Mail delivery fails: "Must issue a STARTTLS command first"

I've a running Exchange (SBS) on pc-manden.net. But I'm so far been unable to recieve any mail, everything is bounceed with the message:
"PERM_FAILURE: SMTP Error (state 12): 530 5.7.0 Must issue a STARTTLS command first"

It has something to do with the security measures, but I've tried following several guides, none of them helped me.
As far as I can tell this is only part of the problem, because I get several other 'wrongs' when checking the domain with different tools. One said that there where no MX record at this domain, but that isn't true. It's there and it's defined in the DNS...
ellegaardAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

suppsawsCommented:
Hello ellegaard,

Did you follow all the correct steps to make exchange working?
First let SBS install exchange (by default). Also install SP2.
After that you need to get yourself a fixed ip and make the dns records (mail.yourdomain.com which points to that fixed ip). So you will need an MX record and an A-record.
Check your dns settings at dnsstuff for example.
Then you need to RERUN the CEICW (connect to the internet wizard) and create the correct certificate to match the FQDN.

Regards,

suppsaws
0
ellegaardAuthor Commented:
I think I've done all that and done it correctly - but something has gone wrong...

I did a test on http://www.dnscolos.com/free-dns-report.html and it came back with only one warning:
"Mailserver connection test
HELO, MAIL FROM, RCPT TO, QUIT"  resulted in
"Connect to mailserver mail.pc-manden.net   FAILED (could be greylisting)
Connect to mailserver backup-mx.zitcom.dk   FAILED (could be greylisting)
554 5.7.1 : Relay access denied  "

How do I fix that?
0
ellegaardAuthor Commented:
Did some checking and found that this could be caused by my naming of the server servername.pc-manden.local. But that was what the SBS guide suggested.
0
The Ultimate Tool Kit for Technolgy Solution Provi

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy for valuable how-to assets including sample agreements, checklists, flowcharts, and more!

suppsawsCommented:
It looks like your mx records are fine.
I can login to your server on port 25 so that also looks fine.
Did you rerun the CEICW and fill in mail.pc-manden.net for the cert?
Did you choose dns te route the mail and use SMTP? Did you fill in the correct domain  name?
The naming of your server is perfect btw.
Are you getting any specific exchange errors in the eventlogs?
0
ellegaardAuthor Commented:
Certificat issued to www.pc-manden.net - is that a problem? If I want to use Remote Access as well I need the certificat to be made out to the www - or do I?
0
suppsawsCommented:
no no, the cert needs to be the FQDN of your server, that is 'mail.pc-manden.net', this has nothing to do with your www record.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ellegaardAuthor Commented:
ok, changed that, it might have solved some other problems but not this one. I still get

PERM_FAILURE: SMTP Error (state 12): 530 5.7.0 Must issue a STARTTLS command first
0
ellegaardAuthor Commented:
The mailserver test gives me:
Connect to mailserver mail.pc-manden.net   FAILED (could be greylisting)
Connect to mailserver backup-mx.zitcom.dk   FAILED (could be greylisting)
530 5.7.0 Must issue a STARTTLS command first  "

So one down, one more to go...   :-)
0
suppsawsCommented:
0
ellegaardAuthor Commented:
Had read that but didn't find anything usefull. Checked my ESMTP verbs, they seem to be ok, but I don't understand why I should wnat to turn them off?
0
ellegaardAuthor Commented:
You can see my comments in the bottom of the thread as I posted them the in wrong place...  :-)
0
ellegaardAuthor Commented:
I must have had several errors cause now I found this (http://www.webservertalk.com/archive128-2006-10-1716814.html) as the solution. And I KNOW that I have tried it with it turned off as well.
But my problem is solved as it seems to work now.
Thx for your help
0
suppsawsCommented:
ellegaard,

so what did you change actually now that it works?
I think the CEICW solved it.

suppsaws
0
ellegaardAuthor Commented:
the changed certificat definantly helped! Butthe last problem was caused by my faulty choice in insisting on encrypted communication

so point are coming your way - thank you!
0
suppsawsCommented:
where did you put the encrypted communication?
0
ellegaardAuthor Commented:
Well, more like Secure Communication. See this http://www.webservertalk.com/archive128-2006-10-1716814.html
0
suppsawsCommented:
One general tip, only use the wizards in sbs, never do anything manual or you will get into problems.
The whole exchange is configured for you with the CEICW wizard.
0
ellegaardAuthor Commented:
but only with one domain. Not problem yet, but it will be soon...
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Email Protocols

From novice to tech pro — start learning today.