Solved

smtp communication problem

Posted on 2007-11-19
12
302 Views
Last Modified: 2013-11-30
ok i can send emails to only certain domains i.e. yahoo, gmail, etc.  i am not able to send mail or the messages are not getting delivered to the destination.  i think they are requiring some sort of authentication.  please help i am really stuck


this is my situation.  i have one server running windows server 2003 R2 and exchange 2003 sp2 on it.

my internal domain is .local
my external domain is .org

all my dns is hosted by my isp

i have one forward lookup zone for .local and there are forwarders in it to go to the dns servers of my isp

nothhing else in my dns is configured

my smtp banner is myserver.mydomain.org

all this sits behind a watchguard firewall that i have configured.  

all the ip's from my isp are pointed through the firewall to my server.

i have control over whatever you would like to try.

my question is that for mail my isp has a host record for mail.mydomain.org and the ip of 12.xxx.xxx.xxx
the 12.xxx.xxx.xxx is pointed to my server through the firewall.  incomming mail is fine.  thoutgoing is sometimes the problem where my users mail sometimes does not reach the intended recipient.

from what you have read is there anything that i have done wrong??  is there anything that i need to change or add.  does my smtp banner need to match the host record created by my isp?? (i.e. does it need to be mail.mydomain.org instead of myservername.mydomain.org.

thanks
0
Comment
Question by:amoos
  • 7
  • 5
12 Comments
 
LVL 12

Expert Comment

by:Network_Data_Support
Comment Utility
have you dot a reverse dns entery for exchange server on the external isp?

also on the watchguard firewall i take it you are using NAT to the internal server have you excluded that ip from dynamic NAT as if not it will masqurade to the gateway ip? makesure that the mail is coming from the same ip it is being received on
0
 

Author Comment

by:amoos
Comment Utility
i do not know watchguard that well.  i have taken over for a contractor that is no longer there because of performance issues.

in the watchguard firewall i have all the external ip's that were given to me from the isp forwarded to the exchange server.

what did you mean by"also on the watchguard firewall i take it you are using NAT to the internal server have you excluded that ip from dynamic NAT as if not it will masqurade to the gateway ip? makesure that the mail is coming from the same ip it is being received on"
0
 

Author Comment

by:amoos
Comment Utility
this is what i get when i do a reverse lookup from dnsstuff.com.   is mail.op-tn.org a smart host???  if so do i need to put this into the smarthost on the smtp connector??

12.189.231.181 PTR record: mail.op-tn.org. [TTL 86400s] [A=12.189.231.181]

0
 
LVL 12

Expert Comment

by:Network_Data_Support
Comment Utility
basicly you have an external public ip that the mx record and host record point to at you isp then that public ip goes to the firewall from there you have to use NAT to forward the public address to the priv address of the exchange server

that NAT 1 to 1 translation must be excluded on the watchguard from dynamic NAT translation as when you send email it will go out from the gateway address and not the public ip address that is pointing to your exchange server.

in this case the recieving member will look up your exchnage records and see it is a different address then what you a record is pointing to and think it is spam

have you turned on smtp logging to check the ndrs to see if any are reporting DNS issues?

type your domain into www.dnsstuff.com and perform a report
0
 
LVL 12

Expert Comment

by:Network_Data_Support
Comment Utility
if that is the mx record for your isp smarthost then yes as you need to foward smtp through that so it matches the ip
0
 

Author Comment

by:amoos
Comment Utility
ok this is what i got from at&t

soa cbru.br.ns.els-gms.att.net
ns cbru.br.ns.els-gms.att.net
ns cmtu.mt.ns.els-gms.att.net
@ A 12.189.231.183
mail A 12.189.231.181
www A 12.189.231.183
@ mx 10 mail.op-tn.org

since the mx is mail.op-tn.org is that what i need to have my smtp banner as??
0
How does your email signature look on mobiles?

Do your employees use mobile devices to reply to emails? With mobile becoming increasingly important to the business world, it is in your best interest to make sure that your email signature looks great across all types of devices.

 

Author Comment

by:amoos
Comment Utility
i must note also to you the mail server use to be 192.168.10.5 and now it has changed to 192.168.10.3

i made the nesscary changes on the watchguard for the ip change.  is there something hidden in the watchguard that i do not know about like a dns proxy or what not??

mail is comming in perfectly fine.  but we can only send out to certain domains.  in the smtp connector and the internet connector smtp is set to *
0
 

Author Comment

by:amoos
Comment Utility
mail A 12.189.231.181
@ mx 10 mail.op-tn.org

this is what they have for us
i am trying to call them to see if it is a smart host
0
 
LVL 12

Expert Comment

by:Network_Data_Support
Comment Utility
its is more then likely a DNS isue you have mail is looking like it is comming from somewhere diiferent then where you records are saying and then some orgs perform checks to confirm this.

i seen the same problem on a watchgurd and to fix it i had to exclude the 1 to 1 nat used for the exchange from dynamic thsi made sure that the emails came from the right public ip address and not the gateway as it was

http://www.watchguard.com/help/lss/70/Auth/nat7.htm
0
 

Author Comment

by:amoos
Comment Utility
i am calling at&t right now to find out if mail.op-tn.org is a smart host.

the link was great.  but do  you have any screen shots??  probably not but i thought that i would ask.  your help is great.

so what do you think the source of my problem is???
0
 
LVL 12

Accepted Solution

by:
Network_Data_Support earned 500 total points
Comment Utility
i think that the ip adderss the the mail is coming from does not match the ip address that your mx record is pointing to thus some companys wont except your mail
0
 

Author Closing Comment

by:amoos
Comment Utility
outstanding help.  really great
0

Featured Post

Don't lose your head updating email signatures!

Do your end users still have the wrong email signature? Do email signature updates bore you or fill you with a sense of dread? You can make this a whole lot easier on yourself by trusting an Exclaimer email signature management solution. Over 50 million users do...so should you!

Join & Write a Comment

Check out this infographic on what you need to make a good email signature that will work perfectly for your organization.
Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
In this video we show how to create a User Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Mailb…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now