amoos
asked on
how do i get mail flowing outbound smoothly???
this is my situation. i have one server running windows server 2003 R2 and exchange 2003 sp2 on it.
my internal domain is .local
my external domain is .org
all my dns is hosted by my isp
i have one forward lookup zone for .local and there are forwarders in it to go to the dns servers of my isp
nothhing else in my dns is configured
my smtp banner is myserver.mydomain.org
all this sits behind a watchguard firewall that i have configured.
all the ip's from my isp are pointed through the firewall to my server.
i have control over whatever you would like to try.
my question is that for mail my isp has a host record for mail.mydomain.org and the ip of 12.xxx.xxx.xxx
the 12.xxx.xxx.xxx is pointed to my server through the firewall. incomming mail is fine. thoutgoing is sometimes the problem where my users mail sometimes does not reach the intended recipient.
from what you have read is there anything that i have done wrong?? is there anything that i need to change or add. does my smtp banner need to match the host record created by my isp?? (i.e. does it need to be mail.mydomain.org instead of myservername.mydomain.org.
thanks
my internal domain is .local
my external domain is .org
all my dns is hosted by my isp
i have one forward lookup zone for .local and there are forwarders in it to go to the dns servers of my isp
nothhing else in my dns is configured
my smtp banner is myserver.mydomain.org
all this sits behind a watchguard firewall that i have configured.
all the ip's from my isp are pointed through the firewall to my server.
i have control over whatever you would like to try.
my question is that for mail my isp has a host record for mail.mydomain.org and the ip of 12.xxx.xxx.xxx
the 12.xxx.xxx.xxx is pointed to my server through the firewall. incomming mail is fine. thoutgoing is sometimes the problem where my users mail sometimes does not reach the intended recipient.
from what you have read is there anything that i have done wrong?? is there anything that i need to change or add. does my smtp banner need to match the host record created by my isp?? (i.e. does it need to be mail.mydomain.org instead of myservername.mydomain.org.
thanks
ASKER
i am a newbie somewhat to smtp on the firewalls. so what do you mean?? from what i described do i need to make a forward lookup zone for .org??
It is important to know what is NDR code when user's outgoing internet email is bounced ?? Refer http://support.microsoft.com/kb/256321
Since incoming email is working fine - no problem with ISP configuration.
However, it will be importnant to know whether any type SMTP scan is enabled on your firewall.
Refer http://support.microsoft.com/kb/295725/en-us. http://support.microsoft.com/kb/919091/en-us
Also kindly answere these questions;
1> have you configured SMTP conenctore ?
2> If yes; is it using Smart Host or using DNS ?
Since incoming email is working fine - no problem with ISP configuration.
However, it will be importnant to know whether any type SMTP scan is enabled on your firewall.
Refer http://support.microsoft.com/kb/295725/en-us. http://support.microsoft.com/kb/919091/en-us
Also kindly answere these questions;
1> have you configured SMTP conenctore ?
2> If yes; is it using Smart Host or using DNS ?
ASKER
the ip's that were given to me from the isp are pointed at the firewall to my server. is that what you mean?? yes the ports 110, 25, and 443 are pointed towards my server through the firewall.
SMTP is port 25. This port has to be on your Watchguard Firewall so that mail can pass though.
http://support.appriver.com/Customer/KBArticle.aspx?articleid=111
Verify that it is so that we can move on to the next step.
http://support.appriver.com/Customer/KBArticle.aspx?articleid=111
Verify that it is so that we can move on to the next step.
ASKER
Also kindly answere these questions;
1> have you configured SMTP conenctore ?
2> If yes; is it using Smart Host or using DNS ?
yes i have configured a smtp connector.
no i am not using a smart host. should i be??
my forward lookup zone for .local has forwarders in it to goto the dns servers of the isp that they gave me. is this wrong since the only forward lookup zone is .local?? should it be .org??
1> have you configured SMTP conenctore ?
2> If yes; is it using Smart Host or using DNS ?
yes i have configured a smtp connector.
no i am not using a smart host. should i be??
my forward lookup zone for .local has forwarders in it to goto the dns servers of the isp that they gave me. is this wrong since the only forward lookup zone is .local?? should it be .org??
no problem with DNS settings - kinldy obtain the copy of NDR & paste in the comments.
ASKER
one more question. my smtp bannre was advertising myservername.mydomain.loca
ASKER
since i changed the smtp banner i have not received that i know of from my users any bounce backs
try reverting the change. ie.e change it from .org to .local.
ASKER
this is one i got last night. is this something to worry about
Reporting-MTA: dns;dominic.op-tn.org
Final-Recipient: rfc822;jcum@comcast.net
Action: delayed
Status: 4.4.7
Will-Retry-Until: Mon, 19 Nov 2007 21:08:02 -0600
X-Display-Name: jcum@comcast.net
This is an automatically generated Delivery Status Notification.
THIS IS A WARNING MESSAGE ONLY.
YOU DO NOT NEED TO RESEND YOUR MESSAGE.
