Solved

No Outside Email

Posted on 2009-07-11
15
758 Views
Last Modified: 2012-05-07
We made some changes to our SSL certs for our mail server.
We are not receiving any email sent from outside our domain.
my internal websites are working correctly.
I have a self signed cert.
0
Comment
Question by:hospincadmin
  • 8
  • 4
  • 3
15 Comments
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 500 total points
ID: 24829572
WHat changes have you made - did you have a cert before and just changed it?
Did you add a cert and didn't have one before?
Are you using port 25 still?
Check the port on your default SMTP Virtual Server and then test on www.canyouseeme.org for that port number to see if it is open on your firewall.
Check your domain on http://www.dnsstuff.com and see if anything comes back as FAIL or WARNING.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 24829578
Are all your services running?  Start, Run, [type] Services.msc [enter]
Click on the Startup Type column and this will sort them into Automatic at the top.  Look down the list to see if all Automatic ones are started (except Performance Logs and Alerts - this never starts!)
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 24829580
Have you rebooted your server? - could be as simple as needing a reboot or running IISRESET from Start, Run.
0
 
LVL 7

Expert Comment

by:LANm0nk3y
ID: 24829766
Make sure you're not using secure communication or self-signed on your Default SMTP Virtual Server.  Since self-signed certs aren't trusted by the sending server, email will fail.
(ESM)Under your SMTP virtual properties, make sure you have anonymous access and that "Requires TLS encryption" is not enabled.  If you're using an SMTP connector, it should be the same.  If you want to use Certificate for TLS (Transport Layer Security) then you might want to check into third-party such as godaddy (cheapest I've found), thawte, and verisign.  
0
 

Author Comment

by:hospincadmin
ID: 24833292
thank you all for responding I I have checked the virtual SMTP server
settings and all were set as mentioned above with the exception of the SMTP connector as we do not use one. One more think I have noticed is that my URL for OWA loads without switching to secure https:// and does not initialiaze with the OWA login page, it pulls up a windows login page similar to one you get on a LAN when trying to access a resource that requires login. When you login you can send out mail but can only receive from the same doamin, no outside email comes thru.
I feel like I have the wrong cert attached to my default website in IIS 6.
Are there any  settings in the cert that I need to make sure are setup when I import the cert? I have one here that has my tld "Hospitality Inc CA" issuing to my mail server 's fqdn server01.hospinc.com. Please help I need to get my mail server and firewall to receive outside mail.
 
 
 
 
 


0
 

Author Comment

by:hospincadmin
ID: 24833314
Her eare some screen shots of the certificate tha is set in IIS for the default website. In the certification authority mmc console I have tried to import a certificate into the trusted root certificate folder, the import is successful but I cant ever view it when I run the web server certificate wizard to remove and replce the current cert with an existing one.
cert2.bmp
cert.bmp
cert1.bmp
0
 
LVL 7

Expert Comment

by:LANm0nk3y
ID: 24833643
thank you all for responding I I have checked the virtual SMTP server
settings and all were set as mentioned above with the exception of the SMTP connector as we do not use one. One more think I have noticed is that my URL for OWA loads without switching to secure https:// and does not initialiaze with the OWA login page, it pulls up a windows login page similar to one you get on a LAN when trying to access a resource that requires login. When you login you can send out mail but can only receive from the same doamin, no outside email comes thru.
Are you having problem not receiving email or OWA cert problems?  Mailflow and OWA cert is two totally different things.  I'd just like to clear that up.  
Also, if you're getting a login prompt, that is normal unless you're using form based authenticattion.  You can't have form based auth without having a second server as the front-end server, at least without a workaround.  Workarounds however tends to put you in another problem later when you try to use Exchange ActiveSync.  If you don't have a second server, don't bother trying to use form based authentication.   This is under ESM->Servers->Protocols->HTTP->Exchange Virtual Server->Settings.
I feel like I have the wrong cert attached to my default website in IIS 6.
Are there any  settings in the cert that I need to make sure are setup when I import the cert? I have one here that has my tld "Hospitality Inc CA" issuing to my mail server 's fqdn server01.hospinc.com. Please help I need to get my mail server and firewall to receive outside mail.  
There's nothing you have to do to the cert if you're importing it from another server.  Just make sure that the URL on the outside matches the cert FDQN in the cert.  For example if your external domain ns have an entry for
owa.hospinc.com and the cert is for owa.hospinc.com, then you're good, just make sure the cert is selected for the website in IIS.
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 24833733
Having run a DNS Report for you - I receive this as the response:
[ERROR: The parent servers say that the domain hospinc.com does not exist. Note that the DNSreport only works on domains, not hostnames.]
Which basically means your domain is not pointing anything anywhere, so email, web and anything else you do will not work because your domain is not setup properly, or has not been renewed!
Doing a whois lookup says that the domain hospinc.com is not registered - is this the correct domain or has is expired and been removed from the web?
This would explain the lack of mail.
0
 

Author Comment

by:hospincadmin
ID: 24834888
Alan, hospinc is my internal domain for active directory, I see now I need my external directory which is hospitalityinc.com and my mail server is server01 Our DNS is hosted by my ISP.
is therte a way I can issue a cert that will handle the owa to server01.hospitalityinc.com/exchange  and eone that will ensure proper mail forwarding. I can send out just fine, just cannot receive any mail.
 
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 24834904
Okay - are you using a Mail Foundry Hardware device to filter you mail?
DNS Report on your domain comes back with 1 mail server failing:
ERROR: I could not complete a connection to one or more of your mailservers:
mx1.mailfoundry.com: Timed out [Last data sent: [Did not connect]]
Does you mail get pointed directly to your server (mx1.mailfoundry.com / m2.mailfoundry.com) or do they filter and then pass to you?
You don't need a certificate to send or receive mail, so let's worry about that unless you are using Secure ports for your mail.
Alan
 
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 24834925
Meant to say let's worry about the certificate later.
0
 

Author Comment

by:hospincadmin
ID: 24834939
Lanmonkey,
 
I here what your saying about the DNS record and the url for OWA having to matchup together. I am actually having poroblems receiving email, at this point that is the main issue, I can deal with OWA later, we rarely use it anyway. how can I easily
0
 
LVL 7

Expert Comment

by:LANm0nk3y
ID: 24835027
Ok hospincadmin  I better let Alan take over... He's on to something.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 24835054
There is more info on the report about DNS:
mx2.mailfoundry.com's postmaster response:<br /> >>> RCPT TO:<postmaster@hospitalityinc.com><br /> <<< 451 The server is too busy, please try again later <br />
Server is too busy!
I cannot telnet to port 25 of either IP address for your MX records!
Can you reboot your Mail Foundry device (assuming you have one).
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 24835097
As you host your own website - which does not work incidentally, the IP address for your website is where you should receive mail to ultimately and I cannot telnet to that on port 25 either, which I should be able to for your mail to work, so your configuration is somewhat messed up.
Can you check that port 25 is open on your firewall, that all your services are running (start, run, services.msc) - click on the startup type column to sort all automatic items to the top and then look down the list to see that all automatic items are started (except performance logs and alerts as this never starts).
If items are not started, please right-click and start them.  If you cannot start them, please check the Application event logs and report back on the items showing up in red.
Alan
 
 
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

If you don't know how to downgrade, my instructions below should be helpful.
Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now