X-quisite
asked on
Cannot receive SMTP mail on SBS Exchnage 2003
I am trying to configure small business server 2003 to exchnage server 2003.
I want exchange server to recieve all smtp e-mails.
Currently users are able to send outbound e-mails.
I have carried out the following with ISP DNS
Added an MX record: @ 10 smtp.domain.com.
Added a Host record: A 111.111.11.11
when i ping smtp.domain.com i get my external WAN IP address
I have opend port 25 on the firewalll forwarded the smtp traffic to SBS.
Can someone please advise me on what iam doing wrong.
Thank you
Nazmul
I want exchange server to recieve all smtp e-mails.
Currently users are able to send outbound e-mails.
I have carried out the following with ISP DNS
Added an MX record: @ 10 smtp.domain.com.
Added a Host record: A 111.111.11.11
when i ping smtp.domain.com i get my external WAN IP address
I have opend port 25 on the firewalll forwarded the smtp traffic to SBS.
Can someone please advise me on what iam doing wrong.
Thank you
Nazmul
ASKER
jsvor:
the smtp port is open and working.
I think it may be to with a configuration with exchange or SBS
Any ideas?
the smtp port is open and working.
I think it may be to with a configuration with exchange or SBS
Any ideas?
I would start with putting your domain in to dnsreport.com and see whether anything is flagged in the mail server section. That will indicate if the DNS is correct.
As this is SBS, have you run the Connect to the Internet and Email wizard (or whatever it is called) and configured everything that it needs?
Simon.
As this is SBS, have you run the Connect to the Internet and Email wizard (or whatever it is called) and configured everything that it needs?
Simon.
ASKER
Simon,
here is the report from dnsreport.com
i entered in the e-mail address:
Getting MX record for domain.co.uk (from local DNS server, may be cached)... Got it!
Host Preference IP(s) [Country]
smtp.domain.co.uk. 10 xx.xx.xx.xx [GB]
mta4.hosting.com. 50 xx.xx.xx.xx [GB]
mta3. hosting.com. 50 xx.xx.xx.xx [GB]
mta1. hosting.com. 50 xx.xx.xx.xx [GB]
mta2. hosting.com. 50 xx.xx.xx.xx [GB]
__________________________
Step 1: Try connecting to the following mailserver:
smtp. domain.co.uk. – xx.xx.xx.xx (WAN IP)
Step 2: If unsuccessful in step 1, Try connecting to all of these (in a random order, per RFC1123 5.3.4):
mta4. .hosting.com.– xx.xx.xx.xx
mta3. .hosting.com.- xx.xx.xx.xx
mta1. .hosting.com.- xx.xx.xx.xx
mta2. .hosting.com.- xx.xx.xx.xx
Step 3: If still unsuccessful, queue the E-mail for later delivery.
__________________________
Trying to connect to all mailservers:
smtp.domain.co.uk. - xx.xx.xx.xx [Successful connect: Got a good response [250 2.1.5 nazmul@domain.co.uk ]] (took 1.438 seconds)
mta4.hosting.com. - xx.xx.xx.xx [Successful connect: Got a good response [250 2.1.5 < nazmul@domain.co.uk >... Recipient ok]] (took 1.359 seconds)
mta3. hosting.com. - xx.xx.xx.xx [Successful connect: Got a good response [250 2.1.5 < nazmul@domain.co.uk >... Recipient ok]] (took 1.266 seconds)
mta1. hosting.com. - xx.xx.xx.xx [Successful connect: Got a good response [250 2.1.5 < nazmul@domain.co.uk >... Recipient ok]] (took 1.297 seconds)
mta2. hosting.com. - xx.xx.xx.xx [Successful connect: Got a good response [250 2.1.5 < nazmul@domain.co.uk >... Recipient ok]] (took 1.359 seconds)
I have a hosted e-mail with ISP, but this has no mailboxes setup as a secondary backup if local server is down.
here is the report from dnsreport.com
i entered in the e-mail address:
Getting MX record for domain.co.uk (from local DNS server, may be cached)... Got it!
