Adding a new excepted domain in Exchange 2007 SP1

Posted on 2009-02-09
Last Modified: 2012-05-06
 I have an Exchange 2007 SP1 single server that has been running fine for a year now. I am trying to add a new accepted domain and cannot get it to work externally. I do not have an MS Edge server, but do have a Barracuda Spam Firewall 300 configured as a smart host for exchange. I have 2 domains today that the Exchange server accepts mail for, that work fine. I defined a new 3 rd Accepted Domain in exchange and from within the exchange server it appears to be working correctly. The new domain is also configured in the Barracuda.  I cannot get the exchange server to accept connections from outside of the exchange server for this new domain.  
  I have had the Barracuda engineers look at the configuration for both the working and non working domains and they cannot find a difference between them and they do not see a configuration problem with the Barracuda.  
  I cannot see any differences in the configuration between the Accepted Domains between the ones that work and the one that doesnt. I do not see anything in the receive connector that is related to a domain, so I dont think the problem is there either. The send connectors also do not seem to have any configuration information specific to domains either.
  The original Domains were installed with Exchange 2007 RTM. When SP1 became available I installed it, So the new domain was created under SP1 while the old domains were created with RTM installed.

Does anyone have any idea where to look next? Thanks in advance for any advice!
Question by:gogetsome
    LVL 26

    Expert Comment

    Look at the DNS. Many times the barracuda people have you set it up so that your exchange server will only accept connections from the barracuda. Make sure the MX record on the new domain points to the barracuda and not directly at the the exchange server.
    LVL 11

    Expert Comment

    are your MX records correct?, one more thing if you do telnet from the server itself & drop an email for this domain, could you do that succesfully?

    Author Comment

    Thanks JAR3817.
      The MX record does point to the Barracuda. My Barracuda in on a DMZ port of my Firewall. The firewall has a 1 to 1 NAT pointing the MX record to the Inter DNZ address of the Barracuda.  The Exchange Server is on my local LAN. The Firewall is configured to only allow port 25 to and from the Barracuda and Exchange. In short ther is no way to get from my public address directly to the exchange server.
      One other poit on the Barrcuda side, In the Domain Configuration ther is a test that you can run to test the connection between the Barracuda and the nexchange server. This test fails with the new domain, but works fine with the 2 old domains. The test fails with an Unable to Relay error, but I don't think they are using the term Relay corretly in this error.


    Author Comment

    Thanks sandeep

    Yes the MX is correct. Currently that domain is being scanned and forwarded to another 2003 exchange server at a remote location. They have been getting their mail filtered this way for 3 months now. I am trying to get rid of that remote 2003 server in the long run. I wan to run their mail through my 2007 server here.
    To make sure that Barracuda is not cashing aningthing I created another new fake domain to test with and it gets the same results so I not this it is a problem either.

    Yes from my workstation I can telnet to port 25 of the exchange server and create a mail message that is delivered to my account with no problem.


    Accepted Solution

    The problem seems to have gone away. I did a reboot of the exchange server to install some unrelated updates and now it seems to be working. Even the domain test from the barracuda now works now.  I have no idea what a reboot fix anything in this scenario.  Thanks for your help!
    LVL 1

    Expert Comment

    My guess would be that the Microsoft Exchange Transport service on the server with the hub transport role for some reason had not applied the new settings for accepted domains. With the reboot all services read the configuration at startup and therefore it started accepting mail for the new domain.

    A restart of the Microsoft Exchange Transport service should probably have worked as well.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Easy CSR creation in Exchange 2007,2010 and 2013
    Use these top 10 tips to master the art of email signature design. Create an email signature design that will easily wow recipients, promote your brand and highlight your professionalism.
    In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
    The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now