Having problems with outgoing mail utilizing alternate port smtp with no-ip.com
I am running a test lab in my home. I have an ISA server 2004 running as a edge firewall with three network adapters. one on 192.168.0.0, one on 192.168.1.0 and one with a static public IP address (external). In the 192.168.1.0 network i am running a windows 2003 ADI domain network with an exchange server loaded on a box which is also a DC. My ISP (Bellsouth) blocks SMTP port 25 for incoming and outgoing mail. I have setup my exchange to utilize a mail reflector from NO-IP.com and alternate SMTP port. I have established a mail server publishing rule on the isa box which redirects my incoming smtp traffic from NO-IP.com correctly and I have also configured the appropriate access rules to allow the smtp outgoing traffic thru my ISA box.
my problem.
I can recieve incoming traffic and send / receive traffic internally without a problem. My issues are when sending traffic externally. When i had my exchange server setup just using the default smtp connector, the messages would just be stuck in the queue and i would see the note (specifiy an auth failure). I since setup an SMTP connector and now am receiving a (connection was dropped by the romote host). What is really confusing is that if i access my exchange server via OWA mail i can send without a problem. I have reviewed my isa logs and as far as i can tell ISA is allowing the outgoing connection.
thanks in advance for the help.
Izzy
my problem.
I can recieve incoming traffic and send / receive traffic internally without a problem. My issues are when sending traffic externally. When i had my exchange server setup just using the default smtp connector, the messages would just be stuck in the queue and i would see the note (specifiy an auth failure). I since setup an SMTP connector and now am receiving a (connection was dropped by the romote host). What is really confusing is that if i access my exchange server via OWA mail i can send without a problem. I have reviewed my isa logs and as far as i can tell ISA is allowing the outgoing connection.
thanks in advance for the help.
Izzy
ASKER
I completed the telnet test and these were the responses. I OK's were slightly different than the response the telnet-test.asp said i would get. The one clear difference is the send test at the bottom of the posting. It didn't give me a sent response but a queued. I assume the email should com to the last email account i tested? I have not received anything in the form of an email to hotmail from the test as of yet.
220 smtp-auth.no-ip.com ESMTP
ehlo socso.southcom.mil
250-smtp-auth.no-ip.com
250-PIPELINING
250-SIZE 33554432
250-ETRN
250-STARTTLS
250-AUTH LOGIN PLAIN CRAM-MD5
250-AUTH=LOGIN PLAIN CRAM-MD5
250 8BITMIME
mail from:antai@socso.southcom.
250 Ok
ehlo aol.com
250-smtp-auth.no-ip.com
250-PIPELINING
250-SIZE 33554432
250-ETRN
250-STARTTLS
250-AUTH LOGIN PLAIN CRAM-MD5
250-AUTH=LOGIN PLAIN CRAM-MD5
250 8BITMIME
mail from:MissJ521@aol.com
250 Ok
ehlo aol.com
250-smtp-auth.no-ip.com
250-PIPELINING
250-SIZE 33554432
250-ETRN
250-STARTTLS
250-AUTH LOGIN PLAIN CRAM-MD5
250-AUTH=LOGIN PLAIN CRAM-MD5
250 8BITMIME
mail from:MissJ521@aol.com
250 Ok
rcpt to:antai@affordable-comput
250 Ok
250 Ok
data
354 End data with <CR><LF>.<CR><LF>
subject: test message
this is a second test sent via telnet
.
250 Ok: queued as 2D9B542AE0
thanks
220 smtp-auth.no-ip.com ESMTP
ehlo socso.southcom.mil
250-smtp-auth.no-ip.com
250-PIPELINING
250-SIZE 33554432
250-ETRN
250-STARTTLS
250-AUTH LOGIN PLAIN CRAM-MD5
250-AUTH=LOGIN PLAIN CRAM-MD5
250 8BITMIME
mail from:antai@socso.southcom.
250 Ok
ehlo aol.com
250-smtp-auth.no-ip.com
250-PIPELINING
250-SIZE 33554432
250-ETRN
250-STARTTLS
250-AUTH LOGIN PLAIN CRAM-MD5
250-AUTH=LOGIN PLAIN CRAM-MD5
250 8BITMIME
mail from:MissJ521@aol.com
250 Ok
ehlo aol.com
250-smtp-auth.no-ip.com
250-PIPELINING
250-SIZE 33554432
250-ETRN
250-STARTTLS
250-AUTH LOGIN PLAIN CRAM-MD5
250-AUTH=LOGIN PLAIN CRAM-MD5
250 8BITMIME
mail from:MissJ521@aol.com
250 Ok
rcpt to:antai@affordable-comput
250 Ok
250 Ok
data
354 End data with <CR><LF>.<CR><LF>
subject: test message
this is a second test sent via telnet
.