Host Preference IP(s) [Country]
smtp.domain.co.uk. 10 xx.xx.xx.xx [GB]
mta4.hosting.com. 50 xx.xx.xx.xx [GB]
mta3. hosting.com. 50 xx.xx.xx.xx [GB]
mta1. hosting.com. 50 xx.xx.xx.xx [GB]
mta2. hosting.com. 50 xx.xx.xx.xx [GB]
__________________________
Step 1: Try connecting to the following mailserver:
smtp. domain.co.uk. – xx.xx.xx.xx (WAN IP)
Step 2: If unsuccessful in step 1, Try connecting to all of these (in a random order, per RFC1123 5.3.4):
mta4. .hosting.com.– xx.xx.xx.xx
mta3. .hosting.com.- xx.xx.xx.xx
mta1. .hosting.com.- xx.xx.xx.xx
mta2. .hosting.com.- xx.xx.xx.xx
Step 3: If still unsuccessful, queue the E-mail for later delivery.
__________________________
Trying to connect to all mailservers:
smtp.domain.co.uk. - xx.xx.xx.xx [Successful connect: Got a good response [250 2.1.5 nazmul@domain.co.uk ]] (took 1.438 seconds)
mta4.hosting.com. - xx.xx.xx.xx [Successful connect: Got a good response [250 2.1.5 < nazmul@domain.co.uk >... Recipient ok]] (took 1.359 seconds)
mta3. hosting.com. - xx.xx.xx.xx [Successful connect: Got a good response [250 2.1.5 < nazmul@domain.co.uk >... Recipient ok]] (took 1.266 seconds)
mta1. hosting.com. - xx.xx.xx.xx [Successful connect: Got a good response [250 2.1.5 < nazmul@domain.co.uk >... Recipient ok]] (took 1.297 seconds)
mta2. hosting.com. - xx.xx.xx.xx [Successful connect: Got a good response [250 2.1.5 < nazmul@domain.co.uk >... Recipient ok]] (took 1.359 seconds)
I have a hosted e-mail with ISP, but this has no mailboxes setup as a secondary backup if local server is down.
Not a fan of having ISPs mail servers in the DNS records. How does the ISP get email to you?
I would suggest removing them so that the only host listed is your own.
Simon.
I would suggest removing them so that the only host listed is your own.
Simon.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Jeff,
I have rerun the wizard several times and still have had no success.
I currently have one NIC card configured to the server, i am going to install a second, may be that is the problem?
When i send mail to a user in SBS 2003, i get the following retruned mail message:
The original message was received at Thu, 31 May 2007 10:07:29 +0100 from hostxxx-xx-xx-xxx.in-addr.
----- The following addresses had permanent fatal errors ----- <nazmul@domain.co.uk>
(reason: 550 5.1.1 <administrator@localhost>.
(expanded from: <nazmul@domain.co.uk>)
----- Transcript of session follows ----- ... while talking to [127.0.0.1]:
>>> DATA
<<< 550 5.1.1 <administrator@localhost>.
the erro message implies that it cannot find the user for the mail account,
Something is blocking it from recognising the account
I have rerun the wizard several times and still have had no success.
I currently have one NIC card configured to the server, i am going to install a second, may be that is the problem?
When i send mail to a user in SBS 2003, i get the following retruned mail message:
The original message was received at Thu, 31 May 2007 10:07:29 +0100 from hostxxx-xx-xx-xxx.in-addr.
----- The following addresses had permanent fatal errors ----- <nazmul@domain.co.uk>
(reason: 550 5.1.1 <administrator@localhost>.
(expanded from: <nazmul@domain.co.uk>)
----- Transcript of session follows ----- ... while talking to [127.0.0.1]:
>>> DATA
<<< 550 5.1.1 <administrator@localhost>.
the erro message implies that it cannot find the user for the mail account,
Something is blocking it from recognising the account
Can you please post a COMPLETE ipconfig /all from the server as well as from a workstation?
