?
Solved

Cant Receive emails with Exchange 2010

Posted on 2009-12-24
61
Medium Priority
?
1,547 Views
Last Modified: 2013-11-30
Hello All,

I have Exchange 2010 running on Windows 2008 R2 Ent server and cannot receive emails externally, however, I can send emails externally and internally.

The following is the configuration on the Server configuration Hub transport.

Hub transport connects directly to the Internet, so no external SMTP gateway is used.

Hub transport:

2 send connectors enabled, client and custome Internet with anti-spam enabled.

Internet Send Connector:

Specify the FQDN this connector will provide = serv01.domain.corp
Network Local = All IPv4 with port 25
Network receive mail from remote servers = ISP smarthost IP address
Authentication = TLS only, enable Domain security unchecked
Permission groups = All checked except partners

Internal DNS lookups uses the network card and External DNS lookups uses 2 external DNS IP addresses.

MX and A records are alread setup with my ISP and is working as previously i had Windows 2003 R2 and Echange 2003 running.

When I telnet from outside the network and inside the network and directly on the box, I get

421 4.3.2 service not available

When i do a netstat -a, TCP port 25 is in a listening state, so i have no idea. I also had MS Forefront security for Exchange installed , but removed it.

Any help would be appreciated as I dont know where else to check.

Brando
0
Comment
Question by:brandoincan
  • 30
  • 27
  • 4
61 Comments
 
LVL 74

Expert Comment

by:Glen Knight
ID: 26120563
Do you get an NDR message?

On the Default Receive Connector (not the one that starts with Client) check that anonymous is enabled on the last tab and on the tab next to it ensure that only TLS is enabled.
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 26120565
Receive Connectors are in Server Configuration > Hub Transport
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 26120574
What have you got configured for your receive connector(s)?
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 26120578
On the network tab of the default receive connector is your servers ip address listed on 25 and what ips are you set to receive from?
0
 

Author Comment

by:brandoincan
ID: 26120585
This is what i have configure for the receive connectors and i do not get a NDR message when trying to send email from the external network to a mailbox on the server.

Specify the FQDN this connector will provide = serv01.domain.corp
Network Local = All IPv4 with port 25
Network receive mail from remote servers = ISP smarthost IP address
Authentication = TLS only, enable Domain security unchecked
Permission groups = All checked except partners
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 26120620
Can you take out the smarthost restrictions?
Perhaps there is a problem with the addresses.

Then restart the Microsoft Exchange Transport service.

Do you have any virus/spam software installed on the exchange server?
0
 

Author Comment

by:brandoincan
ID: 26120633
The ISP smarthost IP address is the IP address where I want to receive emails from as if i leave it at 0.0.0.0 255.255.255.255 i get messages saying that i am an open relay.

I had installed MS Forefront client security for Exchange, but i removed it completely, so right now there is no virus/spam software installed and the firewall on Window 2008 is disabled.

 In the Server HUB transport under the Receive connector, anti-spam is enabled, should that be disabled?
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 26120638
No leave it as is.

Have you definately got port 25 forwarded from your router/firewall to the internal addess of your exchange server?

Can you remove the restrictions on the IP I am trying to ascertain if it's a problem with your connector or not.  If it doesn't change anything then you can add them back.
0
 

Author Comment

by:brandoincan
ID: 26120660
Yes port forwarding configured correctly as this was also working with Windows 2003 and Exchange 2003 last week.

but regardless, like I said, when I telnet interanally, i get the 421 4.3.2 message, so its not the firewall.

When i changed the specific ISP IP address to 0.0.0.0/255.255.255.255 i get the following:

550 5.7.1 Unable to relay

so, i am switching it back to the ISP address.
0
 

Author Comment

by:brandoincan
ID: 26120727
I just noticed that when I run netstat -nbt, I dont see port 25 listening anywhere, however, in IIS, I see the service started. Does IIS SMTP need to be disabled?
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 26120775
Exchange 2010 does not use IIS SMTP so yes if it's started disable it.

Also internally you would telnet on port 587 not 25
0
 

Author Comment

by:brandoincan
ID: 26120813
ok, so i did a telnet using port 587 and got the expected results below, now my next question is, do you have a link as to how i can disable IIS 7.5 SMTP as i searched under features for Web IIS service and couldnt find it.

so, as i see it port 587 is for client to server communications and server to server is still using port 25, so, this port 587 is only for internal use only?

