?
Solved

Exchange - Telnet Question

Posted on 2006-11-27
10
Medium Priority
?
561 Views
Last Modified: 2012-08-13
******************************************************************
****************I really need immediate help on this issue********************
******************************************************************

My users have been unable to send to a certain domain for the past 3 months and it has become a huge problem. Here are the particulars... We run Exchange 2000 Server and have XP clients. If we email the company we recieve a non deliverable. We can receive but no send. All the mail sits in the queue and eventually times out and shoots us the error.

I have verified that we are not blacklisted etc: (I have done a variety of tests with thier tech support). This is what I have found. If I telnet servername.com 25 the connection fails on both the server and the client. When I telnet servername.com 25 with the ISA Firewall Client off on the XP clients it works fine. I guess my issue issue is a little murky because we have never had a problem sending  to this domain in the past. How can I get this fixed so that I can telnet from my exchange server properly....  

A weird situation in my estimation does anyone have any suggestions, Thanks?
0
Comment
Question by:zyanj
  • 3
  • 2
  • 2
  • +3
10 Comments
 
LVL 57

Expert Comment

by:Pete Long
ID: 18019519
>>If I telnet servername.com 25 the connection fails on both the server and the client

What antivirus software? McAfee famously blocks this....

If McAfee is installed (on the client and server!)

1.      Right Click the McAfee Shield in the task bar
2.      Select Virus Scan console
3.      Double Click Access Protection (usually at the top)
4.      On the Port Blocking Tab ensure "Prevent Mass Mailing worms from sending Mail" is NOT ticked
0
 
LVL 26

Expert Comment

by:jar3817
ID: 18019548
What do the NDR's say? Usually they include some kind of clue as to why the connection failed or the mail was rejected. Do you have this problem sending to any other domains? It sounds like you're tripping some spam filter and the connection is rejected. You may not be listed on some public blacklists, but they might be running an internal private blacklist. Have you called the IT department at this company to see what if anything is going on at their end? They can look in their logs and should be able to tell you exactly why your connection is being rejected.

There are a couple things you should check to make sure your exchange server is setup properly:

1. Make sure you have reverse dns (and corrisponding forward dns) on the ip address that exchange uses for sending email. If your whole networks is NATed behind 1 IP, make sure that ip has PTR and A records

2. Make sure your server is announcing itself as a valid hostname (the same as your PTR record) rather than an internal AD domain name or just a hostname.
0
 
LVL 57

Accepted Solution

by:
Pete Long earned 2000 total points
ID: 18019577
also heres a handy test tool from M$

Testing Mail with SMTPDiag

First download SMTPDiag
http://www.microsoft.com/downloads/details.aspx?familyid=BC1881C7-925D-4A29-BD42-71E8563C80A9&displaylang=en

Save it on your desktop and run it > It will want to extract some fires > Put them in
C:\windows\system32

Click Start > Run > cmd {enter}
At command line use the following commands

Smtpdiag <senders email address> <recipients email address>

References
Using SMTPDIAG to Diagnose Exchange 2003 Related SMTP and DNS Problems
http://www.msexchange.org/tutorials/SMTPDIAGdiagnose-Exchange-2003-SMTP-DNS.html
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 43

Expert Comment

by:Steve Knight
ID: 18019734
Aside from the above are you actually talking to their mail server when you telnet to domain.com, i.e.

nslookup
set type=mx
domain.com
exit

and check the name returned for their mail servers.  It could be they have changed their mail exchangers and for some reason you have a HOSTS table entry at the server for them or something?

Steve
0
 

Author Comment

by:zyanj
ID: 18020386
Ok...

1. We are using Symantec Corp Edition



2. The NDR is as follows...

Your message did not reach some or all of the intended recipients.

      Subject:      test
      Sent:      11/18/2006 11:11 AM

The following recipient(s) could not be reached:

      name@theircompany.com on 11/18/2006 11:43 AM
            Could not deliver the message in the time limit specified.  Please retry or contact your administrator.
            <mail.mycompany.com #4.4.7>


3. I do not have this problem with any other domains.

I will continue to read the rest of the info provided
0
 

Author Comment

by:zyanj
ID: 18021136
This is the result of the SMTPDIAG

Everything passed except for the following...


Checking MX servers listed for castillo.j.17@pg.com.
Connecting to bdc-edge02.na.pg.com [192.44.184.14] on port 25.
Connecting to the server failed. Error: 10060
Failed to submit mail to bdc-edge02.na.pg.com.
Connecting to bdc-edge01.na.pg.com [192.44.184.17] on port 25.
Connecting to the server failed. Error: 10060
Failed to submit mail to bdc-edge01.na.pg.com.
0
 
LVL 1

Expert Comment

by:martin_wilkinson
ID: 18021865
You say that you are able to connect from an XP workstation with the firewall client disabled, which is interesting.  I have a few questions:

When the firewall client is disabled, how are these machines connecting to the internet - Are they effectively becoming SecureNAT clients through the ISA server, or is there some form of direct access through an internet connection router?

What version of ISA server are you running?

How are you sending outbound mail from the exchange server?  Through a spam / virus filtering smarthost, or directly to the internet?  If you are sending it through a filter, is this software located on the ISA server?

Are you running the firewall client on the exchange server?

If you are able to give a basic outline of your network layout, that would be helpful in finding out what exactly is preventing communication.
0
 

Author Comment

by:zyanj
ID: 18028082
***Please forgive me and disregard the firewall client portion I made a mistake with regard to that part of my question.

