Solved

Exchange Server 2003 filtering problems

Posted on 2008-11-03
8
310 Views
Last Modified: 2013-11-30
Our agency is not receiving any email except for those within our agency (intranet) after I made some changes to correct some issues that were being logged in our event viewer for several weeks. We had been receiving event IDs 7004 - "this is an SMTP protocol warning log for virtual server ID 1, connection #, The remote host responded to SMTP command - user unknown." Our queues would fill up (in system manager) with email that could not go out from postal.hdhcs.org (That is our external domain name hdhcs.org).

I thought we might be getting used as an open relay, so I took out all relay permissions. Do users in my organization need to relay? I am not sure I understand the concept.

I also set up Intelligent Mail Filtering and set up some filters for senders. I don't remember the exact changes I made, but have changed things back now to: Message Delivery - General - IP address for server handling incoming SMTP - I entered out internal IP address of email server. I now have no sender filtering configured now and my Intelligent Message filtering is set up for 8 - block messages setting.

My default SMTP virtual server properties is set up for the default virtual server which is the internal address of our email server. I now have it set up for anonymous access. Submit permission - authenticated users, no relay permissions. I have no connectors set up.

Can you help me figure out why we are no longer receiving email from the outside world?
0
Comment
Question by:tt0wnsend
  • 4
  • 4
8 Comments
 
LVL 5

Expert Comment

by:buddhole
ID: 22867755
Is the AD lookup for mailboxes working in IMF (under recipient filtering)  ? What is the error when you send mail from e.g. hotmail ? I treid the postmaster account, but that returned 5.1.1 (mailbox unavailable).
0
 

Author Comment

by:tt0wnsend
ID: 22867806
I did not receive an error when I sent from hotmail. I did make a few changes and am receiving email again now (including yours) but am now receiving the 7010 events in the event log again. The change I made that must have corrected the problem was in the SMTP protocol section of the virtual server settings - I changed to hdhcs.org (which is what I think it was before I tinkered with it Friday and changed it to hdhomecare.com)
0
 
LVL 5

Expert Comment

by:buddhole
ID: 22869953
Good to hear mail is working again. To troubleshoot the event id I'ld suggest turning om SMTP logging at the maximum to see what's causing the logon errors. See http://www.msexchange.org/tutorials/Logging_the_SMTP_Service.html for more info. This site http://eventid.net/display.asp?eventid=7004&eventno=3510&source=MSExchangeTransport&phase=1 has several solutions, like changing the servername and fully qualified domain name in the smtp server so it's exactly the same as the mx record at the isp (postal.hdhcs.org).
0
NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

 

Author Comment

by:tt0wnsend
ID: 22870685
I have now changed the fully qualified domain name in the smtp server to postal.hdhcs.org. I have printed out the articles above and I do see where this information should be very helpful. thanks. I will let you know tomorrow is this will be the accepted solution.

Could I ask one more question? when I see messages in my event log such as "unable to relay for dvdr2000@yahoo.com.tw or infor@ hcdbs.org (our name spelled wrong)" I assume I don't wnat to be able to relay for those????? Is this people trying to use our server as a relay?
0
 
LVL 5

Expert Comment

by:buddhole
ID: 22874616
Probably yes. You can use the smtp logs to verify that. Especially if you had relay problems in the past some people/server will keep on trying to relay trough your server. This will get less as time goes by.
0
 

Author Comment

by:tt0wnsend
ID: 22885771
I am attaching three of my event log errors for you to log at - one notepad file.

Do I just have to live with all these errors in my event log until it gets less as time goes by? Will it get less after these relayers realize they can't relay through us?
filetosendtoExportsExchange.txt
0
 
LVL 5

Accepted Solution

by:
buddhole earned 500 total points
ID: 22889483
To make your server reject spam messages right away use the Exchange IMF with active directory lookup enabled in the recipient filtering tab. It will make your server reject messages to other e-mailadresses than set up in you Windows AD right away instead of queueing it. More info: http://technet.microsoft.com/en-us/exchange/bb288484.aspx.
 
0
 

Author Closing Comment

by:tt0wnsend
ID: 31512689
I have set this up and it appears to be doing the job. Thanks so much!
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…

790 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question