250 Ok: queued as 2D9B542AE0
thanks
The queued message is normal. You are directly connecting to the server, so the message is now queued for delivery by their server. Did you receive a message? That is key.
Simon.
Simon.
ASKER
Yes i did receive the message
That was from the Exchange server and the traffic went through the ISA?
Can you bypass the ISA as a test?
What method are you using for the port change? Have you used the ISA to port translate, or have you changed Exchange to use another port number?
Simon.
Can you bypass the ISA as a test?
What method are you using for the port change? Have you used the ISA to port translate, or have you changed Exchange to use another port number?
Simon.
ASKER
I logged on as the administrator to the XP machine which is part of the domain. The email is in the inbox administrators email inbox. It shows it as from: "Grace MissJ521"@aol.com
To: undisclosed-recipients
I think I miss understood when reading the prior posting because I conducted the telnet test from another computer that was not the exchange server.
As far as I could tell the test went through my ISA 2004 box and out to no-ip.com relay server.
The way I set it up is as follows:
Incoming: I first set the service up with no ip and selected an alternate SMTP port to receive email from. I then went to the exchange server, opened Exchange system manager and navigated to the default SMTP Virtual Server Properties. I then click on the advanced tab and edited the ip address and port to reflect the port number I setup as the incoming port for email. I then setup a mail server rule on the isa server and configured the same port as the alternative port to relay messages to for my exchange server. I then went back to the no-ip.com site and conducted a test to see if the server set it up correctly and I was successful.
Outgoing mail: I established the service on no-ip.com and went back to the exchange server and conducted the following setup. On the default SMTP virtual server, I went to the delivery tab and clicked on the outgoing tab, selected basic authentication and entered the username and password in accordance with the instructions on the no-ip site. I then went to the outbound connections tab and configured the TCP port to match what the no-ip site specified as the TCP port that it would use to receive traffic from my exchange server. I then click on the advanced delivery options and verified my FQDN and added the smart host: smtp-auth.no-ip.com (in accordance with the no ip site). Lastly, I went to the ISA server and configured a firewall rule to allow traffic out on that port.
I am able to receive with out an issue, but can't send. I am not an exchange guy so I apologize up front for my lack of knowledge on exchange 2003. I am working on exchange to become a more well rounded MCSE.
Thanks in advance
izzy
To: undisclosed-recipients
I think I miss understood when reading the prior posting because I conducted the telnet test from another computer that was not the exchange server.
As far as I could tell the test went through my ISA 2004 box and out to no-ip.com relay server.
The way I set it up is as follows:
Incoming: I first set the service up with no ip and selected an alternate SMTP port to receive email from. I then went to the exchange server, opened Exchange system manager and navigated to the default SMTP Virtual Server Properties. I then click on the advanced tab and edited the ip address and port to reflect the port number I setup as the incoming port for email. I then setup a mail server rule on the isa server and configured the same port as the alternative port to relay messages to for my exchange server. I then went back to the no-ip.com site and conducted a test to see if the server set it up correctly and I was successful.
Outgoing mail: I established the service on no-ip.com and went back to the exchange server and conducted the following setup. On the default SMTP virtual server, I went to the delivery tab and clicked on the outgoing tab, selected basic authentication and entered the username and password in accordance with the instructions on the no-ip site. I then went to the outbound connections tab and configured the TCP port to match what the no-ip site specified as the TCP port that it would use to receive traffic from my exchange server. I then click on the advanced delivery options and verified my FQDN and added the smart host: smtp-auth.no-ip.com (in accordance with the no ip site). Lastly, I went to the ISA server and configured a firewall rule to allow traffic out on that port.
I am able to receive with out an issue, but can't send. I am not an exchange guy so I apologize up front for my lack of knowledge on exchange 2003. I am working on exchange to become a more well rounded MCSE.
Thanks in advance
izzy
I would not have set the outbound authentication etc in the way that you have done so.
Instead I would have set it on an SMTP Connector. The default SMTP VS should be left alone where possible, particularly with smart host and authentication settings. http://www.amset.info/exchange/smtp-connector.asp
Simon.
