This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.
COURSE of the MONTH
8 days, 1 hour left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
how do i get mail flowing outbound smoothly???
Posted on 2007-11-19
this is my situation. i have one server running windows server 2003 R2 and exchange 2003 sp2 on it.
my internal domain is .local
my external domain is .org
all my dns is hosted by my isp
i have one forward lookup zone for .local and there are forwarders in it to go to the dns servers of my isp
nothhing else in my dns is configured
my smtp banner is myserver.mydomain.org
all this sits behind a watchguard firewall that i have configured.
all the ip's from my isp are pointed through the firewall to my server.
i have control over whatever you would like to try.
my question is that for mail my isp has a host record for mail.mydomain.org and the ip of 12.xxx.xxx.xxx
the 12.xxx.xxx.xxx is pointed to my server through the firewall. incomming mail is fine. thoutgoing is sometimes the problem where my users mail sometimes does not reach the intended recipient.
from what you have read is there anything that i have done wrong?? is there anything that i need to change or add. does my smtp banner need to match the host record created by my isp?? (i.e. does it need to be mail.mydomain.org instead of myservername.mydomain.org.
thanks
my internal domain is .local
my external domain is .org
all my dns is hosted by my isp
i have one forward lookup zone for .local and there are forwarders in it to go to the dns servers of my isp
nothhing else in my dns is configured
my smtp banner is myserver.mydomain.org
all this sits behind a watchguard firewall that i have configured.
all the ip's from my isp are pointed through the firewall to my server.
i have control over whatever you would like to try.
my question is that for mail my isp has a host record for mail.mydomain.org and the ip of 12.xxx.xxx.xxx
the 12.xxx.xxx.xxx is pointed to my server through the firewall. incomming mail is fine. thoutgoing is sometimes the problem where my users mail sometimes does not reach the intended recipient.
from what you have read is there anything that i have done wrong?? is there anything that i need to change or add. does my smtp banner need to match the host record created by my isp?? (i.e. does it need to be mail.mydomain.org instead of myservername.mydomain.org.
thanks
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
-
15
8
2- +1
26 Comments
is smtp on your FIREWALL configured properly?
also, for future references, have you thought about dropping your ISP as your mail host and hosting it yourself? it may seem complicated but with the proper help it can be done. if you ever have thoughts about it, i created a tutorial that could help. you already have the proper things in place, so it would be easy.
http://techrepublic.com.com/5208-6230-0.html?forumID=102&threadID=239582&messageID=2330632
also, for future references, have you thought about dropping your ISP as your mail host and hosting it yourself? it may seem complicated but with the proper help it can be done. if you ever have thoughts about it, i created a tutorial that could help. you already have the proper things in place, so it would be easy.
http://techrepublic.com.com/5208-6230-0.html?forumID=102&threadID=239582&messageID=2330632
i am a newbie somewhat to smtp on the firewalls. so what do you mean?? from what i described do i need to make a forward lookup zone for .org??
It is important to know what is NDR code when user's outgoing internet email is bounced ?? Refer http://support.microsoft.com/kb/256321
Since incoming email is working fine - no problem with ISP configuration.
However, it will be importnant to know whether any type SMTP scan is enabled on your firewall.
Refer http://support.microsoft.com/kb/295725/en-us. http://support.microsoft.com/kb/919091/en-us
Also kindly answere these questions;
1> have you configured SMTP conenctore ?
2> If yes; is it using Smart Host or using DNS ?
Since incoming email is working fine - no problem with ISP configuration.
However, it will be importnant to know whether any type SMTP scan is enabled on your firewall.
Refer http://support.microsoft.com/kb/295725/en-us. http://support.microsoft.com/kb/919091/en-us
Also kindly answere these questions;
1> have you configured SMTP conenctore ?
2> If yes; is it using Smart Host or using DNS ?
the ip's that were given to me from the isp are pointed at the firewall to my server. is that what you mean?? yes the ports 110, 25, and 443 are pointed towards my server through the firewall.
SMTP is port 25. This port has to be on your Watchguard Firewall so that mail can pass though.
http://support.appriver.com/Customer/KBArticle.aspx?articleid=111
Verify that it is so that we can move on to the next step.
http://support.appriver.com/Customer/KBArticle.aspx?articleid=111
Verify that it is so that we can move on to the next step.
Also kindly answere these questions;
1> have you configured SMTP conenctore ?
2> If yes; is it using Smart Host or using DNS ?
yes i have configured a smtp connector.
no i am not using a smart host. should i be??
my forward lookup zone for .local has forwarders in it to goto the dns servers of the isp that they gave me. is this wrong since the only forward lookup zone is .local?? should it be .org??
1> have you configured SMTP conenctore ?
2> If yes; is it using Smart Host or using DNS ?
yes i have configured a smtp connector.
no i am not using a smart host. should i be??
my forward lookup zone for .local has forwarders in it to goto the dns servers of the isp that they gave me. is this wrong since the only forward lookup zone is .local?? should it be .org??
one more question. my smtp bannre was advertising myservername.mydomain.loca
this is one i got last night. is this something to worry about
Reporting-MTA: dns;dominic.op-tn.org
Final-Recipient: rfc822;jcum@comcast.net
Action: delayed
Status: 4.4.7
Will-Retry-Until: Mon, 19 Nov 2007 21:08:02 -0600
X-Display-Name: jcum@comcast.net
This is an automatically generated Delivery Status Notification.
THIS IS A WARNING MESSAGE ONLY.
YOU DO NOT NEED TO RESEND YOUR MESSAGE.
