wataru69
asked on
incoming mail not working. outgoing mail OK
Hi Experts,
My problem is that mails will not arrive in my SBS 2003 mail server.
I have a domain (let's call it example) www.example.be hosted by a provider.
I have asked them to point the mx records to my fixed IP address.
After the installation of sbs 2003 i now can send mails. recipients receive them with the right name (serge@example.be). but none of the mails send to me (or any one else in my domain) reaches it's destiny.
The only mails arriving properly are the ones coming in with a pop connector that checks another old account and the mails send from within my domain. (eg user1 to user2 works like a charm.)
Is there a good way to troubleshoot this problem?
Where should I start?
My problem is that mails will not arrive in my SBS 2003 mail server.
I have a domain (let's call it example) www.example.be hosted by a provider.
I have asked them to point the mx records to my fixed IP address.
After the installation of sbs 2003 i now can send mails. recipients receive them with the right name (serge@example.be). but none of the mails send to me (or any one else in my domain) reaches it's destiny.
The only mails arriving properly are the ones coming in with a pop connector that checks another old account and the mails send from within my domain. (eg user1 to user2 works like a charm.)
Is there a good way to troubleshoot this problem?
Where should I start?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Your public DNS records are probably maintained by your ISP, in which case the test is looking at their server, not yours. If that's the case then it's not your problem, although you might want to let them know about it.
That is good you fixed your dns server but I would hope that it is not exposed to the internet.
If you do not own that server then it is their problem.
However, I would not ignore it because this means that dns server is possibly open to the public. If this is true and that server is compromised then your records that are on that server could be manipulated.
You can test this from a computer... open a command prompt (this computer must have access to outbound port 53)
If the IP address of your public dns server is 201.202.203.204
nslookup
>server 201.202.203.204
>google.com
>201.202.203.204 can’t find or query refused or something like this
In the example above the server 201.202.203.204 is not authoritative for the google.com domain.
For example,
A DNS server that is open will resolve request for anything or anybody.
A DNS server that is NOT open will reject request to resolve a record that it is not authoritative for.
If you do not own that server then it is their problem.
However, I would not ignore it because this means that dns server is possibly open to the public. If this is true and that server is compromised then your records that are on that server could be manipulated.
You can test this from a computer... open a command prompt (this computer must have access to outbound port 53)
If the IP address of your public dns server is 201.202.203.204
nslookup
>server 201.202.203.204
>google.com
>201.202.203.204 can’t find or query refused or something like this
In the example above the server 201.202.203.204 is not authoritative for the google.com domain.
For example,
A DNS server that is open will resolve request for anything or anybody.
A DNS server that is NOT open will reject request to resolve a record that it is not authoritative for.
ASKER
> nsloopup
Server: UnKnown
Address: 192.168.1.1
*** UnKnown can't find nsloopup: Non-existent domain
this is what I got done from a client
my server and clients are behind a linksys router that acts as gateway on that ip address
Server: UnKnown
Address: 192.168.1.1
*** UnKnown can't find nsloopup: Non-existent domain
this is what I got done from a client
my server and clients are behind a linksys router that acts as gateway on that ip address
from dnsreport.com your public dns server address is 192.1681.1?
nslookup will query any dns server
the command "server" tells nslookup which server to query.
from the ">" prompt you would type server and your public dns server ip address and press enter.
nslookup will query any dns server
the command "server" tells nslookup which server to query.
from the ">" prompt you would type server and your public dns server ip address and press enter.
http://technet.microsoft.com/en-us/library/4ecb31fd-5da3-4ef6-8acc-0d2cc426588f.aspx
if there is not a reverse zone for the default dns server assigned to the PC where you run nslookup then you will get the error you describe.
if there is not a reverse zone for the default dns server assigned to the PC where you run nslookup then you will get the error you describe.
ASKER
Sorry for the late reply.
Thank you both. It did solve my problems.
The router port was the actual solution, but since I asked for tools to troubleshoot too, I decided to give you both credit.
thanks again
Thank you both. It did solve my problems.
The router port was the actual solution, but since I asked for tools to troubleshoot too, I decided to give you both credit.
thanks again
ASKER
I go all red with shame.
I cannot believe I forgot such a basic issue. I opened many ports on the router, but forgot nr 25.
Duh, hit me on the head please !!
so far this seems to fix the problem.
Donnie4572:
Thank you for that nice tools.
It is definitely a good start for troubleshooting issues like this.
I have one red fail point in my report:
ERROR: One or more of your nameservers reports that it is an open DNS server. This usually means that anyone in the world can query it for domains it is not authoritative for (it is possible that the DNS server advertises that it does recursive lookups when it does not, but that shouldn't happen). This can cause an excessive load on your DNS server. Also, it is strongly discouraged to have a DNS server be both authoritative for your domain and be recursive (even if it is not open), due to the potential for cache poisoning (with no recursion, there is no cache, and it is impossible to poison it). Also, the bad guys could use your DNS server as part of an attack, by forging their IP address. Problem record(s) are:
Server 62.213.205.134 reports that it will do recursive lookups. [test] Server 193.111.95.21 reports that it will do recursive lookups. [test] See this page for info on closing open DNS servers.
I followed this tip:
Fixing Microsoft DNS on Windows 2003
* Open DNS.
* In the console tree, right-click the applicable DNS server, then click Properties.
* Click the Advanced tab.
* In Server options, select the Disable recursion check box, and then click OK.
but it still reports my dns as being OPEN.
is this a real issue? of can I just ignore it?
the IP's listed in this error are not mine anyway, probably from a provider or so...