Instead I would have set it on an SMTP Connector. The default SMTP VS should be left alone where possible, particularly with smart host and authentication settings. http://www.amset.info/exchange/smtp-connector.asp
Simon.
i have the exact same setup. Bellsouth DSL, exchange 2003 sp2. Here is what I did:
1. No smtp connector.
2. go to exchange system manager - server- protocols-smtp right click "default virtual smtp server" properties. On the Delivery tab go to advanced and in the fully qualified domain name put in the A record of the email domain. example:
email is test@email.com then there should be an A record soemthing like mail.email.com. Once I put that in i was able to send.
However sending to aol and to hotmail seems to be very slow, but sending to any other domains works fine.
spinkas
1. No smtp connector.
2. go to exchange system manager - server- protocols-smtp right click "default virtual smtp server" properties. On the Delivery tab go to advanced and in the fully qualified domain name put in the A record of the email domain. example:
email is test@email.com then there should be an A record soemthing like mail.email.com. Once I put that in i was able to send.
However sending to aol and to hotmail seems to be very slow, but sending to any other domains works fine.
spinkas
ASKER
I have deleted the smtp connector and have tried setting up the default smtp connector but i have one question.
My fully qualified domain name for the exchange box is dc2.affordable-computer-so
Which FCDN do i use? I have set up both (one at a time) and attempted to send email out to both bellsouth and hotmail and have failed.
I have checked and monitored ISA during the attempted communication and ISA 2004 is allowing the attempt. It shows connection initiated and repeats it several times before coming back connection closed then connection denied. It doesn't say connection denied default rule just connection denied.
I then check the exchange system and when i highlight hotmail.com and bellsouth.net in the queue it has a comment of "The connection was dropped by the remote host".
I have changed the password on the no-ip.com alternate smtp service and varified that the correct password was setup by on the default smtp.
any ideas or suggestions.
izzy
My fully qualified domain name for the exchange box is dc2.affordable-computer-so
Which FCDN do i use? I have set up both (one at a time) and attempted to send email out to both bellsouth and hotmail and have failed.
I have checked and monitored ISA during the attempted communication and ISA 2004 is allowing the attempt. It shows connection initiated and repeats it several times before coming back connection closed then connection denied. It doesn't say connection denied default rule just connection denied.
I then check the exchange system and when i highlight hotmail.com and bellsouth.net in the queue it has a comment of "The connection was dropped by the remote host".
I have changed the password on the no-ip.com alternate smtp service and varified that the correct password was setup by on the default smtp.
any ideas or suggestions.
izzy
The name dc2.affordable-computer-so
However if you are using an alternative SMTP service, then what the name resolves to at your end shouldn't really matter. The recipient server will only be looking at the configuration of the server that is actually making the connection - which isn't yours. It is the alternative SMTP server.
Simon.
However if you are using an alternative SMTP service, then what the name resolves to at your end shouldn't really matter. The recipient server will only be looking at the configuration of the server that is actually making the connection - which isn't yours. It is the alternative SMTP server.
Simon.
ASKER
having said that, could it be something at the relay side (no-ip.com) or at the hotmail / bellsouth / etc side that is going the "The connection was dropped by the remote host". That the part that puzzles me is where the break is. I have check and rechecked the authentication setup and password on both the exchange server and no-ip and still same error.
Izzy
Izzy
If you have got the connector configured to send all email via the alternative SMTP service and you are seeing the dropped connection report on your server, then that would indicate that the server you are trying to send email through has dropped the connection.
Simon.
Simon.
ASKER
Thanks for the clarification. I will log on to no-ip and recheck everything.
ASKER
Sembee,
would the exchange log show anything that might fix this mystery. I have opened the log located in "C:\Program Files\Exchsrvr\DC2.log". It tells me sender, intended receiver, etc..." however, with my untrained eye I might not be seeing something critical. Last question, am i opening the correct log, is their another log i should be opening.
would the exchange log show anything that might fix this mystery. I have opened the log located in "C:\Program Files\Exchsrvr\DC2.log". It tells me sender, intended receiver, etc..." however, with my untrained eye I might not be seeing something critical. Last question, am i opening the correct log, is their another log i should be opening.
There is a log for the SMTP virtual server. Whether that will actually show you what is happening is difficult to say.
You have to enable the log - as it isn't enabled by default. ESM, Servers, <your server>, Protocols. Right click on the SMTP VS and choose Properties. Log is on the first tab.
