We help IT Professionals succeed at work.

Domain running on Exchange 2003 unable to receive external e-mails

354 Views
Last Modified: 2008-04-24
Hello,

I recently setup my domain name angnetworking[dot]com on Windows Server 2003 Std Edition w/SP1 and Exchange 2003. In my registrar I have setup an MX record for mail.angnetworking[dot]com which points to my correct IP address of the mail server (currently there is only one server in the domain which handles DNS, MAIL, AD, etc).

My internet message formats in ESM has a domain wildcard of '*' to allow e-mails from any domain and my recipient policy has an SMTP type of '@angnetworking[dot]com'.

I don't have any anti-virus or spam blockers installed at all. I have checked DNSReport and it looks like everything is fine.

I also tried to send mail via Telnet. I do telnet angnetworking[dot]com 25 and I get connected. I type HELO and get a response. I type MAIL FROM: and enter a personal e-mail addy and it says sender OK. Then I type RCPT TO: ggross@angnetworking[dot].com and it gets stuck. It never says 'Recipient OK'.

Thus, when I attempt to send e-mail to ggross@angnetworking[dot]com (or any other email account in the domain) from any external domain, I get the following message:

This is an automatically generated Delivery Status Notification.

Delivery to the following recipients failed.

      ggross@angnetworking[dot]com




Final-Recipient: rfc822;ggross@angnetworking[dot]com
Action: failed
Status: 5.0.0
X-Display-Name: Greg Gross



I'm sorry if this is a duplicate post (I'm sure it is) but I have searched similar topics to no avail.

Thank you to all who reply/help. If I figure out how to assign/award points to anyone who offers assistance, I will surely do that and be very generous!
Comment
Watch Question

Top Expert 2006

Commented:
check whether you have all the smtp verbs listed
http://support.microsoft.com/kb/822939/en-us

Commented:
This might be a stupid question but did you create mailboxes for the your users?  When you create new users you will be prompted to create a mailbox however existing users need to have a mailbox setup.  This can be done by going to Active Directory Users and Computers, right click on a user, go to Exchange Tasks, and setup a mailbox.

Author

Commented:
Hi,

Unfortunately I established a telnet session to my domain, sent the ehlo command as suggested by Microsoft's article, and I did get back all of the required/mentioned Verbs.

Any other ideas?

Author

Commented:
@fcspaul: Yes, I have created the appropriate mailbox for the user in question. I can verify this by viewing the 'E-mail Addresses' tab of the user's property pages in Active Directory and I see the SMTP type 'ggross@angnetworking[dot]com' listed.

Commented:
What happens when you send mail from 'ggross@angnetworking[dot]com'?

Author

Commented:
When I send FROM ggross@angnetworking[dot].com it appears to work just fine (I don't know how!). I have tested it to a GMail account as well as a Yahoo account with success. =/
Top Expert 2006

Commented:
check the configuration of the default smtp virtual server
tried a telnet to your Mx record and it appears to be working fine.

Author

Commented:
Hello again,

As mentioned, as far as I can see everything on the SMTP Virtual Server looks ok. The IP address is set to that of the server itself, under 'Advanced' the identity for the server is the same IP address using port 25 and filtering is not enabled.

On the 'Access' tab under Authentication I have Anoymous Access enabled along with Basic Authentication and also Integrated Windows Authentication.

Under connection control I have it defined as "All except the list below" for computers that may access the virtual server and there are no entries in that list.

I have defined appropriate limits on the Messages tab and on the Delivery tab nothing there seems to be relevant since it is dealing with outbound emails and I can send fine at the moment.

Commented:
Under Relay is the box at the bottom checked?

(Allow all computers which successfully authenticate to relay ...)
Top Expert 2006

Commented:
>On the 'Access' tab under Authentication I have Anoymous Access enabled along with Basic Authentication and also Integrated Windows Authentication.

"Anoymous Access" should not be checked
Set the IP address to "All Unassigned"

after making these changes stop and start the smtp virtual server or the smtp service.

Author

Commented:
@fcspaul: Yes, the box that says "Allow all computers which successfully authenticate to relay, regardless of the list above." is checked.  Should it not be? Maybe I am reading it wrong but to me that means if the computer is known as legitmate, it will be able to send [relay] emails, even if it's denied in the list above.

@rake: I will change those and see what happens. Thanks.

Author

Commented:
Well after trying rake's suggestion, I no longer get the bounce-back error message that I was previously receiving upon sending an e-mail to ggross@angnetworking[dot]com, however, nothing else happens. Gmail says my message has been sent, but it never gets through to my Outlook on the angnetworking server.  

fcspaul: Does your suggestion have anything to do wit this? (I have not yet tried it...)

Thanks again guys.
Top Expert 2006

Commented:
are the emails stuck in any queue on the server?
check http://www.amset.info/exchange/smtp.asp

Author

Commented:
Well I checked the Queues for my server and what's interesting is now I show the bounce-back message that comes from postmaster@angentworking[dot]com is stuck waiting to be delivered....

