNS (PTR) entries (if you see "Timeout" below, it may mean that your DNS servers did not respond fast enough). RFC1912 2.1 says you should have a reverse DNS for all your mail servers. It is strongly urged that you have them, as many mailservers will not accept mail from mailservers with no reverse DNS entry. You can double-check using the 'Reverse DNS Lookup' tool at the DNSstuff site (it contacts your servers in real time; the reverse DNS lookups in the DNS report use our local caching DNS server). The problem MX records are:
xx.xx.150.62.in-addr.arpa [No reverse DNS entry (rcode: 3 ancount: 0)

ERROR 2:
======
WARNING: One or more of your mailservers appears to be an open relay. If so, this means that you are allowing spammers to freely use the mailserver to send out spam! It is possible that your mailserver accepts all E-mail and later bounces it, or accepts the relay attempt and then deletes the E-mail, but this is not common.
WARNING: x2.mydomain.net appears to be an open relay: 250 2.1.5 Not.abuse.see.www.DNSreport.com.from.IP.62.150.xx.xx@DNSreport.com

Thanks for all cooperation Simon


regards,



imran
0
 
LVL 104

Expert Comment

by:Sembee
ID: 13832981
The reverse DNS is something that your ISP needs to fix. This is not something that you can resolve yourself. You will need to speak to them and ask them to set it for you.

The open relay is more of a concern. Exchange 2003 is relay secure by default, so you must have changed something to open it up.

There are two common ways this is done.

1. An SMTP Connector is created and the "Allow relaying to these domains" option is enabled.
2. On the SMTP VS you have changed the relaying options, either to allow anyone to relay, or for a subnet to relay and have included your full subnet in the list. You need to change that option.

As for your users being unable to retrieve email from outside of the network - how exactly are you trying to do that?

Simon.
0
 

Author Comment

by:miroofi
ID: 13834117

The way i am using to retrieve email from outside network.

i am using the following settings:

pop3: mail.mydomain.net
smtp: x1.mydomain.net

rest is default,

simon, all your help is very usefull and you deserve these points.
i am in hurry see you after 2 days.


Imran
0
 
LVL 104

Expert Comment

by:Sembee
ID: 13842081
Why don't you just use the same entries for both POP3 and SMTP. If they resolve to the correct external IP address then you should be fine.

Make sure that you have port 110 pointing to the Exchange server as well, and that the POP3 server service is running on the Exchange server.

You can also do a telnet test to the Exchange server from outside to see whether it is name resolution or something else blocking the traffic.

telnet mail.domain.com 110

or

telnet 123.123.123.123 110

where 123.123.123.123 is the external facing IP address you want to connect to.

Simon.
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Want to know how to use Exchange Server Eseutil command? Go through this article as it gives you the know-how.
Exchange administrators are always vigilant about Exchange crashes and disasters that are possible any time. It is quite essential to identify the symptoms of a possible Exchange issue and be prepared with a proper recovery plan. There are multiple…
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
Suggested Courses
Course of the Month14 days, 13 hours left to enroll

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question