cfischer225
asked on
need to send mail through exchange server but isp blocks outbound port 25
i was an attglobal dsl cutomer with an exchange server on the inside sending and recieving mail. one day we switched over to cable and kept the att dsl line for a backup in case cable ever failed. when i switched to cable i saved the firewall config file for the dsl line, and the changes i made were only to our public ip address. i also changed dns info on my server. switched the cable and everything worked fine! recently our cable line went down and i switched back to the dsl. upped the old dsl config file changed the dns ionfo on the server switche dth eline and internet came up and incomming mail started flowing. only thing is i could send any mail out. i can not figure out for the life of me why mail will not leave my org. it sits in the exchange queu. there are not smtp relays on the exchange server and everything worked fine before. please let me know if there is anymor einfo i could provide.
Did you change the MX record to reflect the new DNS?
ASKER
i did, when i do an nslookup it resolves properly to the dsl ine (the one i changed it to) but mail still didnt go out
So, you can recieve email but can't send any out? Do you have any errors on the server or any bounce backs? Have you checked to see if you are blacklisted? Spam Cop is a site to see if you blacklisted.
ASKER
not blacklisted, no errors, just all the mail getting held up in exchange queu. as soon as i switched back to cable:
upped config file to firewall (exact same file with diff public ip)
changed dns info on server
switched cat5 to cable modem
changed mx record
all mail that was held up was sent
upped config file to firewall (exact same file with diff public ip)
changed dns info on server
switched cat5 to cable modem
changed mx record
all mail that was held up was sent
Call your DSL provider and ask if they blocked port 25. I just had a case two days ago on this same site that they DSL provider blocked port 25.
Some providers block port 25 if you are not using their 'business account' setup. When this happens, I recommend using a smarthost to send and receive all of your e-mail through.
Reference:
http://en.wikipedia.org/wiki/Smart_host
Comcast, a known provider that blocks outbound e-mail, does something like this as well. So to bypass their system, I utilize what is called a Mail Relay through DNSExit (Mail-Based Service Provider). It allows the external smarthost send all of my e-mail through them on a different port.
http://www.dnsexit.com/Direct.sv?cmd=mailRelay
If your inbound port 25 is also being blocked. DNSExit also offers a service called Mail Redirection.
http://www.dnsexit.com/Direct.sv?cmd=mailRedirect
Reference:
http://en.wikipedia.org/wiki/Smart_host
Comcast, a known provider that blocks outbound e-mail, does something like this as well. So to bypass their system, I utilize what is called a Mail Relay through DNSExit (Mail-Based Service Provider). It allows the external smarthost send all of my e-mail through them on a different port.
http://www.dnsexit.com/Direct.sv?cmd=mailRelay
If your inbound port 25 is also being blocked. DNSExit also offers a service called Mail Redirection.
http://www.dnsexit.com/Direct.sv?cmd=mailRedirect
ASKER
i originally thought port 25 outbound was blocked but i just was able to telne to some servers through 25 and others not through 25. i could get to
cisco.com
mail.oradell.com (another one of my clients)
i could not get to
google.com
mail.yahoo.com
i do not have a smart host set up and my isp said port 25 is not blocked but they could not prove that to me. i think i proved it by telnetting through port 25 to the above servers
cisco.com
mail.oradell.com (another one of my clients)
i could not get to
google.com
mail.yahoo.com
i do not have a smart host set up and my isp said port 25 is not blocked but they could not prove that to me. i think i proved it by telnetting through port 25 to the above servers
The best way to tell if your incoming port 25 is being blocked is to try:
'telnet your_external_ip_address 25'
If it connects, then port 25 is accepting inbound connections.
'telnet your_external_ip_address 25'
If it connects, then port 25 is accepting inbound connections.
ASKER
since i can recieve mail i would assume incomming port 25 is open...correct?
ASKER
i also went to another machine and telnetted to my public address on the dsl line, but since there is not mail server to answer back the telnet went through then cut out as oppossed to not connecting
ASKER
when i do a reverse lookup on my address 12.98.177.207 it comes up with :
207.177.98.12.in-addr.arpa PTR 207.mube.nyrk.nycenycp.dsl .att.net.
could this be part o fmy problem?
207.177.98.12.in-addr.arpa
could this be part o fmy problem?
Yes.
ASKER
they do not support reverse dns so it can not point to me.
Are you getting bounce backs or errors?
ASKER
my users are getting delayed notices and eventuillay ndr's. i looked in the evnt viewer and could not find any error messages. i think in the queu it said something like remote server could not be reached
Can you post one of the NDRs?
