Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

smtp communication problem

Posted on 2007-11-19
12
Medium Priority
?
310 Views
Last Modified: 2013-11-30
ok i can send emails to only certain domains i.e. yahoo, gmail, etc.  i am not able to send mail or the messages are not getting delivered to the destination.  i think they are requiring some sort of authentication.  please help i am really stuck


this is my situation.  i have one server running windows server 2003 R2 and exchange 2003 sp2 on it.

my internal domain is .local
my external domain is .org

all my dns is hosted by my isp

i have one forward lookup zone for .local and there are forwarders in it to go to the dns servers of my isp

nothhing else in my dns is configured

my smtp banner is myserver.mydomain.org

all this sits behind a watchguard firewall that i have configured.  

all the ip's from my isp are pointed through the firewall to my server.

i have control over whatever you would like to try.

my question is that for mail my isp has a host record for mail.mydomain.org and the ip of 12.xxx.xxx.xxx
the 12.xxx.xxx.xxx is pointed to my server through the firewall.  incomming mail is fine.  thoutgoing is sometimes the problem where my users mail sometimes does not reach the intended recipient.

from what you have read is there anything that i have done wrong??  is there anything that i need to change or add.  does my smtp banner need to match the host record created by my isp?? (i.e. does it need to be mail.mydomain.org instead of myservername.mydomain.org.

thanks
0
Comment
Question by:amoos
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 5
12 Comments
 
LVL 12

Expert Comment

by:Network_Data_Support
ID: 20314331
have you dot a reverse dns entery for exchange server on the external isp?

also on the watchguard firewall i take it you are using NAT to the internal server have you excluded that ip from dynamic NAT as if not it will masqurade to the gateway ip? makesure that the mail is coming from the same ip it is being received on
0
 

Author Comment

by:amoos
ID: 20314401
i do not know watchguard that well.  i have taken over for a contractor that is no longer there because of performance issues.

in the watchguard firewall i have all the external ip's that were given to me from the isp forwarded to the exchange server.

what did you mean by"also on the watchguard firewall i take it you are using NAT to the internal server have you excluded that ip from dynamic NAT as if not it will masqurade to the gateway ip? makesure that the mail is coming from the same ip it is being received on"
0
 

Author Comment

by:amoos
ID: 20314451
this is what i get when i do a reverse lookup from dnsstuff.com.   is mail.op-tn.org a smart host???  if so do i need to put this into the smarthost on the smtp connector??

12.189.231.181 PTR record: mail.op-tn.org. [TTL 86400s] [A=12.189.231.181]

0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 12

Expert Comment

by:Network_Data_Support
ID: 20314476
basicly you have an external public ip that the mx record and host record point to at you isp then that public ip goes to the firewall from there you have to use NAT to forward the public address to the priv address of the exchange server

that NAT 1 to 1 translation must be excluded on the watchguard from dynamic NAT translation as when you send email it will go out from the gateway address and not the public ip address that is pointing to your exchange server.

in this case the recieving member will look up your exchnage records and see it is a different address then what you a record is pointing to and think it is spam

have you turned on smtp logging to check the ndrs to see if any are reporting DNS issues?

type your domain into www.dnsstuff.com and perform a report
0
 
LVL 12

Expert Comment

by:Network_Data_Support
ID: 20314485
if that is the mx record for your isp smarthost then yes as you need to foward smtp through that so it matches the ip
0
 

Author Comment

by:amoos
ID: 20314504
ok this is what i got from at&t

soa cbru.br.ns.els-gms.att.net
ns cbru.br.ns.els-gms.att.net
ns cmtu.mt.ns.els-gms.att.net
@ A 12.189.231.183
mail A 12.189.231.181
www A 12.189.231.183
@ mx 10 mail.op-tn.org

since the mx is mail.op-tn.org is that what i need to have my smtp banner as??
0
 

Author Comment

by:amoos
ID: 20314524
i must note also to you the mail server use to be 192.168.10.5 and now it has changed to 192.168.10.3

i made the nesscary changes on the watchguard for the ip change.  is there something hidden in the watchguard that i do not know about like a dns proxy or what not??

mail is comming in perfectly fine.  but we can only send out to certain domains.  in the smtp connector and the internet connector smtp is set to *
0
 

Author Comment

by:amoos
ID: 20314559
mail A 12.189.231.181
@ mx 10 mail.op-tn.org

this is what they have for us
i am trying to call them to see if it is a smart host
0
 
LVL 12

Expert Comment

by:Network_Data_Support
ID: 20314595
its is more then likely a DNS isue you have mail is looking like it is comming from somewhere diiferent then where you records are saying and then some orgs perform checks to confirm this.

i seen the same problem on a watchgurd and to fix it i had to exclude the 1 to 1 nat used for the exchange from dynamic thsi made sure that the emails came from the right public ip address and not the gateway as it was

http://www.watchguard.com/help/lss/70/Auth/nat7.htm
0
 

Author Comment

by:amoos
ID: 20314657
i am calling at&t right now to find out if mail.op-tn.org is a smart host.

the link was great.  but do  you have any screen shots??  probably not but i thought that i would ask.  your help is great.

so what do you think the source of my problem is???
0
 
LVL 12

Accepted Solution

by:
Network_Data_Support earned 2000 total points
ID: 20314675
i think that the ip adderss the the mail is coming from does not match the ip address that your mx record is pointing to thus some companys wont except your mail
0
 

Author Closing Comment

by:amoos
ID: 31409988
outstanding help.  really great
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The core idea of this article is to make you acquainted with the best way in which you can export Exchange mailbox to PST format.
As much as Microsoft wants to kill off PST file support, just as they tried to do with public folders, there are still times when it is useful or downright necessary to export Exchange mailboxes to PST files. Thankfully, it is still possible to e…
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question