Delivery to the following recipients has been delayed.
jcum@comcast.net
Reporting-MTA: dns;dominic.op-tn.org
Final-Recipient: rfc822;jcum@comcast.net
Action: delayed
Status: 4.4.7
Will-Retry-Until: Mon, 19 Nov 2007 21:08:02 -0600
X-Display-Name: jcum@comcast.net
This is an automatically generated Delivery Status Notification.
THIS IS A WARNING MESSAGE ONLY.
YOU DO NOT NEED TO RESEND YOUR MESSAGE.
Delivery to the following recipients has been delayed.
jcum@comcast.net
ASKER
the reason why i changed the smtp banner from .local to .org was that when it was .local i was getting tons of bounce back saying that the recipients could not validate the myserver.mydomain.local so i changed it.
ASKER
Your message did not reach some or all of the intended recipients.
this is another one that i got
Subject: testing
Sent: 11/16/2007 3:02 PM
The following recipient(s) could not be reached:
JWALL4015@cs.com on 11/18/2007 3:05 PM
Could not deliver the message in the time limit specified. Please retry or contact your administrator.
<dominic.op-tn.org #4.4.7>
this is another one that i got
Subject: testing
Sent: 11/16/2007 3:02 PM
The following recipient(s) could not be reached:
JWALL4015@cs.com on 11/18/2007 3:05 PM
Could not deliver the message in the time limit specified. Please retry or contact your administrator.
<dominic.op-tn.org #4.4.7>
k fine abt banner change. no need to revert back.
4.4.7 means email is delayed - because it is not able to comminicate remote server's SMTP. It will keep trying till the time you have mentioned in SMTP virtual server's settings.
When such error comes - try getting MX record of that server by NSLOOKUp & then communicate with SMTP server of remore domain by telnet ip 25.
4.4.7 means email is delayed - because it is not able to comminicate remote server's SMTP. It will keep trying till the time you have mentioned in SMTP virtual server's settings.
When such error comes - try getting MX record of that server by NSLOOKUp & then communicate with SMTP server of remore domain by telnet ip 25.
ASKER
is this something that i need to worry about?? since it is not on my side??
it is important to check whether you are able to communicate with other mailing domains.
Comcast are personal email address portal like Yahoo, GMAIL. They are not company.com. You need to decide!! Depends on what type of email is sent?
Comcast are personal email address portal like Yahoo, GMAIL. They are not company.com. You need to decide!! Depends on what type of email is sent?
ASKER
cool. i have many users that communicate with yahoo, gmail, etc. and about 95% percent of them go through. so is that a high enough percentage?? or do i need to start checking into this?? if it were you would you check into this or let it sit for a while??
ASKER
how do i check for my exchange server for these communications to make sure i can communicate with other smtp servers on the internet??
Obviously took it on priority!! You never know when Company CEO faces these issues. So talking to your ISP for alternative is good idea.
They may come up with other DNS servers. Or; try using smart host (given by ISP)!!
They may come up with other DNS servers. Or; try using smart host (given by ISP)!!
On server properties - diagnostic logging - MSExchange Transport - NDR - Minimum - Apply.
For every NDR email it will generate event ID!! You can monitor it for 24-48 hours to check your exchange server is not able to communicate with how many remote mail domains with same error code!!
For every NDR email it will generate event ID!! You can monitor it for 24-48 hours to check your exchange server is not able to communicate with how many remote mail domains with same error code!!
ASKER
so once i do that. and if it returns remote servers that i cannot communicate with how do i fix that???
As I have said it's not communicating with other server - option you have is to contact that Server (Domain) Admin.
ASKER
that would be me. i have just found out exactly that. that it is not communicating with other smtp servers on the internet. i have a watchguard firewall i think the problem might be in there. is that possible???
how do i fix this communication problem???
how do i fix this communication problem???
ASKER
i found this in one of the postings. is this something that i need to do?? if so is it meaning that i need to put in the user name and password of the server. i.e. the login info for the exchange server??? because right now it is set to anonymous access no username or password required
Anyway, the server you are sending your email out through is rejecting your message. If that server is not Demon's server then you need to adjust the SMTP Connector to authenticate when sending email.
ESM, Connectors. Right click on the SBS SMTP Connector and choose properties.
Click on the tab Advanced and then Outbound Security. Enter the username and password required by the operator of the server you send email through in to the box. Apply/OK out.
Anyway, the server you are sending your email out through is rejecting your message. If that server is not Demon's server then you need to adjust the SMTP Connector to authenticate when sending email.
ESM, Connectors. Right click on the SBS SMTP Connector and choose properties.
Click on the tab Advanced and then Outbound Security. Enter the username and password required by the operator of the server you send email through in to the box. Apply/OK out.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
great help
also, for future references, have you thought about dropping your ISP as your mail host and hosting it yourself? it may seem complicated but with the proper help it can be done. if you ever have thoughts about it, i created a tutorial that could help. you already have the proper things in place, so it would be easy.
http://techrepublic.com.com/5208-6230-0.html?forumID=102&threadID=239582&messageID=2330632