ASKER
no one has any ndr's from that day i have a delay:
Reporting-MTA: dns;mail.pangaiapartners.c om
Final-Recipient: rfc822;rjcpsu2003@yahoo.co m
Action: delayed
Status: 4.4.7
Will-Retry-Until: Fri, 13 Jun 2008 10:32:00 -0400
X-Display-Name: rjcpsu2003@yahoo.com
Reporting-MTA: dns;mail.pangaiapartners.c
Final-Recipient: rfc822;rjcpsu2003@yahoo.co
Action: delayed
Status: 4.4.7
Will-Retry-Until: Fri, 13 Jun 2008 10:32:00 -0400
X-Display-Name: rjcpsu2003@yahoo.com
Did you do a ipconfig /flushdns when you switched? Also, do a netlogon /fix.
ASKER
i did not flush the dns, i will try that. would that affect outgoing mail but nothing else?
With my experience yes it could if you had a DNS address change.
To make sure that the Exchange server environment nor DNS entries aren't at fault, one site I recommend is the MX Toolbox (www.mxtoolbox.com).
Goto this site, then check your Exchange server name through both the MX Lookup Tool and the SMTP Diagnostics Tool as well.
---
ABOUT MX LOOKUP -- This test will list MX records for a domain in priority order. The MX lookup is done directly against the domain's authoritative name server, so changes to MX Records should show up instantly.
ABOUT SMTP DIAGNOSTICS -- This test will connect to a mail server via SMTP, perform a simple Open Relay Test and verify the server has a reverse DNS (PTR) record. It will also measure the response times for the mail server.
Goto this site, then check your Exchange server name through both the MX Lookup Tool and the SMTP Diagnostics Tool as well.
---
ABOUT MX LOOKUP -- This test will list MX records for a domain in priority order. The MX lookup is done directly against the domain's authoritative name server, so changes to MX Records should show up instantly.
ABOUT SMTP DIAGNOSTICS -- This test will connect to a mail server via SMTP, perform a simple Open Relay Test and verify the server has a reverse DNS (PTR) record. It will also measure the response times for the mail server.
Another thing -- are you running any type of anti-virus/anti-spam applications on your Exchange server environment? Applications like Symantec can add in modules like e-mail auto protect which can hose up/delay messages in the Exchange queues.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
"cfischer225, pls explain "they do not support reverse dns so it can not point to me."
means that the PTR for 12...207 will allways resolve to 207.mube.nyrk.nycenycp.dsl .att.net and never mail.pangaiapartners.com
alsot he reaosn you could not ping is because it is not hooked up right now it is a backup line used only when our primary 68.195.194.138 line is down. when i need to make that switch i go in and change the mx record with no-ip.com who holds it so mail.pangaiapartners.com points to 12...207.
means that the PTR for 12...207 will allways resolve to 207.mube.nyrk.nycenycp.dsl
alsot he reaosn you could not ping is because it is not hooked up right now it is a backup line used only when our primary 68.195.194.138 line is down. when i need to make that switch i go in and change the mx record with no-ip.com who holds it so mail.pangaiapartners.com points to 12...207.
i see. bellsouth must be alittle different, you can reuest the PTR to reflect the actual mail host name (e.g., mail.pangaiapartners.com); as long as your not having problems delivering mail to other domains, the rDNS 207.mube.nyrk.nycenycp.dsl .att.net should work...
per your post, I was under the impression that the broadband cable was down and you were ruished to get the mail working via dsl. my bad.
per your post, I was under the impression that the broadband cable was down and you were ruished to get the mail working via dsl. my bad.
ASKER
i'll call and see if they can make the ptr mail.pangaiapartners.com
Because you have 2 seperate broadband connections, you will need min 2 PTRs for cable and dsl. Both and mail.pangaiapartners.com & 207.mube.nyrk.nycenycp.dsl .att.net should work ok.
I am bit curious if AT&T's PTR record (207.mube.nyrk.nycenycp.ds l.att.net) is functionally equivelent to 138.194.195.68 -.IN-ADDR.ARPA.
P2E
I am bit curious if AT&T's PTR record (207.mube.nyrk.nycenycp.ds
P2E
ASKER
what do you mean functionaly equivalent?
per rfc2317/rfc1035, useage of 138.194.195.68.IN-ADDR.ARP A is a classless (unspecific) ARPA DNS record that is readily understood by DNS servers. In comparison to at&t's 207.mube.nyrk.nycenycp.dsl .att.net PTR record, the clever reversal of the IP address in ARPA, is easily understood as a reverse dns pr pointer record.
P2E
P2E