SBS Setup - Email Doesn't work

I've gone through the Internet Connection Wizzard like 4 times and I still can't email to work properly. I'm not sure if its ISA server, DNS or something I'm not doing in the setup correctly or what. :(

1. I've registered a valid domain name e.g., created 2 NS servers with the address of my servers external interface.
2. I've added and to the dns records on the server itself in the '' Forward lookup.
3. I've pointed my domain name using those 2 NS servers.
4. I used that domain name when running the Internet conneciton Wizzard. (
5. I've added an MX record to the forward lookup zone for on the server.
6. I can send email to anyone but they Cannot send email back to me.

I've tried deleting all my DNS servers and only using (localhost)  I"ve tried adding DNS servers of my ISP, etc etc. I've even disable the firewall (ISA Server) and it still doesn't work!

What am I missing?
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Quick question on this statement:

1. I've registered a valid domain name e.g., created 2 NS servers with the address of my servers external interface.

When you say your servers external mean your valid internet IP address right?

****EDITED CONTENT****.  It sounds like it's nothing more than a DNS or port issue.

Matt Ridings
MSR Consulting
It's a simple one...but check to make sure your domain name (as in is spelled correctly in your exchange configuration.
Also, double check you don't have an extra "www" at the beginning of your email domain name.
These were 2 problems I encountered - which were my fault - as configured in the "Configure Email and Internet Connection Wizard"
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
Hosting your own PUBLIC DNS zone file requires that you open port 53 on your router/firewall.  This is a VERY UNDESIRABLE configruation, however, because it will cause a tremendous amount of traffic that you really don't need.

Why have you decided to host your own PUBLIC DNS RECORD?  Generally it's best to leave this to your ISP or Domain Registrar.  Alternatively you can use a service like  But I would NEVER host the SOA (Start of Authority) record on an SBS -- which also means that you are using that domain for your INTERNAL Domain Name... and there's very good reason to NOT do that as well.

I hope that you DON'T open port 53, and that you move the responsibility of the DNS Zone file off of your SBS.  You'll be much happier, and your email will work.... and if it doesn't, check out to find out why.


Cloud Class® Course: Microsoft Azure 2017

Azure has a changed a lot since it was originally introduce by adding new services and features. Do you know everything you need to about Azure? This course will teach you about the Azure App Service, monitoring and application insights, DevOps, and Team Services.

I wasn't worried about his privacy JB, just his security.

I think I must be missing a post here though?  I see all of JB's responses in regards to hosting a public dns on sbs server, but I don't show any posts before that from the asker stating that's what they did?

Didn't know about the email thing, though it would have been nicer if you had just removed the email address instead of my content.

Matrix1000:  Post your domain if you like, I can certainly troubleshoot your dns that way but understand if you don't want to post it.

Since I can't post exact details without it though just insure that you have an external DNS server, with at least one A record pointing at your SBS locations valid internet IP address (i.e. not a invalid internal IP address), and a MX record pointing to that A record for mail.  Depending upon your configuration that could be your router's IP address, or conceivably your SBS servers external NIC address if it is directly connected to your ISP without going through another router.  Make sure your registrar has it's NS records set to point to your external DNS server(s).

Once you've got that set go to and enter your external domain name into the mail test first and run that.  That'll tell you where the rest of the internet thinks its supposed to send your mail.  If that is wrong then run the dns report, and find which sectors of information are wrong or post info back here and we'll straighten it out.  If the mail test points to your correct IP address though then you likely have a port issue at the firewall/ISA level.

Matt Ridings
MSR Consulting
Matrix1000Author Commented:
Thanks for the Help and Information!

I've actually got 4 other businesses on my network (I work at an ISP) that are trying to re-adjust to an IP scheme change that are having the same issue that I am and I'm trying to find out the RIGHT way to set up SBS to send and recieve email.

I followed this tutorial (with a direct broadband connection - with a public ip on the WAN interface)

1. I did not enter any valid DNS servers and later deleted them from the "ServerName > Properties > Fowarders" tab in DNSmgmt because I was told this would complicate DNS resolution internally for some reason.

2. I did enable the Firewall and also 'Enable Internet e-mail' etc..

3. In the 'Email Domain Name' I did enter my domain name in the form of  ''

4. My internal domain is mycompany.local and ended up like ServerNetBiosName1.mycompany.local

Is this the right process then...

1. Follow the procecess outlined in the tutorial ....
2. Register the domain used in the setup with such as ''
3. At Create 2 Name Servers 'NS' such as pointing to my servers public IP address.
4. At point my domain name to those 2 Name Servers. so ''s nameservers are and
5. UHHH Whats next? Is this right?
6. Get my ISP (ME) to add MX records that point to my servers public IP?
7. Do something to ISA server to allow incoming emails

When I look at the applicaton log files I see these when I try to test mail from Gmail to my account at

A non-delivery report with a status code of 5.4.0 was generated for recipient rfc822; (Message-ID <2AE3F12D6CF8344BA1CF0C56D7E1094357A9@myservername1.mycompany.local>).  
Causes: This message indicates a DNS problem or an IP address configuration problem  
Solution: Check the DNS using nslookup or dnsq. Verify the IP address is in IPv4 literal format.
For more information, click

Sorry for being such a noob at this.
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
Are you saying that you're running an ISP off an SBS?

I'm totally lost with your theory of running a PUBLICLY AVAILABLE DNS ZONE FILE on your SBS!!!

Please explain.

So you're seeing the NDR in your *SBS server* log files?  If so that would indicate that it's actually making it to your server just fine (otherwise your server would know nothing about the fact that you sent it an email).

In regards to your setup steps for dns you listed above.  Couple of things to modify:

At godaddy just use *their* dns servers as your NS records in your zone file.  Don't add new nameserver records for your server.  In the zone file for your domain at godaddy add an A record for whatever you are calling 'your_external_servername' with the IP of your sbs server internet ip.  Then add a MX record for your domain that points to that A record.

While running an externally available dns server off of sbs isn't a good idea, the real issue is running *any* microsoft dns server that services both internal and external clients.  You can't turn off recursion in microsoft dns like you can BIND and most other dns servers without turning off forwarders.  But if you leave recursion on then *anyone* can use your dns server as an open dns server.....which means that you'll get denial of service attacks slammed on you via your open dns.  I run multiple win2003 servers for hosting client websites, etc. but we disable recursion on can't do that because you need recursion internally.  And if that wasn't enough reason for you not to use your own external dns on sbs, consider the fact that unless you can get your upstream providers to add you into their root records for reverse dns you won't be able to send email to half the world anyway as they'll reject it (aol, earthlink, etc, and most other large isp's)

Matt Ridings
MSR Consulting

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:

Thanks for straightening that out in a way that makes sense.  I totally agree.

Matrix1000Author Commented:

TechSoEasy, I work at an ISP but we are trying to use SBS for our 'internal' network server and email server for internal use only e.g. support stuff and internal stuff only. We have a dedicated Free BSD server for mail for clients and DNS.

I've decided to wipe my server again tomorrow and start from scratch with the info you guys provided.

Thanks Again!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.