Solved

New SBS 2003 no external email and no external RWW

Posted on 2006-06-27
14
281 Views
Last Modified: 2010-04-19
Hello,

Just replaced my old SBS 2003 server with a new one. No migration, new setup. Only 1 NIC. I'm having the following issues:

1. Am not receiving external emails. Internally it works fine and am able to send out emails.

2. RWW does not work externally. Get "page cannot be displayed". Internally it works fine.

I have checked the hardware firewall several times for the port forwarding. Old SBS 2003 worked fine. All I changed was the name and IP address of the new server. I have tried changing the IP address in the rules and creating new rules but still no go. I have a hard time believing it's the firewall. I tested with telnet and I'm not even connecting internally. I think I may have a DNS issue.

The internal and external domains are named different.

How can I test the hardware firewall to see if port 25 is open?

Should there be a forward lookup zone for MYDOMAIN.COM and in the zone should there be "A" records pointing MAIL.MYDOMAIN.COM and WORKPLACE.MYDOMAIN.COM to the server IP address? There was this zone in the old server DNS.

Any help would be greatly appreciated. Thanks.

Steve
0
Comment
Question by:sirvodka
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 7
14 Comments
 
LVL 13

Expert Comment

by:itcoza
ID: 16992663
Give me the FQDN of the external connection and I will test for you :)

But seriously,  all you need to do is make a connection to the Internet via dial-up or such and then open a command prompr window and then use telnet to connect to the server using port 25

telnet {servername or IP} 25

If you can connect, check to see if you have set up the mail domain correctly.

Regards,
Maynard


PS... have you run the connect to the Internet wizard?

0
 
LVL 13

Expert Comment

by:itcoza
ID: 16992682
0
 
LVL 13

Accepted Solution

by:
itcoza earned 500 total points
ID: 16992708
You may still have to have a look at the firewall.  You make the statement that the only thing that changed is the Server and the IP address of the server.  If this is the case, and your rules are not set up correctly on the firewall, then it would explain why you are not  getting mail from outside. (O, and why your remote web work place is not working)
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:sirvodka
ID: 16992870
itcoza,

FQDN is mail.shepherddata.com


0
 

Author Comment

by:sirvodka
ID: 16992901
itcoza,

Again, I am not able to even telnet internally. I'm assuming I should.
0
 
LVL 13

Expert Comment

by:itcoza
ID: 16992903
sirvodka,

> mail.shepherddata.com
There is no connection on port 25 to that FQDN
The FQDN resolves to: 65.41.155.165 and I can not even ping it from here.

*****************************
Regards, M
   
0
 

Author Comment

by:sirvodka
ID: 16992940
itcoza,

You cannot ping the FQDN or 65.41.115.165 or both?
0
 
LVL 13

Expert Comment

by:itcoza
ID: 16992959
When performing a tracert I get:

U:\>tracert mail.shepherddata.com

Tracing route to mail.shepherddata.com [65.41.115.165]
over a maximum of 30 hops:

  1     1 ms    <1 ms    <1 ms  *.*.*.*
  2    35 ms    27 ms    25 ms  *.*.*.*
  3    14 ms    13 ms    13 ms  196.43.11.58
  4    14 ms    13 ms    13 ms  196.43.24.9
  5   359 ms   373 ms     *     ny-ip-dir-globalc-pos-7-0.telkom-ipnet.co.za [196.43.9.149]
  6   342 ms   381 ms   358 ms  sl-gw30-nyc-2-0.sprintlink.net [144.223.25.129]
  7   353 ms   343 ms   358 ms  sl-bb24-nyc-15-2.sprintlink.net [144.232.13.21]
  8   347 ms   351 ms   356 ms  sl-bb25-nyc-10-0.sprintlink.net [144.232.13.182]
  9   371 ms   371 ms   372 ms  sl-bb24-chi-2-0.sprintlink.net [144.232.9.156]
 10   375 ms   369 ms   368 ms  sl-gw33-chi-10-0.sprintlink.net [144.232.26.42]
 11   377 ms   379 ms   382 ms  sl-sprintwrbm-17-0.sprintlink.net [160.81.179.30]
 12   382 ms   383 ms   379 ms  mn-65-41-193-206.dyn.sprint-hsd.net [65.41.193.206]
 13     *        *        *     Request timed out.
 14     *        *        *     Request timed out.
 15     *        *        *     Request timed out.

0
 
LVL 13

Expert Comment

by:itcoza
ID: 16992991
The FQDN resolves to the IP address and the ping is always done to the IP address.
I suggest you start looking at the firewall settings as your problem.
Another suggestion would be to restore you firewall settings from before you made the changes you talk about and then to change your server IP address so that it is the same as the old server (make sure the old server is off)

Regards,
M
0
 

Author Comment

by:sirvodka
ID: 16993176
I'll have to try the IP address change tonight.

The following telnet does work internally.

telnet "server IP" 25
telnet "servername.domain.local" 25

The following telnet does not work internally.

telnet mail.shepherddata.com 25

Should this work internally? Should my DNS be pointing mail.shepherddata.com to my servers IP address? If it is I can't find it.

Thanks.
0
 
LVL 13

Expert Comment

by:itcoza
ID: 16993358
sirvodka,

> Should this work internally?
This will only work internally if your firewall is set up to allow the packet to look back into your network (firewall setup)

> Should my DNS be pointing mail.shepherddata.com to my servers IP address?
Only if your server is connected directly to the Internet (through DMZ) and if your firewall is removed from the picture.
Your network connection should look like this:
Option 1:

Internet <-> Firewall <-> LAN
                       |
                       V
                    Server
Option 2:

Internet <-> Firewall <-> Server <-> LAN

Option 3:

Internet <-> Firewall<->LAN<->Server

Based on the information you have provided so far, I think your network is a Option 3 => Bastion Based network.
In that case your A record must point at the External IP address of the firewall and based on the ping I did, it does.

Regards,
M

*****************************
Regards, M
   
0
 

Author Comment

by:sirvodka
ID: 16993569
You are correct. Option 3 network.

Please forgive my ignorance but I'm confused on something.

Let's assume for this question the firewall is forwarding port 25 fine.

Someone externally sends me an email to me@shepherddata.com. DNS servers on the internet point shepherddata.com to my hosting IP address. My host has an MX record pointing shepherddata.com to mail.shepherddata.com. Mail.shepherddata.com is pointing to 65.41.115.165 (static ip of firewall). The firewall forwards port 25 to my SBS2003 IP address.

At this point how does the server know to send the email on to exchange? Where does it point me@shepherdata.com to?

Thanks
0
 

Author Comment

by:sirvodka
ID: 16993661
Question on running the connection wizard CEICW.

When it asks for the email domain name do I enter

shepherddata.com or
mail.shepherddata.com

I have been entering shepherddata.com.

Thanks
0
 

Author Comment

by:sirvodka
ID: 16994553
Man I feel so stupid sometimes.

It was the firewall.
0

Featured Post

How Do You Stack Up Against Your Peers?

With today’s modern enterprise so dependent on digital infrastructures, the impact of major incidents has increased dramatically. Grab the report now to gain insight into how your organization ranks against your peers and learn best-in-class strategies to resolve incidents.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The SBS 2011 release date (RTM) is supposed to be around Christmas, 2011.  This article is a compilation of my notes -- things I have learned first hand.  The items are in a rather random order, but I think this list covers most of what is new and d…
If you are a user of the discontinued Microsoft Office Accounting 2008 (MSOA) and have to move to a new computer running Windows 8, you will be unhappy to discover that it won't install.  In particular, Microsoft SQL Server 2005 Express Edition (SSE…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question