1. 2000 ISA Server
2. No Firewall Client on servers.
3. Disabled Filtering software

Here are the complete results of the SMTDiag from the mail server
Does the error denote a problem on my end?



Searching for Exchange external DNS settings.
Computer name is MOLLY.
VSI 1 has the following external DNS servers:
67.36.128.26,206.141.192.60

Checking SOA for pg.com.
Checking external DNS servers.

Checking TCP/UDP SOA serial number using DNS server [67.36.128.26].
TCP test succeeded.
UDP test failed.
Serial number: 2006112801

Checking TCP/UDP SOA serial number using DNS server [206.141.192.60].
TCP test succeeded.
UDP test failed.
Serial number: 2006112801
Checking internal DNS servers.

Checking TCP/UDP SOA serial number using DNS server [192.168.1.1].
Failed: DNS server [192.168.1.1] may be down.

Checking TCP/UDP SOA serial number using DNS server [67.36.128.26].
TCP test succeeded.
UDP test failed.
Serial number: 2006112801

Checking TCP/UDP SOA serial number using DNS server [206.141.192.60].
TCP test succeeded.
UDP test failed.
Serial number: 2006112801
SOA serial number match: Passed.

Checking local domain records.
Starting TCP and UDP DNS queries for the local domain. This test will try to
validate that DNS is set up correctly for inbound mail. This test can fail for
3 reasons.
    1) Local domain is not set up in DNS. Inbound mail cannot be routed to
local mailboxes.
    2) Firewall blocks TCP/UDP DNS queries. This will not affect inbound mail,
but will affect outbound mail.
    3) Internal DNS is unaware of external DNS settings. This is a valid
configuration for certain topologies.
Checking MX records using TCP: harrisandford.com.
  MX:    mx2.mail.webexc.com (100)
  MX:    mail.harrisandford.com (10)
  A:     mail.harrisandford.com [69.222.92.54]
  A:     mx2.mail.webexc.com [204.8.11.143]
  A:     ns2.webexc.com [204.8.11.143]
Checking MX records using UDP: harrisandford.com.
  MX:    mx2.mail.webexc.com (100)
  MX:    mail.harrisandford.com (10)
  A:     mail.harrisandford.com [69.222.92.54]
  A:     mx2.mail.webexc.com [204.8.11.143]
  A:     ns2.webexc.com [204.8.11.143]
Both TCP and UDP queries succeeded. Local DNS test passed.

Checking remote domain records.
Starting TCP and UDP DNS queries for the remote domain. This test will try to
validate that DNS is set up correctly for outbound mail. This test can fail for
3 reasons.
    1) Firewall blocks TCP/UDP queries which will block outbound mail. Windows
2000/NT Server requires TCP DNS queries. Windows Server 2003 will use UDP
queries first, then fall back to TCP queries.
    2) Internal DNS does not know how to query external domains. You must
either use an external DNS server or configure DNS server to query external
domains.
    3) Remote domain does not exist. Failure is expected.
Checking MX records using TCP: pg.com.
  MX:    bdc-edge02.na.pg.com (10)
  MX:    bdc-edge01.na.pg.com (10)
  A:     bdc-edge01.na.pg.com [192.44.184.17]
  A:     bdc-edge02.na.pg.com [192.44.184.14]
Checking MX records using UDP: pg.com.
  MX:    bdc-edge02.na.pg.com (10)
  MX:    bdc-edge01.na.pg.com (10)
Both TCP and UDP queries succeeded. Remote DNS test passed.

Checking MX servers listed for castillo.j.17@pg.com.
Connecting to bdc-edge01.na.pg.com [192.44.184.17] on port 25.
Connecting to the server failed. Error: 10060
Failed to submit mail to bdc-edge01.na.pg.com.
Connecting to bdc-edge02.na.pg.com [192.44.184.14] on port 25.
Connecting to the server failed. Error: 10060
Failed to submit mail to bdc-edge02.na.pg.com.

C:\Documents and Settings\Administrator.FORD\Desktop\SmtpDiag>
0
 
LVL 1

Expert Comment

by:martin_wilkinson
ID: 18030926
The DNS is resolving correctly (I get the same answers when I resolve the MX records for pg.com), so it looks like you don't have a DNS issue.

The 10060 error is simply a timeout, so it looks like something somewhere along the path between you and pg.com is filtering out your smtp requests.  Since you are able to send quite happily to most other users of the internet, I would suggest that there is something at their end which is blocking the port.  I know you've checked you're not on a blacklist, but this looks more network related than smtp related - if you do get on a blacklist, you usually get an smtp error back immediately stating that you have been blacklisted - your smtp packets are not making it to the server.

I have had odd issues in the past where the outgoing TCP connection request had a new feature enabled (ECN) which wasn't understood by a 3rd party's firewall, so it just ignored the packet.  If you are able to get a trace with MS Network Monitor or Ethereal, we could rule out this possibility.  It would also tell us if you're having MTU related issues.

As a workaround, you could route mail to the pg.com domain through your ISP's smtp server, by creating an SMTP connector specifically for pg.com as mentioned in the article which has already been referred to:

http://www.experts-exchange.com/Networking/Email_Groupware/Exchange_Server/Q_22043945.html

0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
Tech spooks aren't just for those who are tech savvy, it also happens to those of us running a business. Check out the top tech spooks for business owners.
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question