However, the 'name' of it is test.com. I have no idea what that means.

I will also check out the link you provided, but it appears I am still stuck.

Thanks.
Top Expert 2006

Commented:
that test.com must be the test message that i tried to drop via telnet

Author

Commented:
Oh ok, that makes sense then I guess. Thanks.

I used the link you provided to look at diagnostic information for inbound email and it suggested looking at the Message Tracking Center. I opened it up and did a search for anything and everything and I returned two results, one from the postmaster and one that I tried to send from my Gmail account to this domain earlier this morning. The results are as follows:

6/8/2007 8:11 AM SMTP: Message Submitted to Advanced Queuing
6/8/2007 8:11 AM SMTP: Started Message Submission to Advanced Queue
6/8/2007 8:11 AM SMTP: Message Submitted to Categorizer
6/8/2007 8:11 AM SMTP: Message Categorized and Queued for Routing
6/8/2007 8:12 AM SMTP: Message Queued for Local Delivery
6/8/2007 8:12 AM SMTP: Message Delivered Locally to ggross@angnetworking[dot].com
6/8/2007 8:12 AM SMTP: None-Delivered Report (NDR) Generated.

What the hell... the 2nd to last line says it was delivered, and the last line says it wasn't. Heh...

Thanks for sticking with me. Does this shed any light for you?

Author

Commented:
On the flipside, the 2nd message in the Message Tracking Center from postmaster is as follows:

6/8/2007 8:12 AM SMTP: Started Message Submission to Advanced Queue
6/8/2007 8:12 AM SMTP: Messaged Submitted to Categorizer
6/8/2007 8:12 AM SMTP: Message Categorized and Queued for Routing
6/8/2007 8:12 AM SMTP: Message Routed and Queued for Remote Delivery
6/8/2007 8:12 AM SMTP: Started Outbound Transfer of Message
6/8/2007 8:12 AM SMTP: Messaged transferred to mx.google.com through SMTP

I guess all that does is confirm that outbound mail is fine... :(
Top Expert 2006

Commented:
can you enable diagnostic logging to MAX for Msexchagetransport
you can find this when you open the exchange server properties in exchange system manager and then clicking on the diagnostic tab

Author

Commented:
I enabled what you asked and then sent another message from Gmail addy to angnetworking[dot]com but nothing came up in the Message Tracker.

Anything else to try?

Commented:
Send another test message to your angnetworking email and then examine the computer application event logs.

Commented:
The change that NJDfan1711 had you make will allow more information to be logged in the event logs I just referenced above.

Author

Commented:
Ok, I have a few events now:

Event Type:      Error
Event Source:      MSExchangeTransport
Event Category:      NDR
Event ID:      3008
Date:            6/8/2007
Time:            11:01:29 AM
User:            N/A
Computer:      ANGDC
Description:
A non-delivery report with a status code of 5.0.0 was generated for recipient rfc822;ggross@angnetworking[dot]com (Message-ID <ANGDCC8wSA1XvpFVjCR00000002@mail.angnetworking[dot]com>).  
Cause:  This indicates a permanent failure. Possible causes :  1)No route is defined for a given address space. For example, an SMTP connector is configured, but this recipient address does not match the address spaces for which it routes mail.  2)Domain Name Server (DNS) returned an authoritative host not found for the domain.  3)The routing group does not have a connector defined û mail from one server in the routing group has no way to get to another routing group.    
Solution: Verify that this error is not caused by a DNS lookup problem, and then check the address spaces configured on your STMP connectors. If you are delivering Internet mail through an SMTP connector,  consider adding an address space of type SMTP with value ô*ö (an asterisk) to one of the SMTP connectors to make routing possible. Verify all routing groups are connected to each other through a routing group connector or another connector.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.



And also:

Event Type:      Warning
Event Source:      MSExchangeTransport
Event Category:      Connection Manager
Event ID:      4006
Date:            6/8/2007
Time:            1:02:42 PM
User:            N/A
Computer:      ANGDC
Description:
Message delivery to the host '208.48.34.132' failed while delivering to the remote domain  'test.com' for the following reason: The remote server did not respond to a connection attempt.


For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: d2 02 04 c0               Ò..À    


Where does it get this 208.48.34.132 IP address from?  That's not my public IP for anything...

Author

Commented:
I should add, I have created a Routing Group, but never actually created a connector for it because I thought that was only needed for special circumstances. Is that correct, or do I need to create an SMTP connector?

Commented:
Yes a routing group is needed.

The 208.48.34.132 address is the address for test.com.  Since the email could not be delivered it is attempting to send a Non-Delivery Report back to the sender .... in this case test.com.

Author

Commented:
So what should I create, an SMTP connector? And then add what, the SMTP virtual server as the local bridgehead?

In the address space I add * for my domain?

On the Connected Routing Groups tab do I need to add anything?

I really don't understand these steps, that is, what they're doing to help me and why they're necessary. A little more guidance would be much helpful and appreciated as it seems this may be the source of my problem (do you agree?)