Simon.
You have to enable the log - as it isn't enabled by default. ESM, Servers, <your server>, Protocols. Right click on the SMTP VS and choose Properties. Log is on the first tab.
Simon.
ASKER
Sembee,
I enabled logging a few weeks ago. I just set all "additonal logging options" to see if it will record something worth while.
I enabled logging a few weeks ago. I just set all "additonal logging options" to see if it will record something worth while.
ASKER
Simon,
Last night while still trying to troubleshoot this i saw an error in the queue stating "SMTP error" or something very similar. I went to and reviewed the usage log forthe No-Ip alternate-port smtp on the no-ip site and i noticed that the usage log was at 150 messages relayed. I am only allow 150 messages per day becuase thats all the service i purchaced offered. It is saying it relayed 150 messages, no sure if that means it got to the No-ip site and was past on and then rejected or just that it received a message from my exchange and then dropped the connection.
Lastly, will the results of the logging be located in the log file located at C:\Program Files\Exchsrvr\DC2.log. I have not changed the default location. Just wanted to make sure i was lookin at the right file.
Izzy
Last night while still trying to troubleshoot this i saw an error in the queue stating "SMTP error" or something very similar. I went to and reviewed the usage log forthe No-Ip alternate-port smtp on the no-ip site and i noticed that the usage log was at 150 messages relayed. I am only allow 150 messages per day becuase thats all the service i purchaced offered. It is saying it relayed 150 messages, no sure if that means it got to the No-ip site and was past on and then rejected or just that it received a message from my exchange and then dropped the connection.
Lastly, will the results of the logging be located in the log file located at C:\Program Files\Exchsrvr\DC2.log. I have not changed the default location. Just wanted to make sure i was lookin at the right file.
Izzy
You should look at the logging properties, that will show you where the log is being stored.
For the SMTP VS I would expect it to be C:\WINDOWS\System32\LogFil
Have you got message tracking turned on? http://www.amset.info/exchange/message-tracking.asp
If not, I would turn it on so that you can see how many messages are going through your server.
Simon.
For the SMTP VS I would expect it to be C:\WINDOWS\System32\LogFil
Have you got message tracking turned on? http://www.amset.info/exchange/message-tracking.asp
If not, I would turn it on so that you can see how many messages are going through your server.
Simon.
ASKER
Simon,
These are the instructions on the no ip site on how to set up the service.
Outbound server: smtp-auth.no-ip.com, port 3325.
Username: yourdomain.com@noip-smtp where yourdomain.com is the domain for which you bought the service. To set your password, you must log in to No-IP.com and click Mail in the left hand navigation. Find your domain in the list with type smtp and click Modify. Change your password there.
This is a walk thru on how to setup exchange with smart host for their site.
http://www.no-ip.com/support/guides/email/quick_start_alternate_port_smtp.html
The ISA rule i setup allows outbound traffic on port 3325 from my Exchange server to the no ip site.
Izzy
These are the instructions on the no ip site on how to set up the service.
Outbound server: smtp-auth.no-ip.com, port 3325.
Username: yourdomain.com@noip-smtp where yourdomain.com is the domain for which you bought the service. To set your password, you must log in to No-IP.com and click Mail in the left hand navigation. Find your domain in the list with type smtp and click Modify. Change your password there.
This is a walk thru on how to setup exchange with smart host for their site.
http://www.no-ip.com/support/guides/email/quick_start_alternate_port_smtp.html
The ISA rule i setup allows outbound traffic on port 3325 from my Exchange server to the no ip site.
Izzy
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Simon,
I set it up on the SMTP VS. On the general tab - advanced tab of the SMTP VS i had to set up the incoming port that the server was going to use. I then went to the delivery tab and set it up in accordance with the instructions. I am going to try you suggestions and migrate all the changes to a smtp connector and undue the changes i did to the VS.
I will let you know how it goes.
Izzy
I set it up on the SMTP VS. On the general tab - advanced tab of the SMTP VS i had to set up the incoming port that the server was going to use. I then went to the delivery tab and set it up in accordance with the instructions. I am going to try you suggestions and migrate all the changes to a smtp connector and undue the changes i did to the VS.
I will let you know how it goes.
Izzy
Usually I would post this...
telnet servername.domain.com 25
Change the 25 to the alternative port.
If you can, complete a full telnet test to see if it is being delivered. http://www.amset.info/exchange/telnet-test.asp
Simon.