Solved

how do i get mail flowing outbound smoothly???

Posted on 2007-11-19
26
273 Views
Last Modified: 2013-11-30
this is my situation.  i have one server running windows server 2003 R2 and exchange 2003 sp2 on it.

my internal domain is .local
my external domain is .org

all my dns is hosted by my isp

i have one forward lookup zone for .local and there are forwarders in it to go to the dns servers of my isp

nothhing else in my dns is configured

my smtp banner is myserver.mydomain.org

all this sits behind a watchguard firewall that i have configured.  

all the ip's from my isp are pointed through the firewall to my server.

i have control over whatever you would like to try.

my question is that for mail my isp has a host record for mail.mydomain.org and the ip of 12.xxx.xxx.xxx
the 12.xxx.xxx.xxx is pointed to my server through the firewall.  incomming mail is fine.  thoutgoing is sometimes the problem where my users mail sometimes does not reach the intended recipient.

from what you have read is there anything that i have done wrong??  is there anything that i need to change or add.  does my smtp banner need to match the host record created by my isp?? (i.e. does it need to be mail.mydomain.org instead of myservername.mydomain.org.

thanks
0
Comment
Question by:amoos
  • 15
  • 8
  • 2
  • +1
26 Comments
 
LVL 13

Expert Comment

by:cshepfam
ID: 20312616
is smtp on your FIREWALL configured properly?  



also, for future references, have you thought about dropping your ISP as your mail host and hosting it yourself?  it may seem complicated but with the proper help it can be done.  if you ever have thoughts about it, i created a tutorial that could help.  you already have the proper things in place, so it would be easy.


http://techrepublic.com.com/5208-6230-0.html?forumID=102&threadID=239582&messageID=2330632
0
 

Author Comment

by:amoos
ID: 20312675
i am a newbie somewhat to smtp on the firewalls.  so what do you mean??  from what i described do i need to make a forward lookup zone for .org??
0
 
LVL 13

Expert Comment

by:vishal_breed
ID: 20312707
It is important to know what is NDR code when user's outgoing internet email is bounced ?? Refer http://support.microsoft.com/kb/256321

Since incoming email is working fine - no problem with ISP configuration.

However, it will be importnant to know whether any type SMTP scan is enabled on your firewall.
Refer http://support.microsoft.com/kb/295725/en-us. http://support.microsoft.com/kb/919091/en-us

Also kindly answere these questions;
1> have you configured SMTP conenctore ?
2> If yes; is it using Smart Host or using DNS ?

 

0
 

Author Comment

by:amoos
ID: 20312709
the ip's that were given to me from the isp are pointed at the firewall to my server.  is that what you mean??  yes the ports 110, 25, and 443 are pointed towards my server through the firewall.
0
 
LVL 13

Expert Comment

by:cshepfam
ID: 20312725
SMTP is port 25.  This port has to be on your Watchguard Firewall so that mail can pass though.

http://support.appriver.com/Customer/KBArticle.aspx?articleid=111



Verify that it is so that we can move on to the next step.
0
 

Author Comment

by:amoos
ID: 20312729
Also kindly answere these questions;
1> have you configured SMTP conenctore ?
2> If yes; is it using Smart Host or using DNS ?

yes i have configured a smtp connector.
no i am not using a smart host.  should i be??

my forward lookup zone for .local has forwarders in it to goto the dns servers of the isp that they gave me.  is this wrong since the only forward lookup zone is .local??  should it be .org??
0
 
LVL 13

Expert Comment

by:vishal_breed
ID: 20312743
no problem with DNS settings - kinldy obtain the copy of NDR & paste in the comments.
0
 

Author Comment

by:amoos
ID: 20312781
one more question.  my smtp bannre was advertising myservername.mydomain.local  i changed this a few days ago to advertise myservername.mydomain.org because .local is not a valid domain on the internet.  so it is now advertising myservername.mydomain.org like it should.  was this the right thing to do??  since i did it from the gui in system manager do i have to also do it in the metabase.xml file with the 36907 code??
0
 

Author Comment

by:amoos
ID: 20312789
since i changed the smtp banner i have not received that i know of from my users any bounce backs
0
 
LVL 13

Expert Comment

by:vishal_breed
ID: 20312805
try reverting the change. ie.e change it from .org to .local.
0
 

Author Comment

by:amoos
ID: 20312834
this is one i got last night.  is this something to worry about

Reporting-MTA: dns;dominic.op-tn.org

Final-Recipient: rfc822;jcum@comcast.net
Action: delayed
Status: 4.4.7
Will-Retry-Until: Mon, 19 Nov 2007 21:08:02 -0600
X-Display-Name: jcum@comcast.net
This is an automatically generated Delivery Status Notification.

