• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 359
  • Last Modified:

emails not being sent out of my front end server

I implemented an Exchange 2003 front-end server this weekend.  I also have GFI Mail Security and Mail Essentials on it.  At first it was working properly until I changed the local MX record to point to the mail relay instead of the Exchange server.  I'm referring to the local MX record that is returned to users within the perimiter network.  I noticed emails not being sent out once the local MX record was changed.  I went into the DNS panel and changed it back, however, when I do a nslookup, then set type=mx, then I enter in my mail domain, it still returns the IP address of the front end server.  When I look in the DNS panel it shows that the MX record is pointing to the Exchange server, not the front end server.  I even deleted the record and it still appears.  What should I do?  For now, I have Exchange sending emails directly out instead of it forwarding to the front end server.  (the reason I'm forwarding to the front end server is due to GFI Mail Security and Essentials being on it).  Currently the only was I can send mail out is directly through the Exchange server.  When I set the Exchange server to send all mail to the front end server via smart host no emails are sent.  Also, when I do a MX nslookup on my mail domain, the front end server's IP address is returned, even though there is no MX record created.

HELP!
0
gopher_49
Asked:
gopher_49
  • 19
  • 11
  • 2
1 Solution
 
gopher_49Author Commented:
below are the results of the nslookup.......  This record doesn't exist.

C:\WINDOWS\system32>nslookup
Default Server:  drexel_1.drexel.com
Address:  192.168.1.250

> set type=mx
> drexchem.com
Server:  drexel_1.drexel.com
Address:  192.168.1.250

Non-authoritative answer:
drexchem.com    MX preference = 10, mail exchanger = mail.drexchem.com

mail.drexchem.com       internet address = 192.168.1.2
>
0
 
SembeeCommented:
You are doing internal DNS lookups. The Internet will not use those results - they will be using the information that is on your ISP. Furthermore, the MX record information is not used by Exchange to route email information.

If I do an nslookup I get this:

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\>nslookup
Default Server:  server.domain.co.uk
Address:  192.168.1.1

> set type=mx
> drexchem.com
Server:  server.domain.co.uk
Address:  192.168.1.1

Non-authoritative answer:
drexchem.com    MX preference = 10, mail exchanger = mail.drexchem.com

mail.drexchem.com       internet address = 216.37.73.243
>

If you want email to go out via your frontend server, then you will need to use an SMTP Connector to use the frontend server as a smart host. In many deployments the backend server will send all email directly, with inbound email coming in through the frontend server (unless you have a relay machine in the DMZ).

Simon.
0
 
gopher_49Author Commented:
Right now I  have the SMTP Connector using DNS to send emails out directly from the Exchange server, however, I would like to use the option 'Foward all mail through this connector to the following smart host'.  The reason being that I want to forward to my front end server is for the emails to be scanned by my email security software.  Whenever I forward emails to the smart host (front end server) they are never delivered.  
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
gopher_49Author Commented:
The emails go into the 'Messages queued for deferred delivery' que when using the 'send all emails to the smart host' option from my back end server.
0
 
SembeeCommented:
Have you enabled the backend to relay through the frontend? Just because they are in the same Exchange org, doesn't mean that SMTP will let the messages go out.

Personally I don't see the point in scanning outbound email.
Most of the latest viruses don't use an existing email client to send their thing - they will have their own SMTP engine to send directly. A far better method of dealing with possible infections is to block port 25 for the entire network and then allow it just for those machines that need to (Exchange servers). Any infected machine would then show up in the firewall logs very quickly.

Simon.
0
 
gopher_49Author Commented:
Simon,

This is not an option for me.  I must use the frontend server to scan emails that are outbound.  When setting my backend server for forward mail to the smart host, is there extra configuration I must set on the smart host for this to work properly?
0
 
SembeeCommented:
If you haven't set the relay, then the frontend will not allow the backend to relay email through it.

