We help IT Professionals succeed at work.


LunaSkye used Ask the Experts™
Hello Everyone,

I need some help please.

WHen our company was first setup, we used ValueWeb for mail hosting, all of our mail was delivered there, and we simply checked and sent using Outlook.

About a year ago, we got Small Business Server 2003, including MS Exchange.  However, the email configuration didnt change much.. just that we now all had exchange email boxes which we didnt really check.. we just kept our current mail on ValueWeb, and continued to check it through outlook.

NOW, i have gone and changed my MX Record at Valueweb, so that all mail goes to my Exchange server, rather than valueweb.  There are two domains for this company, and I have changed both their records so that they point to my Static IP.

It is my understanding that all mail going to either domain will be sent to my server, and then I can choose how to rout it locally.. (i.e. mailboxes..)

I am not able to recieve any mail.. i dont know why.  I am relatively new at this "Administering Exchange" thing.. so I would appreciate some help.. QUICKLY!!

I can send mail no problem.. it works like a champ!!

But I cannot get any in from an outside source...

NOTE!! I CAN get email if sent in-office.. (from one domain user to another).. not leaving the domain.

How do i get my outside email delivered to my exchange mailboxes?!?!??
I have added all the address to my "Email Addresses" tab of the Active Directory.


- Thank you.
- Andrew
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
have you allowed port 25 traffic through your firewall?
are you SURE that you have your external IP forwarded to whichever internal IP is on your exchange server and forwarded port 25?

Hi LunaSkye,

There's 2 things you need to do.

1. ensure that relaying has been disabled to prevent your server becoming listed on SPAM lists. I wouldn't imagine that this is allowed by default in SBS2003, but I wouldn't make any assumptions.
To check your server hasn't become listed on a Block list

2. Set your exchange organisation to be responsible for the email to your domains. This is done by setting up recipient policies.

Good Luck,


You can check your mail server externally using http://pingability.com/smtptest.jsp

This will run a scripted test of the SMTP server to see if it is responding and what responses it recieves when trying to send an email through your server.


Thank you, what you suggested seems to have worked!
I opened ISA Server 2006 Console, and under "Firewall Policy" I chose "Publish Mail Servers".
I ended up publishing a few of them
- POP3 server
- SMTP Server
- POP3 server Secure
- SMTP Server Secure
- RPC Server

All of them are "FROM" Internal, External, and VPN Clients "TO" my IP Address.

So it worked.... But, do i need ALL those servers open? Or just SMTP?


Thank you for the information on Recipient POlicies.. I had modified the default rule to include the new addresses.... so i guess that was one of the steps.  

WOuld you recommend making SEPARATE rules for each of the domains?? Rather than modifying the default rule?

Thank you too, for the pingability check.. I am UNABLE TO RELAY an anonymous send.. YAY!

- Andrew Allen
You can modify the default rule to include both any and all domains, but then you won't be able to create different sets of rules for different groups of users. If you want to do that, you can create new rules to add the different smtp addresses to the different groups of users. You do this by running LDAP seraches, you can't filter by OU easily.
To recieve SMTP, you only need to allow incoming SMTP, TCP port 25.
You can also look at some fancy things such as RPC over HTTP to collect email from outside your network securely without having to run a VPN. This only requires the HTTP ports to be opened up which you would open for webmail. You might need a certificate for this to maintain security, but you can create one of those yourself on the server so you don't need to pay the money for a verisign certificate. This will produce a warning from any external PC to your company if you don't buy a verisign or similar certificate.

This bypasses port restrictions put in place by a lot of companies when you visit partners.


Thank you all VERY  MUCH...
this has really saved me.

Look for another question from me in this section... about a "Catch all" email account..  I want to be able to see eveyrthign that comes in..

thanks for the points,,, glad you go it working
Thanks. ;-)