Exchange Server 2003 filtering problems

Our agency is not receiving any email except for those within our agency (intranet) after I made some changes to correct some issues that were being logged in our event viewer for several weeks. We had been receiving event IDs 7004 - "this is an SMTP protocol warning log for virtual server ID 1, connection #, The remote host responded to SMTP command - user unknown." Our queues would fill up (in system manager) with email that could not go out from postal.hdhcs.org (That is our external domain name hdhcs.org).

I thought we might be getting used as an open relay, so I took out all relay permissions. Do users in my organization need to relay? I am not sure I understand the concept.

I also set up Intelligent Mail Filtering and set up some filters for senders. I don't remember the exact changes I made, but have changed things back now to: Message Delivery - General - IP address for server handling incoming SMTP - I entered out internal IP address of email server. I now have no sender filtering configured now and my Intelligent Message filtering is set up for 8 - block messages setting.

My default SMTP virtual server properties is set up for the default virtual server which is the internal address of our email server. I now have it set up for anonymous access. Submit permission - authenticated users, no relay permissions. I have no connectors set up.

Can you help me figure out why we are no longer receiving email from the outside world?
tt0wnsendAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

buddholeCommented:
Is the AD lookup for mailboxes working in IMF (under recipient filtering)  ? What is the error when you send mail from e.g. hotmail ? I treid the postmaster account, but that returned 5.1.1 (mailbox unavailable).
0
tt0wnsendAuthor Commented:
I did not receive an error when I sent from hotmail. I did make a few changes and am receiving email again now (including yours) but am now receiving the 7010 events in the event log again. The change I made that must have corrected the problem was in the SMTP protocol section of the virtual server settings - I changed to hdhcs.org (which is what I think it was before I tinkered with it Friday and changed it to hdhomecare.com)
0
buddholeCommented:
Good to hear mail is working again. To troubleshoot the event id I'ld suggest turning om SMTP logging at the maximum to see what's causing the logon errors. See http://www.msexchange.org/tutorials/Logging_the_SMTP_Service.html for more info. This site http://eventid.net/display.asp?eventid=7004&eventno=3510&source=MSExchangeTransport&phase=1 has several solutions, like changing the servername and fully qualified domain name in the smtp server so it's exactly the same as the mx record at the isp (postal.hdhcs.org).
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

tt0wnsendAuthor Commented:
I have now changed the fully qualified domain name in the smtp server to postal.hdhcs.org. I have printed out the articles above and I do see where this information should be very helpful. thanks. I will let you know tomorrow is this will be the accepted solution.

Could I ask one more question? when I see messages in my event log such as "unable to relay for dvdr2000@yahoo.com.tw or infor@ hcdbs.org (our name spelled wrong)" I assume I don't wnat to be able to relay for those????? Is this people trying to use our server as a relay?
0
buddholeCommented:
Probably yes. You can use the smtp logs to verify that. Especially if you had relay problems in the past some people/server will keep on trying to relay trough your server. This will get less as time goes by.
0
tt0wnsendAuthor Commented:
I am attaching three of my event log errors for you to log at - one notepad file.

Do I just have to live with all these errors in my event log until it gets less as time goes by? Will it get less after these relayers realize they can't relay through us?
filetosendtoExportsExchange.txt
0
buddholeCommented:
To make your server reject spam messages right away use the Exchange IMF with active directory lookup enabled in the recipient filtering tab. It will make your server reject messages to other e-mailadresses than set up in you Windows AD right away instead of queueing it. More info: http://technet.microsoft.com/en-us/exchange/bb288484.aspx.
 
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
tt0wnsendAuthor Commented:
I have set this up and it appears to be doing the job. Thanks so much!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Email Protocols

From novice to tech pro — start learning today.