ESM, Servers, <your frontend server>, Protocols, SMTP. Right click on the Default SMTP VS and choose Properties. Click on the tab Access and then relay. Add the internal IP address of your backend Exchange server in to the list, with the option set to "Only the list below".

Simon.
0
 
gopher_49Author Commented:
Smin,

The realy configuration was one of the first things I configured.  Now, I haven't rebooted my Exchange backend server since I've uninstalled GFI Mail Security and Mail Essentials.  Both programs rely alot on SMTP and Exchange.  I plan to do that after hours, however, I really don't this that will fix it.  It's gotta to be something else.
0
 
SembeeCommented:
The only thing I can suggest is to enable Message Tracking and see what Exchange is doing with the messages.

Is the SMTP Connector set to run continuously?

Simon.
0
 
gopher_49Author Commented:
I enabled message tracking.  The message gets transferred to the front end server via SMTP, and then submitted to advanced queuing.  It's then submitted to message to categorizer, then advanced queuing, then queued for local delivery.  (my email gets forwarded to few other users).  It does this about 4 different times.  The end result is that it's delivered to 3 local recipients, however, it never leaves the front end server.  It sits in the 'deferred message que' until I change my SMTP connector to send via DNS instead of the smart host.
0
 
SembeeCommented:
According to Microsoft the main cause of Messages going in the deferred message queue is a message loop or too many hops.

Have you got a smart host configured on the frontend server by any chance?
Any changes made on the frontend server to force email to be delivered to the backend server?

Simon.
0
 
gopher_49Author Commented:
Simon,

At one time I started to enable message to forward to the backend, however, I stopped myself for I remembered that it being a frontend server it would know where to deliver the messages.  I've looked in the advanced outbound connection settings and I do not see anything there.  Where should I check?  I'm pretty sure I checked everywhere else.  That's was seems to be happening.  Messages sent to the frontend server are being sent back to the backend server.  I'm just not sure where else to check for settings that would cause this to happen.
0
 
gopher_49Author Commented:
I have not rebooted the Exchange server since I've made these changes, and uninstalled all of the security apps.  There's been many changes.  It's a shot in the dark, but, I'm going to give it a shot.
0
 
gopher_49Author Commented:
I've rebooted the server and no luck.
0
 
SembeeCommented:
Go through the SMTP Virtual Server configuration on both servers, make sure that there are no smart host configured anywhere.

ESM, Servers, <your server>, Protocols, SMTP. Right click on SMTP VS and choose Properties. Click on the tab Delivery and then Advanced and make sure that the smart host box is blank.

Check both servers.

Remove any SMTP Connectors that you may have for both servers and recreate.

Finally go through the configuration of the GFI products and ensure that you have correctly set those to scan outbound email.

Simon.
0
 
gopher_49Author Commented:
I triple checked and smarthost is not enabled on either server.  I also deleted and re-created the SMTP connector.  I also checked the GFI settings, I even stopped all GFI services and had no luck.  Emails are still being sent to the 'deffered' que.  I do have some mail forwarding rule in GFI Mail Essentials that forward outbound emails to specified email addresses, however, I've disbaled those rules and still no luck.
0
 
gopher_49Author Commented:
I'm taking the front-end server out of front-end mode for troubleshooting.  It's rebooting right now.
0
 
gopher_49Author Commented:
I took it out of front end mode and no luck.  I placed it back into front end mode.  Now, this server is also a RPC proxy server.  I don't see how this should make a difference.  I've set the default RPC Proxy server ports to drexel_3 within it's registry, should it be drexel_2?  (drexel_2 is the name of the front end server), or, should none of that make a difference?
0
 
gopher_49Author Commented:
On my backend server I set the local bridgehead to the SMTP virutal server on my front-end server.  Emails are now being delivered through my front-end server.  Is this a bad configuration?  What are your thoughts on this?  It seems a little odd.
0
 
SembeeCommented:
Being an RPC Proxy server would make no difference to the flow of email as they are different protocols, so you can skip that.

