jgrammer42
asked on
Exchange server not responding to SMTP on specific domain
Ok, this is a pretty tricky question I believe. This MAY not be an Exchange problem or issue, and might be a problem with my firewall instead, but I wanted to start here first.
Here is the setup:
Cisco 501 PIX, connecting to BellSouth DSL with statically assigned IP address.
PIX is configured to pass TCP port 25 traffic to inside LAN interface where the MS-Exchange server is located
The MS-Exchange server is on a local domain called, "LOCAL.LAN" and is configured to accept and send email for an Internet domain called, "LOCAL.COM", (true domain name hidden for security reasons).
When any email is sent internally to the MS-EXCH server for any domain or email user ID, email is received just fine. Any email sent from the internal LAN to the Internet is sent outbound without error.
The problem is that any inbound email from the Internet destined for the domain LOCAL.COM, it is never received and the sender never receives an "Undeliverable" email response.
Basically what happens is this:
Jane@local.com can send email to any email on the local.lan AND even the local.com domains as long as she is on the local LAN when she does this.
Jane@local.com can send email to her personal email address of Jane@yahoo.com
However, Jane can NOT send email from her personal email address of Jane@yahoo.com to her Jane@local.com address, and does not get any errors back when she does. The email just goes into the 'ether' somewhere.
Any guesses as to WHERE I might look to fix this problem?
Thank you,
Here is the setup:
Cisco 501 PIX, connecting to BellSouth DSL with statically assigned IP address.
PIX is configured to pass TCP port 25 traffic to inside LAN interface where the MS-Exchange server is located
The MS-Exchange server is on a local domain called, "LOCAL.LAN" and is configured to accept and send email for an Internet domain called, "LOCAL.COM", (true domain name hidden for security reasons).
When any email is sent internally to the MS-EXCH server for any domain or email user ID, email is received just fine. Any email sent from the internal LAN to the Internet is sent outbound without error.
The problem is that any inbound email from the Internet destined for the domain LOCAL.COM, it is never received and the sender never receives an "Undeliverable" email response.
Basically what happens is this:
Jane@local.com can send email to any email on the local.lan AND even the local.com domains as long as she is on the local LAN when she does this.
Jane@local.com can send email to her personal email address of Jane@yahoo.com
However, Jane can NOT send email from her personal email address of Jane@yahoo.com to her Jane@local.com address, and does not get any errors back when she does. The email just goes into the 'ether' somewhere.
Any guesses as to WHERE I might look to fix this problem?
Thank you,
ASKER
Sembee,
I am unsure how to put the domain in dnsreport.com
Under "Diagnostics Logging" where do I set that param?
Thank you,
I am unsure how to put the domain in dnsreport.com
Under "Diagnostics Logging" where do I set that param?
Thank you,
http://www.dnsreport.com/tools/dnsreport.ch?domain=LOCAL.COM
is the sending domain recieving any non delivery reports? those might be useful :)
is the sending domain recieving any non delivery reports? those might be useful :)
Go to http://www.dnsreport.com and enter the domain in the box supplied.
I doubt whether diagnostics logging would show anything. I meant logging on the SMTP VS itself.
ESM, Servers, <your server>, Protocols, SMTP. Right click on the SMTP VS and choose Properties.
Simon.
I doubt whether diagnostics logging would show anything. I meant logging on the SMTP VS itself.
ESM, Servers, <your server>, Protocols, SMTP. Right click on the SMTP VS and choose Properties.
Simon.
ASKER
Output from dnsreports.com is the following:
DNS Report
-------------
ERROR: I could not complete a connection to any of your mailservers!
MAIL.local.com: Timed out [Last data sent: [Did not connect]]
If this is a timeout problem, note that the DNS report only waits about 40 seconds for responses, so your mail may work fine in this case but you will need to use testing tools specifically designed for such situations.
========================== ========== ========== ========== ========== =======
Mail Test
----------
jane@local.com. - www.xxx.yyy.zzz [Could not connect: Could not receive data: Operation timed out.]
[Note that if your mailserver takes over 30 seconds to respond, our test will timeout, even though real mailservers will wait longer]
========================== ========== ========== ========== ========== =======
This is exactly what I am seeing when I try to telnet on port 25 from the Internet.
Any thoughts?
Thank you,
This is the error I am seeing yet the MX record is resolving correcty
DNS Report
-------------
ERROR: I could not complete a connection to any of your mailservers!
MAIL.local.com: Timed out [Last data sent: [Did not connect]]
If this is a timeout problem, note that the DNS report only waits about 40 seconds for responses, so your mail may work fine in this case but you will need to use testing tools specifically designed for such situations.
==========================
Mail Test
----------
jane@local.com. - www.xxx.yyy.zzz [Could not connect: Could not receive data: Operation timed out.]
[Note that if your mailserver takes over 30 seconds to respond, our test will timeout, even though real mailservers will wait longer]
==========================
This is exactly what I am seeing when I try to telnet on port 25 from the Internet.
Any thoughts?
Thank you,
This is the error I am seeing yet the MX record is resolving correcty
you need to do it to your domain, not sub. so just LOCAL.COM, not MAIL.LOCAL.COM
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
northcide,
Sorry, I did just do that for the top level domain. I edited the results out for security reasons, but the error I cut and pasted gave the FQDN of the MX record.
Sorry, I did just do that for the top level domain. I edited the results out for security reasons, but the error I cut and pasted gave the FQDN of the MX record.
ASKER
Sembee,
AH HA! I think you're right about the ISP....I never thought of that.
I will accept your answer, and if I find that they are not blocking it, I will repost my question.
Thanks for stating the obvious that I was overlooking!
AH HA! I think you're right about the ISP....I never thought of that.
I will accept your answer, and if I find that they are not blocking it, I will repost my question.
Thanks for stating the obvious that I was overlooking!
Two things to do.
1. Enable message tracking so that you can see what Exchange is doing with the message (if it gets to Exchange).
2. Put the domain in to dnsreport.com and see what errors it throws back.
Simon.