Thanks.
Jeff
TechSoEasy
Thanks.
Jeff
TechSoEasy
The message you have posted is NOT an Exchange message.
If you still have the ISPs SMTP Servers in your MX records then I would suggest removing them so that you can be sure that email is delivered to just your Exchange server.
Simon.
If you still have the ISPs SMTP Servers in your MX records then I would suggest removing them so that you can be sure that email is delivered to just your Exchange server.
Simon.
ASKER
jeff
From Server
Windows IP Configuarion
Host Name SBS2003
Primary DNS Suffix domain.local
Node Type Unknown
IP Routing Enabled No
WINS Proxy Enabled Yes
DNS Suffix Search List domain.local
Ethernet adapter Local Area Connection
Connection-specific DNS suffix:
Description: Intel pro/1000
Physical Address: 00-15-20-14-4d-8e
Dhcp Enabled No
IP Address 192.168.0.220
Subnet mask: 255.255.55.0
Default gateway: 192.168.0.201
DNS Servers 192.168.0.220
Primary WINS Server 192.168.0.220
From Work station
Windows IP Configuarion
Host Name Client1
Primary DNS Suffix domain.local
Node Type Unknown
IP Routing Enabled No
WINS Proxy Enabled No
DNS Suffix Search List domain.local
Ethernet adapter Local Area Connection
Connection-specific DNS suffix:
Description: Intel pro/1000
Physical Address: 00-15-20-14-4d-8e
Dhcp Enabled No
IP Address 192.168.0.100
Subnet mask: 255.255.55.0
Default gateway: 192.168.0.201
DNS Servers 192.168.0.220
hope this helps
From Server
Windows IP Configuarion
Host Name SBS2003
Primary DNS Suffix domain.local
Node Type Unknown
IP Routing Enabled No
WINS Proxy Enabled Yes
DNS Suffix Search List domain.local
Ethernet adapter Local Area Connection
Connection-specific DNS suffix:
Description: Intel pro/1000
Physical Address: 00-15-20-14-4d-8e
Dhcp Enabled No
IP Address 192.168.0.220
Subnet mask: 255.255.55.0
Default gateway: 192.168.0.201
DNS Servers 192.168.0.220
Primary WINS Server 192.168.0.220
From Work station
Windows IP Configuarion
Host Name Client1
Primary DNS Suffix domain.local
Node Type Unknown
IP Routing Enabled No
WINS Proxy Enabled No
DNS Suffix Search List domain.local
Ethernet adapter Local Area Connection
Connection-specific DNS suffix:
Description: Intel pro/1000
Physical Address: 00-15-20-14-4d-8e
Dhcp Enabled No
IP Address 192.168.0.100
Subnet mask: 255.255.55.0
Default gateway: 192.168.0.201
DNS Servers 192.168.0.220
hope this helps
ASKER
simon,
I have updated the MX records waiting for DNS to update
I have updated the MX records waiting for DNS to update
Actually if you are getting an NDR from "administrator@localhost" then your built-in Administrator account is either disabled, or doesn't have a mailbox and email address. Did you disable this account?
I'm also curious about why the NDR shows domain.co.uk as well as x-domain.co.uk
I'm thinking these aren't even being generated by the Exchange server, but rather from your ISP MX servers. Can you look at the full headers of one of the NDR's and see what it says on the line starting with "From: MAILER-DAEMON" ?
Jeff
TechSoEasy
I'm also curious about why the NDR shows domain.co.uk as well as x-domain.co.uk
I'm thinking these aren't even being generated by the Exchange server, but rather from your ISP MX servers. Can you look at the full headers of one of the NDR's and see what it says on the line starting with "From: MAILER-DAEMON" ?
Jeff
TechSoEasy
guess I should have refreshed before posting. :-)
Okay... so the fact that you aren't using DHCP on your workstation is causing one problem. You need to have a WINS server configured on the clients. Exchange still uses it. (In this case it needs to be your SBS of 192.168.0.220.