THIS IS A WARNING MESSAGE ONLY.

YOU DO NOT NEED TO RESEND YOUR MESSAGE.

Delivery to the following recipients has been delayed.

       jcum@comcast.net


0
 

Author Comment

by:amoos
ID: 20312843
the reason why i changed the smtp banner from .local to .org was that when it was .local i was getting tons of bounce back saying that the recipients could not validate the myserver.mydomain.local  so i changed it.
0
 

Author Comment

by:amoos
ID: 20312860
Your message did not reach some or all of the intended recipients.
this is another one that i got

Subject: testing
Sent: 11/16/2007 3:02 PM

The following recipient(s) could not be reached:

  JWALL4015@cs.com on 11/18/2007 3:05 PM
  Could not deliver the message in the time limit specified. Please retry or contact your administrator.
  <dominic.op-tn.org #4.4.7>
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 
LVL 13

Expert Comment

by:vishal_breed
ID: 20312887
k fine abt banner change. no need to revert back.

4.4.7 means email is delayed - because it is not able to comminicate remote server's SMTP. It will keep trying till the time you have mentioned in SMTP virtual server's settings.

When such error comes - try getting MX record of that server by NSLOOKUp & then communicate with SMTP server of remore domain by telnet ip 25.
0
 

Author Comment

by:amoos
ID: 20312935
is this something that i need to worry about??  since it is not on my side??
0
 
LVL 13

Expert Comment

by:vishal_breed
ID: 20313007
it is important to check whether you are able to communicate with other mailing domains.

Comcast are personal email address portal like Yahoo, GMAIL. They are not company.com. You need to decide!! Depends on what type of email is sent?
0
 

Author Comment

by:amoos
ID: 20313025
cool.  i have many users that communicate with yahoo, gmail, etc.  and about 95% percent of them go through.  so is that a high enough percentage?? or do i need to start checking into this??  if it were you would you check into this or let it sit for a while??
0
 

Author Comment

by:amoos
ID: 20313047
how do i check for my exchange server for these communications to make sure i can communicate with other smtp servers on the internet??
0
 
LVL 13

Expert Comment

by:vishal_breed
ID: 20313052
Obviously took it on priority!! You never know when Company CEO faces these issues. So talking to your ISP for alternative is good idea.

They may come up with other DNS servers. Or; try using smart host (given by ISP)!!
0
 
LVL 13

Expert Comment

by:vishal_breed
ID: 20313073
On server properties - diagnostic logging - MSExchange Transport - NDR - Minimum - Apply.

For every NDR email it will generate event ID!! You can monitor it for 24-48 hours to check your exchange server is not able to communicate with how many remote mail domains with same error code!!
0
 

Author Comment

by:amoos
ID: 20313579
so once i do that.  and if it returns remote servers that i cannot communicate with how do i fix that???
0
 
LVL 13

Expert Comment

by:vishal_breed
ID: 20313600
As I have said it's not communicating with other server - option you have is to contact that Server (Domain) Admin.
0
 

Author Comment

by:amoos
ID: 20313698
that would be me.  i have just found out exactly that.  that it is not communicating with other smtp servers on the internet.  i have a watchguard firewall i think the problem might be in there.  is that possible???  

how do i fix this communication problem???
0
 

Author Comment

by:amoos
ID: 20313761
i found this in one of the postings.  is this something that i need to do??  if so is it meaning that i need to put in the user name and password of the server.  i.e. the login info for the exchange server???  because right now it is set to anonymous access no username or password required

Anyway, the server you are sending your email out through is rejecting your message. If that server is not Demon's server then you need to adjust the SMTP Connector to authenticate when sending email.
ESM, Connectors. Right click on the SBS SMTP Connector and choose properties.
Click on the tab Advanced and then Outbound Security. Enter the username and password required by the operator of the server you send email through in to the box. Apply/OK out.
0
 
LVL 31

Accepted Solution

by:
rid earned 500 total points
ID: 20315450
Your "SMTP banner" should reflect the proper domain name that people send mail to; yourdomain.org in this case. The host name (mail.yourdomain.org or whatever) may need to be in the DNS record and match your IP. Total consistency is best; the local domain name shouldn't ever be advertised outside the LAN.

I may have missed it in this longish thread, but did you check that a reverse DNS lookup can be done with proper results? Failure in that department will cause failures when sending mail.
/RID
0
 

Author Closing Comment

by:amoos
ID: 31409938
great help
0

Featured Post

Don't lose your head updating email signatures!

Do your end users still have the wrong email signature? Do email signature updates bore you or fill you with a sense of dread? You can make this a whole lot easier on yourself by trusting an Exclaimer email signature management solution. Over 50 million users do...so should you!

Join & Write a Comment

This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now