Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 773
  • Last Modified:

Unable to receive mail from external sources

We are trying to configure Exchange 2007.  We are able to send/receive internally and send emails to external email addresses, however are unable to receive emails from external email accounts.  We have checked the firewall, port 25 is open.  We are able to successfully telnet to port 25 locally but not externally.  We have even bypassed the network altogether (server directly to cable modem) but still cannot telnet to port 25.  I believe the issue is this, however we cannot figure out why telnet is unable to connect to SMTP.  We have set anonymous access in the hub transport settings... so we cannot figure out what is going on.  Anyone have any ideas?  Desperate to get this going!
0
MemberMinded
Asked:
MemberMinded
  • 7
  • 5
  • 4
  • +4
2 Solutions
 
giltjrCommented:
When you are trying to telnet externally, where are you.  On a LAN segment just in-front of your firewall, or some other location via the Internet?

If some other location via the Internet it could be your ISP could be blocking you from getting to port 25.  I know my ISP for my home account only allows port 25 traffic to the SMTP server they provide.

Is your work ISP account a business account or a residential account?

What kind of firewall do you have?
0
 
CompanionCubeCommented:
Which OS are you running?
Try:
If Server 2008, on "each of the Domain Profile, Private Profile, and Public Profile tabs, change the Firewall state option to Off (not recommended)."
http://technet.microsoft.com/en-us/library/cc766337(WS.10).aspx
0
 
MemberMindedAuthor Commented:
giltjr:  Telnet was being done via a 3G wifi card... completely OFF the company network.   Port 25 isnt being blocked (we checked)...  this is a business account.  The firewall is a Fortinet firewall and we have configured it to both forward external ip to internal ip of the exchange server.... and also have allowed port 25 to be open.

CompanionCube:  OS is SBS 2008.  I went and turned off all firewalls, but still no dice.  
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
CompanionCubeCommented:
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/SBS_Small_Business_Server/Q_23711320.html
got any anti-virus or anti-spam perhaps blocking the port?
try the telnet test from a computer on the same network?
0
 
BrianKronbergCommented:
Did you enable anonymous login on the default receive connector?

http://msexchangeteam.com/archive/2006/11/17/431555.aspx

Browse down to "Receive Connector Configuration"
0
 
NarendraGCommented:
HI did you added NAT in firewall to forward smtp traffic to you exchange server

piblicIP -> exchange server IP(interbal)
0
 
MemberMindedAuthor Commented:
CompanionCube:  no anti-virus/anti-spam blocking... havent installed any of that yet.  can telnet inside the network fine

BrianKronberg:  I have checked the box for anonymous login on the default receive connector.  

NarendraG:  yes.  external ip is pointed to internal IP.  SMTP traffic allowed.
0
 
NarendraGCommented:
okay then test with https://www.testexchangeconnectivity.com/
inbound test post result here please
0
 
BrianKronbergCommented:
Try restarting the transport service (after checking the box).  Can you telnet now?
0
 
MemberMindedAuthor Commented:
NarendraG:        Testing Inbound SMTP Mail flow for domain jpitcher@memberminded.com
       Failed to test inbound SMTP mail flow.
       
      Test Steps
       
      Attempting to retrieve DNS MX records for domain memberminded.com
       Successfully retrieved one or more MX records from DNS
       
      Additional Details
       MX Records Host mail.memberminded.com, Preference 0
      Testing Mail Exchanger mail.memberminded.com.
       One or more SMTP tests failed for this Mail Exchanger.
       
      Test Steps
       
      Attempting to resolve the host name mail.memberminded.com in DNS.
       Host successfully resolved
       
      Additional Details
       IP(s) returned: 74.143.112.5
      Testing TCP Port 25 on host mail.memberminded.com to ensure it is listening and open.
       The specified port is either blocked, not listening, or not producing the expected response.
        Tell me more about this issue and how to resolve it
       
      Additional Details
       A network error occurred while communicating with remote host
Exception Details:
Message: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 74.143.112.5:25
Type: System.Net.Sockets.SocketException
Stack Trace:
at System.Net.Sockets.TcpClient.Connect(String hostname, Int32 port)
at Microsoft.Exchange.Tools.ExRca.Tests.TcpPortTest.PerformTestReally()
0
 
NarendraGCommented:
have a look at firewall side once again smtp traffic blocked r not forwarding traffic

u said ur directly conencted to modem in that case how u configured modem to forward traffic to change?

0
 
NarendraGCommented:
how u configured modem to forward traffic to exchange?

0
 
MemberMindedAuthor Commented:
I know its not a modem or firewall problem because the network has another (fully functional) Exchange 2000 server... our settings for this new Exchange 2008 are mirrored off those settings (ip addresses are different, of course)
0
 
Glen KnightCommented:
Check the receive connectors under Server Configuration > Hub Transport there should be 2 connectors?
Check the one that starts with Default and make sure Anonymous authentication is enabled.

Also remove and re-create the router/firewall rule and rubuild the policy (a quick restart of the router/firewall will ensure this)
0
 
giltjrCommented:
Can you run a packet capture on the Exchange server to see if the SYN request is getting to it?

Is there a way you can run a packet capture in front of the firewall to see if the SYN request is getting to you site?

Is it possible so that you can do more testing you can setup a rule that allow any and all traffic to that server?  If not can you setup the rules so that everything is logged that the firewall sees.

It could be there is another rule that is getting hit first.  Firewalls generally apply rules based on first match not best match.
0
 
MesthaCommented:
As this is SBS, have you run all of the wizards to configure the product? While it can be manually configured, it is not designed to be, and you will find things don't work exactly as it should. If you have run the wizards, then use the Fix my Network wizard in the management console to ensure everything is correct.

Your test from a 3g card may not have been valid as many providers will block port 25 on 3g connections.

Simon.
0
 
MemberMindedAuthor Commented:
Hmm.. interesting.  I believe we have run all of the wizards but we can go through them again and also run the Fix My Network Wizard you mentioned.

As far as the aircard, I hadn't considered that, but you're probably right on the money about the provider blocking port 25.  
0
 
giltjrCommented:
That is what I meant by "If some other location via the Internet it could be your ISP could be blocking you from getting to port 25. " in my first post.

I don't think you have a problem with your Exchange server, as you stated you can get to port 25 from your LAN.  Its only when you attempt to get to it through your firewall that you have problem.

So, can you enable logging to see what rules are getting hit when you attempt to get to port 25 from the Internet?

If your public IP address that you are NAT'ing to is 74.143.112.5, I have tried to telnet to port 25 on that address and I timed out waiting, so something is blocking port 25 for that address.
0
 
MemberMindedAuthor Commented:
I believe we have found the issue.  For whatever reason, we have two servers trying to get the same public IP assigned to themselves... not sure why that is happening, but we have changed the IP manually for one machine and are going to set up exchange again and see if it will work this time!
0
 
giltjrCommented:
Sounds like a firewall configuration issue not a client IP addressing issue.  Are you sure you have one-to-one NAT setup and not PAT/port forwarding?
0
 
MemberMindedAuthor Commented:
Issue resolved. IP conflict was the issue.  
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

  • 7
  • 5
  • 4
  • +4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now