Then I see a rather big problem as well... your Subnet Mask is 255.255.55.0 and it needs to be 255.255.255.0. Otherwise, you're throwing out all sorts of wrong DNS traffic.
Correct that on the NIC and rerun the CEICW.
Ideally, you should be running DHCP on the workstations... which would suggest to me that you did not join them to the domain properly... using http://<servername>/connectcomput
Jeff
TechSoEasy
Then I see a rather big problem as well... your Subnet Mask is 255.255.55.0 and it needs to be 255.255.255.0. Otherwise, you're throwing out all sorts of wrong DNS traffic.
Correct that on the NIC and rerun the CEICW.
Ideally, you should be running DHCP on the workstations... which would suggest to me that you did not join them to the domain properly... using http://<servername>/connectcomput
Jeff
TechSoEasy
And again, I'd suggest that you test the server using www.mxtoolbox.com. It tends to be a bit more unforgiving than dnsreport.com.
Jeff
TechSoEasy
Jeff
TechSoEasy
ASKER
Jeff,
The subnet mask is actually 255.255.255.0, i made type error
here is the result from mxtoolbox:
RESULT: smtp.domain.co.uk
Banner: domain.co.uk Microsoft ESMTP MAIL Service, Version: 6.0.3790.3959 ready at Thu, 31 May 2007 11:52:02 +0100 [125 ms]
Connect Time: 0.125 seconds - Good
Transaction Time: 10.891 seconds - Not good!
Relay Check: OK - This server is not an open relay.
Rev DNS Check: OK - 111.11.11.11resolves to host217-34-50-122.in-addr.
GeoCode Info: Geocoding server is unavailable
Session Transcript: HELO mxtoolbox.com - DIAGNOSTIC TEST - See http://www.mxtoolbox.com/Policy.aspx
501 5.5.4 Invalid Address [5125 ms]
HELO mxtoolbox.com
250 domain.co.uk Hello [64.20.227.131] [125 ms]
MAIL FROM: <test@mxtoolbox.com>
250 2.1.0 test@mxtoolbox.com....Send
RCPT TO: <test@mxtoolbox.com>
550 5.7.1 Unable to relay for test@mxtoolbox.com [5125 ms]
QUIT
221 2.0.0 domain.co.uk Service closing transmission channel [141 ms]
The subnet mask is actually 255.255.255.0, i made type error
here is the result from mxtoolbox:
RESULT: smtp.domain.co.uk
Banner: domain.co.uk Microsoft ESMTP MAIL Service, Version: 6.0.3790.3959 ready at Thu, 31 May 2007 11:52:02 +0100 [125 ms]
Connect Time: 0.125 seconds - Good
Transaction Time: 10.891 seconds - Not good!
Relay Check: OK - This server is not an open relay.
Rev DNS Check: OK - 111.11.11.11resolves to host217-34-50-122.in-addr.
GeoCode Info: Geocoding server is unavailable
Session Transcript: HELO mxtoolbox.com - DIAGNOSTIC TEST - See http://www.mxtoolbox.com/Policy.aspx
501 5.5.4 Invalid Address [5125 ms]
HELO mxtoolbox.com
250 domain.co.uk Hello [64.20.227.131] [125 ms]
MAIL FROM: <test@mxtoolbox.com>
250 2.1.0 test@mxtoolbox.com....Send
RCPT TO: <test@mxtoolbox.com>
550 5.7.1 Unable to relay for test@mxtoolbox.com [5125 ms]
QUIT
221 2.0.0 domain.co.uk Service closing transmission channel [141 ms]
ASKER
Do you guys think that it could be to do with the firewall?
