Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 523
  • Last Modified:

SBS 2003 SP1, port 25 closed so no incoming mail

Hello

Installed a SBS2003 SP1 server today with Exchange.

My router forwards port 25 traffic to the server but the server's port 25 is closed - i'm damned if I can get it open.

I "think" it's security policy, but am really a bit lost.

Maximum points for instructions on how to open the port (preferably in English!), my neck is on the line here

hope you can help
0
ubiquitas
Asked:
ubiquitas
  • 5
  • 3
  • 3
  • +2
1 Solution
 
ZadkinCommented:
You tried to run the CEICW already?
0
 
ZadkinCommented:
In English: Configure Email and Internet Connection Wizzard (CEICW) under Server Management - Internet - Connect to Internet
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
Running the CEICW would be the first thing to do... see http://sbsurl.com/ceicw for the overview.

If you have a TWO NIC configuration, please see http://sbsurl.com/twonics to make sure you have configured things properly.  If you have a single NIC, you can review the options at http://sbsurl.com/msicw.

But I would wonder why you think the "SERVER" has port 25 blocked?  How are you testing this?

My guess is that the ISP has it blocked because that's a very common occurance.  Usually if you have a static IP you either need to contact the ISP to unblock or they provide a way to manually unblock in their control panel.

Jeff
TechSoEasy
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
ubiquitasAuthor Commented:
i've run the CEICW, i can send mail / access internet just fine

port 25 is NOT blocked by the ISP

the router is configured to redirect 25 traffic to the server ip

port being blocked on the server was the only other thing i could imagine would stop me connecting.

I can telnet into the server from the LAN, but not from the internet

does that help you or me at all ?
0
 
Exchange_AdminCommented:
"I can telnet into the server from the LAN, but not from the internet"

This leads me to think that the router is not forwarding port 25 correctly.
0
 
myfootsmellsCommented:
Are you using the basic firewall provided by "routing and remote access" in SBS?  If you are, you need to open the Routing and Remote Access snap-in.  Then expand your servername.  Expand IP Routing > Expand IP Routing > Click NAT/Basic Firewall > Right Click Server Local Area Connection > Properties.  Click on Services and Ports tab > Make sure Internet Mail Server (SMTP) is checked.  Make sure the Private address is pointed to the e-mail server.
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
You should NOT have to modify the RRAS settings AT ALL if the CEICW is run correctly.  The only thing that may cause a problem is if the binding order or the IP Address Configuration isn't correct.

The binding order only applies if you have two nics...

can you please post an IPCONFIG /ALL from your server?

Thanks.

Jeff
TechSoEasy
0
 
myfootsmellsCommented:
you're right he shouldnt, but it never hurts to double check right?
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
Also, what is the make/model of your Router?  Some routers require TWO settings to open ports... one is a pointer and the other opens the port on the firewall.

Jeff
TechSoEasy
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
As for double checking... actually it CAN hurt if you correct the problem at that level.  The CEICW will put these things in the right place... and usually someone who isn't intimately familiar with RRAS settings would do more harm than good by changing ANY of them...  IMHO.

If there is something wrong with those settings, either someone has gone in and manually changed them, or there are far more issues than just the right IP Address pointing to SMTP.  This can usually be detected by reviewing the IPCONFIG /ALL and correcting any problems there.  Because if you correct it at the RRAS level, when the problem actually exists 3 or 4 levels up the chain, you will be missing a lot of things that are also wrong.

Jeff
TechSoEasy
0
 
ubiquitasAuthor Commented:
ok, the router is definitly configured OK - I know this for a fact

IP config..

hostname - csiserv
primary dns suffix - csi.local
node type - hybrid
ip routing enabled - no
wins proxy enabled - no
dns suufix search - csi.local

LAN Connection

DHCP enabled - no
ip address - 10.0.0.9
subnet - 255.255.255.0
default gateway - 10.0.0.252 (that's the router!)
dns servers - 10.0.0.9
wins server - 10.0.0.9
0
 
myfootsmellsCommented:
everything looks good IMHO what do you think Jeff?

ubiquitas -- how do you know that for a fact?  i'm assuming when you mean you can telnet from the LAN is that you've tried it from other PCs on the LAN right?  i would triple check that the correct port is being forwarded to that server.  also when you try telnet'ing in from the outside are you telneting to ur MX record IP address or domain?

0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
Unfortunately this is not a complete IPCONFIG /ALL and therefore I am unable to assess whether there is a problem or not.  While there is nothing in an IPCONFIG that would compromise security, you may want to slightly edit it for privacy purposes.  If you choose to do that, please only replace the last two octets of a Public IP Address with ***.*** and the first part of the domain name can be replaced with *******.  Then to copy the text right click on the upper left corner of the CMD window for edit options.

I would still ask that you provide the make/model of the router along with it's Firmware Version if you want a true 3rd party opinion of your situation.

Jeff
TechSoEasy
0
 
ubiquitasAuthor Commented:
solution found - we have 2 routers and the wrong router had been entered in the CEICW - thanks all :)
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 5
  • 3
  • 3
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now