Delivery to the following recipients has been delayed.
jcum@comcast.net
Reporting-MTA: dns;dominic.op-tn.org
Final-Recipient: rfc822;jcum@comcast.net
Action: delayed
Status: 4.4.7
Will-Retry-Until: Mon, 19 Nov 2007 21:08:02 -0600
X-Display-Name: jcum@comcast.net
This is an automatically generated Delivery Status Notification.
THIS IS A WARNING MESSAGE ONLY.
YOU DO NOT NEED TO RESEND YOUR MESSAGE.
Delivery to the following recipients has been delayed.
jcum@comcast.net
the reason why i changed the smtp banner from .local to .org was that when it was .local i was getting tons of bounce back saying that the recipients could not validate the myserver.mydomain.local so i changed it.
Your message did not reach some or all of the intended recipients.
this is another one that i got
Subject: testing
Sent: 11/16/2007 3:02 PM
The following recipient(s) could not be reached:
JWALL4015@cs.com on 11/18/2007 3:05 PM
Could not deliver the message in the time limit specified. Please retry or contact your administrator.
<dominic.op-tn.org #4.4.7>
this is another one that i got
Subject: testing
Sent: 11/16/2007 3:02 PM
The following recipient(s) could not be reached:
JWALL4015@cs.com on 11/18/2007 3:05 PM
Could not deliver the message in the time limit specified. Please retry or contact your administrator.
<dominic.op-tn.org #4.4.7>
k fine abt banner change. no need to revert back.
4.4.7 means email is delayed - because it is not able to comminicate remote server's SMTP. It will keep trying till the time you have mentioned in SMTP virtual server's settings.
When such error comes - try getting MX record of that server by NSLOOKUp & then communicate with SMTP server of remore domain by telnet ip 25.
4.4.7 means email is delayed - because it is not able to comminicate remote server's SMTP. It will keep trying till the time you have mentioned in SMTP virtual server's settings.
When such error comes - try getting MX record of that server by NSLOOKUp & then communicate with SMTP server of remore domain by telnet ip 25.
it is important to check whether you are able to communicate with other mailing domains.
Comcast are personal email address portal like Yahoo, GMAIL. They are not company.com. You need to decide!! Depends on what type of email is sent?
Comcast are personal email address portal like Yahoo, GMAIL. They are not company.com. You need to decide!! Depends on what type of email is sent?
cool. i have many users that communicate with yahoo, gmail, etc. and about 95% percent of them go through. so is that a high enough percentage?? or do i need to start checking into this?? if it were you would you check into this or let it sit for a while??
how do i check for my exchange server for these communications to make sure i can communicate with other smtp servers on the internet??
Obviously took it on priority!! You never know when Company CEO faces these issues. So talking to your ISP for alternative is good idea.
They may come up with other DNS servers. Or; try using smart host (given by ISP)!!
They may come up with other DNS servers. Or; try using smart host (given by ISP)!!
On server properties - diagnostic logging - MSExchange Transport - NDR - Minimum - Apply.
For every NDR email it will generate event ID!! You can monitor it for 24-48 hours to check your exchange server is not able to communicate with how many remote mail domains with same error code!!
For every NDR email it will generate event ID!! You can monitor it for 24-48 hours to check your exchange server is not able to communicate with how many remote mail domains with same error code!!
so once i do that. and if it returns remote servers that i cannot communicate with how do i fix that???
As I have said it's not communicating with other server - option you have is to contact that Server (Domain) Admin.
that would be me. i have just found out exactly that. that it is not communicating with other smtp servers on the internet. i have a watchguard firewall i think the problem might be in there. is that possible???
how do i fix this communication problem???
how do i fix this communication problem???
i found this in one of the postings. is this something that i need to do?? if so is it meaning that i need to put in the user name and password of the server. i.e. the login info for the exchange server??? because right now it is set to anonymous access no username or password required
Anyway, the server you are sending your email out through is rejecting your message. If that server is not Demon's server then you need to adjust the SMTP Connector to authenticate when sending email.
ESM, Connectors. Right click on the SBS SMTP Connector and choose properties.
Click on the tab Advanced and then Outbound Security. Enter the username and password required by the operator of the server you send email through in to the box. Apply/OK out.
Anyway, the server you are sending your email out through is rejecting your message. If that server is not Demon's server then you need to adjust the SMTP Connector to authenticate when sending email.
ESM, Connectors. Right click on the SBS SMTP Connector and choose properties.
Click on the tab Advanced and then Outbound Security. Enter the username and password required by the operator of the server you send email through in to the box. Apply/OK out.
Your "SMTP banner" should reflect the proper domain name that people send mail to; yourdomain.org in this case. The host name (mail.yourdomain.org or whatever) may need to be in the DNS record and match your IP. Total consistency is best; the local domain name shouldn't ever be advertised outside the LAN.
I may have missed it in this longish thread, but did you check that a reverse DNS lookup can be done with proper results? Failure in that department will cause failures when sending mail.
/RID
I may have missed it in this longish thread, but did you check that a reverse DNS lookup can be done with proper results? Failure in that department will cause failures when sending mail.
/RID
Featured Post
Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
After hours on line I found a solution which pointed to the inherited Active Directory permissions . You have to give/allow permissions to the "Exchange trusted subsystem" for the user in the Active Directory...
We aren’t perfect, just like everyone else. Check out the email errors our community caught and learn the top errors every email marketer should avoid.
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center.
Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center.
Navigate to the Servers >> Data…
how to add IIS SMTP to handle application/Scanner relays into office 365.
Suggested Courses
Course of the Month8 days, 1 hour left to enroll
765 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.