I am running a cisco pix 501below is the confihure, also i changed the SMTP internal IP address, just a few days back:
PIX Version 6.3(5)
interface ethernet0 100full
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password encrypted
passwd encrypted
hostname pix
domain-name xxxxxxx
clock timezone GMT/BST 0
clock summer-time GMT/BDT recurring last Sun Mar 1:00 last Sun Oct 2:00
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol pptp 1723
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
no fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
access-list inbound permit tcp any interface outside eq smtp
access-list inbound permit tcp any interface outside eq pptp
access-list inbound permit tcp any interface outside eq 1433
access-list inbound permit tcp any interface outside eq 3389
access-list inbound permit tcp any interface outside eq 4122
access-list inbound permit tcp any interface outside eq ftp
access-list inbound permit tcp any interface outside eq https
access-list inbound permit tcp any interface outside eq 444
pager lines 24
icmp permit any unreachable outside
mtu outside 1500
mtu inside 1500
ip address outside pppoe setroute
ip address inside 192.168.0.201 255.255.255.0
ip verify reverse-path interface outside
ip audit info action alarm
ip audit attack action alarm
pdm location 192.168.1.0 255.255.255.0 inside
pdm logging informational 100
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) tcp interface pptp 192.168.0.220 pptp netmask 255.255.25
5.255 0 0
static (inside,outside) tcp interface 1433 192.168.0.220 1433 netmask 255.255.25
5.255 0 0
static (inside,outside) tcp interface 3389 192.168.0.220 3389 netmask 255.255.25
5.255 0 0
static (inside,outside) tcp interface 4122 192.168.0.220 4122 netmask 255.255.25
5.255 0 0
static (inside,outside) tcp interface ftp 192.168.0.224 ftp netmask 255.255.255.
255 0 0
static (inside,outside) tcp interface smtp 192.168.0.220 smtp netmask 255.255.25
5.255 0 0
static (inside,outside) tcp interface https 192.168.0.220 https netmask 255.255.
255.255 0 0
static (inside,outside) tcp interface 444 192.168.0.220 444 netmask 255.255.255.
255 0 0
access-group inbound in interface outside
timeout xlate 0:05:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout sip-disconnect 0:02:00 sip-invite 0:03:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
ntp server 130.88.202.49 source outside prefer
http server enable
http 0.0.0.0 0.0.0.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
telnet timeout 5
ssh timeout 5
console timeout 0
vpdn group ADSL request dialout pppoe
vpdn group ADSL localname xxxxx
vpdn group ADSL ppp authentication chap
vpdn username xxxxxx password ********* store-local
terminal width 80
Cryptochecksum:909891d4822
: end
I am running a cisco pix 501below is the confihure, also i changed the SMTP internal IP address, just a few days back:
PIX Version 6.3(5)
interface ethernet0 100full
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password encrypted
passwd encrypted
hostname pix
domain-name xxxxxxx
clock timezone GMT/BST 0
clock summer-time GMT/BDT recurring last Sun Mar 1:00 last Sun Oct 2:00
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol pptp 1723
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
no fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
access-list inbound permit tcp any interface outside eq smtp
access-list inbound permit tcp any interface outside eq pptp
access-list inbound permit tcp any interface outside eq 1433
access-list inbound permit tcp any interface outside eq 3389
access-list inbound permit tcp any interface outside eq 4122
access-list inbound permit tcp any interface outside eq ftp
access-list inbound permit tcp any interface outside eq https
access-list inbound permit tcp any interface outside eq 444
pager lines 24
icmp permit any unreachable outside
mtu outside 1500
mtu inside 1500
ip address outside pppoe setroute
ip address inside 192.168.0.201 255.255.255.0
ip verify reverse-path interface outside
ip audit info action alarm
ip audit attack action alarm
pdm location 192.168.1.0 255.255.255.0 inside
pdm logging informational 100
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) tcp interface pptp 192.168.0.220 pptp netmask 255.255.25
5.255 0 0
static (inside,outside) tcp interface 1433 192.168.0.220 1433 netmask 255.255.25
5.255 0 0
static (inside,outside) tcp interface 3389 192.168.0.220 3389 netmask 255.255.25
5.255 0 0
static (inside,outside) tcp interface 4122 192.168.0.220 4122 netmask 255.255.25
5.255 0 0
static (inside,outside) tcp interface ftp 192.168.0.224 ftp netmask 255.255.255.