If the email goes out straight, it has to be something with the frontend server. If the relaying settings are correct, then that does tend to point towards the GFI software.

Disabling Exchange integrated applications is often not enough to stop them causing problems with email message flow. You will have to remove it to prove that it doesn't cause the problem.

Simon.
0
 
gopher_49Author Commented:
I completely stopped and disabled all GFI software.  My next step will be to uninstall it, however, I set my local bridgehead to use the front end's SMTP vir server instead of the Exchange virutal server.  All emails are now being sent through the front end server.  

When the back end server is sending an email, Is it bad to use a local bridgehead aside from the back end's virtual smtp server?  I'm using the front end's vir SMTP server to send mail for the backend server.
0
 
SembeeCommented:
Are you sure that the messages are going out via the frontend server?
Do you actually see them go through?

Without an SMTP Connector Exchange will attempt to deliver the email messages directly using the MX records that it finds on the Internet. It doesn't need an SMTP Connector to send email.

Simon
0
 
gopher_49Author Commented:
I have an SMTP Connector.  The SMTP Connector is configured to send on the local bridgehead via the front end server's virtual SMTP server.  Emails are being sent through the front end server for I see them in GFI's realtime monitor.  Also, I have outbound rules that forward emails based on the recipient and the sender.  Those rules are being applied.  I'm not sure how stable this configration is, however, it's working.  This weekend I plan to uninstall all GFI products and see if the smarthost configuration works.  Until then, this will do.  I copied over my settings from my backend sever to my new server for GFI Essentials.  I'm thinking that maybe something in that configuration has caused issues when running via the smarthost configuration.  The thing is, the smarthost configuration doesn't work even when all of the GFI services are stopped.

It's working for now though.  We'll see what happens this weekend when I get a chance to uninstall all of the GFI products.  I'll make sure to accept your comments for they were all good and extremely helpful.
0
 
SembeeCommented:
I am not entirely sure what you have done.
However I cannot see any reason why what you have done will not be stable, as you have used an SMTP Connector. If you had achieved the same result another way (such as hacking the routing tables for example) then it would be of concern.

Do you have any routing groups configured? If so are both servers in the same routing group?

Simon.
0
 
gopher_49Author Commented:
I have not configure routing groups at all.  The only change I made is my going to ESM>Connector>smtp Connector (the one I created)>Properties>General - now on the bottom of the General page there is a section called local bridgeheads.  I removed the backend server Virutal SMTP server, and added the frontend server's SMTP Virutal server.  This uses the frontend server's SMTP Virtual server as the local bridgehead.  Emails sent from the backend server will get sent to the SMTP server on the frontend server.  
0
 
SembeeCommented:
You probably have a routing group and don't know it. They are hidden from ESM by default.

If you start up ESM, right click on the top Organisation Name and choose Properties. There will be an option "Display Routing Groups". Enable it and the options with ESM change to add in Routing Groups.

The default one is usually called "First Routing Group" (imaginative naming from Microsoft). There will be two further options below that - Connectors (which should contain just your SMTP Connector) and Members.
Both of your Exchange servers should be listed as members, with the backend probably the master.

If that is the case, then that may explain why the SMTP Connector is working.

Simon.
0
 
gopher_49Author Commented:
I see both servers as members.  The backend server is the master.  Do you think it's ok to use my current configuration?  I'm using the frontend's virtual smtp server as the local bridgehead in the SMTP connector.
0
 
SembeeCommented:
The routing groups sounds fine.
I am just going to test it. I don't have access to an FE/BE at the moment, so I am building one in VMWARE. Should be able to test in about an hour.

Simon.
0
 
gopher_49Author Commented:
This weekend I'll be implementing the changes.  At the point I'll close the thread.  If that's ok...
0
 
VenabiliCommented:
Sure.... just make sure you post back after the weekend
0
 
VenabiliCommented:
Any update here?
0
 
gopher_49Author Commented:
The above configuration worked perfectly.

thanks.
0

Featured Post

[Webinar] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

  • 19
  • 11
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now