Thanks!

Commented:
You do not need anything on the Connected Routing Groups tab.  The address space you created is correct.  The SMTP virtual server should be the local bridgehead.

I do believe this is the problem.

I do not have time to give more info right now however I will try to comment with some more info a little later.

Commented:
While trying to find you more information as to why this is necessary it appears I was wrong .... it is only necessary in the following instances.  I apologize.  I thought it was needed.  Every installation I have done I have setup a connector.  Of course usually this is desired.  Unfortunately I will be away from my computer for awhile so it may take me some time to get back to your issue.  Hopefully someone else will be able to help you before I get back to you.  I will be back either way :)

Reasons to create an SMTP connector include:
"      You are connecting to a Microsoft Exchange Server 5.5 computer in another routing group (site),  and want to use SMTP.
"      You want to configure either server-side or client-side ETRN/TURN.
"      You want either to send or not to send ETRN/TURN.
"      You want to request ETRN/TURN when sending messages.
"      You want to request ETRN/TURN from different servers.
"      You want to configure outbound security, and to do it one time and affect many outbound servers.
"      You want to permit high, normal, or low message priorities for a domain.
"      You want to permit system or non-system messages.
"      You want to schedule the SMTP connector.
"      You want to use different delivery times for oversize messages.
"      You want to queue mail for remote triggered delivery.
"      You want to send HELO instead of EHLO.
"      You want to specify a specific address space.
"      You want to set delivery restrictions.

Commented:
What does it say under the SMTP Virtual Server >> Delivery Tab >> Advanced Delivery >> Fully-qualified domain name?  Also check the button 'Check DNS' and make sure it says it is a valid domain.

Commented:
"Anoymous Access" should not be checked
Set the IP address to "All Unassigned"

Perhaps someone more knowledgeable can answer this but do you not have to have Anonymous Access enabled here so emails can be received by this server?  How would an outside server such as Gmail know the username and password needed to send an email to this server?

Also at the time I am unable to send a test message to you by telnet.  When I try a 'MAIL FROM' command it returns an error saying Unrecognized param.

Author

Commented:
fcspaul: Yes, I had thought I was correct. I was pretty sure it wasn't necessary to have an SMTP Connector in my case. Also, the FQDN on the Advanced Delivery page is mail.angnetworking.com and when I do a check on it it returns as a valid entry.

Secondly, 'Anonymous Access" is no longer checked as you provided, and the IP address has since been changed to "All Unassigned".

I do not know the answer to your anonymous access question, I was basically wondering the same thing myself.

Lastly, I believe the MAIL FROM command needs a colon (:) directly after it in order to work.

Thanks for helping again and sorry for the week-long delay, I was out of town on vacation. Hopefully we can pick up where we left off.

Commented:
I thought I had but I just tried it again to be sure.  Same problem.  Try checking Anonymous Access and restart the SMTP service.  After that I will try again.

Author

Commented:
fcspaul: I was actually in the process of restarting the machine after upgrading to Service Pack 2. After I did that, I  now have another error that is haulting me completely: When I tried to start the SMTP Virtual Server (and the POP3 virtual server) I get the same error message for both: The service could not bind instance 1. The data is in the error code.

0000: 40 27 00 00

Is this a problem with SP2 for Server 2003? I checked other pages here on EE and they suggested changing the IP from All Unassigned to the box's actual IP, which I did, but that didn't fix it.

Thanks again!

Commented:
I don't know if any suggestions here will help ....
http://www.eventid.net/display.asp?eventid=115&eventno=663&s%20ource=SMTPSVC&phase=1

I will try to keep looking.

Commented:
Did you try all the suggestions on the accepted solution here?
https://www.experts-exchange.com/Networking/Email_Groupware/Exchange_Server/Q_21446797.html

Author

Commented:
fcspaul: Yes, that is the exact EE page I found and I did try all of the suggestions.

One thing I noticed was that I had the "Mail Server" role installed on the box. I decided this may have been wreaking havoc with my SMTP/POP3 services that were pre-populated during the Exchange install so I removed the Mail Server role and consequently that removed my POP3 service completely and also screwed up the SMTP service, but did not remove it. Having noticed this, I looked around some more myself and found that the only real option was uninstalling and re-installing Exchange.

After doing that Exchange is up and running as it was at the start of today with the only exception being that I tested an e-mail from myself @angnetworking[dot]com to the same address myself @angnetworking[dot]com and it worked. I then tested agian to make sure I could still send out e-mails and those worked as well. Thus, the only issue remains that I cannot receive external e-mails.

And yes, the IP is All Unassigned and the Anonymous Access is UNchecked.

Do you want to try sending mail via telnet again?

Thanks!
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
Well.....that worked!! I don't believe it, but it's working now. Amazing. That's so much for your help paul. Points will be awarded as soon as I'm done typing this :).

Thanks again!

Commented:
You are very welcome.  I am glad it worked for you.
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.