255 0 0
static (inside,outside) tcp interface smtp 192.168.0.220 smtp netmask 255.255.25
5.255 0 0
static (inside,outside) tcp interface https 192.168.0.220 https netmask 255.255.
255.255 0 0
static (inside,outside) tcp interface 444 192.168.0.220 444 netmask 255.255.255.
255 0 0
access-group inbound in interface outside
timeout xlate 0:05:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout sip-disconnect 0:02:00 sip-invite 0:03:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
ntp server 130.88.202.49 source outside prefer
http server enable
http 0.0.0.0 0.0.0.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
telnet timeout 5
ssh timeout 5
console timeout 0
vpdn group ADSL request dialout pppoe
vpdn group ADSL localname xxxxx
vpdn group ADSL ppp authentication chap
vpdn username xxxxxx password ********* store-local
terminal width 80
Cryptochecksum:909891d4822
: end
I have modified your config above to remove the password.
However this has nothing to do with the firewall as you are getting the SMTP banner from Exchange. If the firewall was blocking the traffic then you wouldn't see that.
Simon.
However this has nothing to do with the firewall as you are getting the SMTP banner from Exchange. If the firewall was blocking the traffic then you wouldn't see that.
Simon.
"The subnet mask is actually 255.255.255.0, i made type error"
I thought you may have hand-typed the IPCONFIG.
TIP FYI: you can easily copy and paste from a command window if you enable "Quick Edit". Right click on the title bar of the command window and select Properties > Options Tab. enable Quick Edit Mode and Insert Mode. Then click OK and change the option to "Modify shortcut that started this window" (if you started CMD with a shortcut) or "Save properties for future windows with same title" (if you used Run... CMD).
--------------------------
Okay, back to the issue at hand...
I think that your attempt to mask your actual domain may be inhibiting our ability to help you. Because if I were to just guess now that your server's external IP address is 217.34.50.122, that doesn't actually correspond to a valid MX Server.
Since you had made a typo the IPCONFIG, it's possible you've made a similar mistake in configuring your DNS Zone File. Without knowing the actual domain name, it's really not possible for us to give you a second/third set of eyes on that to confirm.
Jeff
TechSoEasy
I thought you may have hand-typed the IPCONFIG.
TIP FYI: you can easily copy and paste from a command window if you enable "Quick Edit". Right click on the title bar of the command window and select Properties > Options Tab. enable Quick Edit Mode and Insert Mode. Then click OK and change the option to "Modify shortcut that started this window" (if you started CMD with a shortcut) or "Save properties for future windows with same title" (if you used Run... CMD).
--------------------------
Okay, back to the issue at hand...
I think that your attempt to mask your actual domain may be inhibiting our ability to help you. Because if I were to just guess now that your server's external IP address is 217.34.50.122, that doesn't actually correspond to a valid MX Server.
Since you had made a typo the IPCONFIG, it's possible you've made a similar mistake in configuring your DNS Zone File. Without knowing the actual domain name, it's really not possible for us to give you a second/third set of eyes on that to confirm.
Jeff
TechSoEasy
ASKER
ASKER
Jeff, Simon,
I have logged onto the pix using PDM.
The pix is on a different .local domain to the SBS2003
This is becuase currently we are running W2k server on a different domain i am planning to move to sbs 2003 once i have ironed all the problems.
Would having the PIX on a differant .local domain to SBS 2003 be a possible cause to the problem?
I have logged onto the pix using PDM.
The pix is on a different .local domain to the SBS2003
This is becuase currently we are running W2k server on a different domain i am planning to move to sbs 2003 once i have ironed all the problems.
Would having the PIX on a differant .local domain to SBS 2003 be a possible cause to the problem?
Well, your DNS must have finally propagated, because now that the ISP hosts are gone, MX is failing... which would then point to the PIX not being configured properly.
It's time to bite the bullet and properly configure the PIX for your SBS 2003. Just back up the config first so that you can quickly revert should it be necessary.
Jeff
TechSoEasy
It's time to bite the bullet and properly configure the PIX for your SBS 2003. Just back up the config first so that you can quickly revert should it be necessary.
Jeff
TechSoEasy
ASKER
jeff,
I have very little experience with the PIX, i did not do the initial configuartion and also i got help to make changes to the pix from aonther post.
I will start a new post to help configure PIX 501 if this works i can then accept your above comment
How do save the config of pix?
I have very little experience with the PIX, i did not do the initial configuartion and also i got help to make changes to the pix from aonther post.
I will start a new post to help configure PIX 501 if this works i can then accept your above comment
How do save the config of pix?
I probably have less experience with PIX' than you... ;-) I never use them.
So, when you want to know the answer to a question like that?
http://www.google.com/search?q=save+pix+configuration
Jeff
TechSoEasy
So, when you want to know the answer to a question like that?
http://www.google.com/search?q=save+pix+configuration
Jeff
TechSoEasy
I disagree that it is the PIX at fault.
The test that you have carried out above shows the SMTP banner from an Exchange server. That means the PIX is allowing the traffic through.
Simon.
The test that you have carried out above shows the SMTP banner from an Exchange server. That means the PIX is allowing the traffic through.
Simon.
ASKER
I carried out s fresh installation of SBS 2003, and carried out all the config, requried.
I still have no success, so this leaves me to look at the pix as i had problems with smtp access list.
I plan to restore the pix to factory default and start from scratch with the pix
i will update on progress.
Nazmul
I still have no success, so this leaves me to look at the pix as i had problems with smtp access list.
I plan to restore the pix to factory default and start from scratch with the pix
i will update on progress.
Nazmul
ASKER
I have searching on the web for pix and found this:
"The fixup protocol smtp command enables the Mail Guard feature, which only lets mail servers receive the RFC 821, section 4.5.1 commands of HELO, MAIL, RCPT, DATA, RSET, NOOP, and QUIT. All other commands are rejected with the "500 command unrecognized" reply code.
Microsoft Exchange administrators should take special note that by default their mail servers use the extended command set of ESMTP. The PIX SMTP fixup does not cover everything that may be needed for a transaction between two ESMTP servers. Therefore, be aware that the limited set of supported Mail Guard commands may be at the root of some mail flow problems. See the documentation for more details of getting PIX and Exchange to play well together. "
On my pix config i have no fixup protocol 25, could the problem be here?
Nazmul
"The fixup protocol smtp command enables the Mail Guard feature, which only lets mail servers receive the RFC 821, section 4.5.1 commands of HELO, MAIL, RCPT, DATA, RSET, NOOP, and QUIT. All other commands are rejected with the "500 command unrecognized" reply code.
Microsoft Exchange administrators should take special note that by default their mail servers use the extended command set of ESMTP. The PIX SMTP fixup does not cover everything that may be needed for a transaction between two ESMTP servers. Therefore, be aware that the limited set of supported Mail Guard commands may be at the root of some mail flow problems. See the documentation for more details of getting PIX and Exchange to play well together. "
On my pix config i have no fixup protocol 25, could the problem be here?
Nazmul
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Simon, Jeff,
I dont think its the PIX, i had spare netgear firewall which i tried and go the same problem.
Simon, i will try your link when i get home.
Nazmul
I dont think its the PIX, i had spare netgear firewall which i tried and go the same problem.
Simon, i will try your link when i get home.
Nazmul
Well, according to www.mxtoolbox.com, your server is now accepting mail, although it does show the transaction time to be slow. I've often found that this is caused by having your Anti-Virus program misconfigured by not excluding the Exchange Databases from scanning.
Jeff
TechSoEasy
Jeff
TechSoEasy
http://technet.microsoft.com/en-us/library/bb123686.aspx