220 serv01.domain.corp Microsoft ESMTP MAIL Service ready at Thu, 24 Dec 2009 1
3:32:22 -0800
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 26120829
Yes correct the 587 is for internal use and the 25 is for external not sure about the SMTP to be honest I have never used it on 2008 R2
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 26120856
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 26120860
Also make sure you have run the apropriate pre-requisite script from here: http://technet.microsoft.com/en-us/library/bb691354.aspx

note the different script for R2

you may have to reinstall the HT role.
0
 

Author Comment

by:brandoincan
ID: 26120897
Windows 2008 R2 SMTP server wasnt installed afterall.

The filter pack is already installed as a R2 pre-requisite.

0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 26120901
So if you telnet to port 25 from outside if your network what do you get you will need to remove the relay restrictions to test this.
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 26120902
Also I have not got any IP restrictions on my 2010 server and it's not an open relay so not sure why you think yours would be?
0
 

Author Comment

by:brandoincan
ID: 26120952
ok, now we are getting somewhere, when i removed the IP address restrictions from:

Network receive mail from remote servers = ISP smarthost IP address to 0.0.0.0 255.255.255.255 and telnet from external I get

220 serv01.domain.corp Microsoft ESMTP MAIL Service ready at Thu, 24 Dec 2009 1
3:32:22 -0800

However, now when I try to send an email from external to valid email address I am getting:

serv01.domain.com #5.7.1 SMTP; 550 5.7.1 Unable to relay

0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 26120958
Check that the anonymous authentication check box is enabled on the DEFAULT connector.
0
 

Author Comment

by:brandoincan
ID: 26120971
anonymous is checked in the permission group and TLS is also checked in the authentication tab
0
 

Author Comment

by:brandoincan
ID: 26120993
question, when I telnet to serv01.domain.com 25, should it return with

220 serv01.domain.com or 220 serv01.domain.corp (which is the internal domain name)?
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 26121005
Should return the external domain name.
0
 

Author Comment

by:brandoincan
ID: 26121056
well, i had domain.corp as the internal domain name working fine with Exchange 2003 and server 2003, so, i am lost here, did i miss a step or configured something incorrectly?
0
 

Author Comment

by:brandoincan
ID: 26121089
I changed the FQDN name in the receive and send connectors to the external domain and i get the expected results, but still getting that unable relay error
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 26121097
Does your spam filter company use TLS on their emails?

I have TLS, basic & integrated on my 2010 receive connector with all but partners in permission groups.

If you set these up, restart your exchange transport service & test again you will hopefully be okay.  You can then setup your IP restrictions to only allow from your spam host.
0
 

Author Comment

by:brandoincan
ID: 26121147
that didnt work either
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 26121753
I would remove the receive connector that starts with "Default" and then recreate it.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 26121874
Just for reference if you need it:
http://technet.microsoft.com/en-us/library/aa996395.aspx

Happy Christmas Glen!
0
 

Author Comment

by:brandoincan
ID: 26122766
Guys,

I deleted the default and tried, custom and Internet, none of them worked. Last night, i reformatted the entire system and started from scratch, still nothing. Still getting 5.7.1 UNABLE TO RELAY ERRORS.

I am pulling my hair out on this one.
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 26122790
Can you post screen captures of the RECEIVE connectors listed under Server Configuration.

If you have more than one 2010 server ensure you have the correct one highlighted.
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 26122792
Oh and Merry Christmas Alan! And brandoincan!
0
 

Author Comment

by:brandoincan
ID: 26122859
Guys, Merry Christmas to you all and thanks for looking at this especially today.


RunspaceId                              : 234b337e-5636-4396-bc16-390fbf04ac4f
AuthMechanism                           : None
Banner                                  :
BinaryMimeEnabled                       : True
Bindings                                : {172.16.1.1:25}
ChunkingEnabled                         : True
DefaultDomain                           :
DeliveryStatusNotificationEnabled       : True
EightBitMimeEnabled                     : True
DomainSecureEnabled                     : False
EnhancedStatusCodesEnabled              : True
LongAddressesEnabled                    : False
OrarEnabled                             : False
SuppressXAnonymousTls                   : False
AdvertiseClientSettings                 : False
Fqdn                                    : serv01.domain.com
Comment                                 :
Enabled                                 : True
ConnectionTimeout                       : 00:10:00
ConnectionInactivityTimeout             : 00:05:00
MessageRateLimit                        : unlimited
MessageRateSource                       : IPAddress
MaxInboundConnection                    : 5000
MaxInboundConnectionPerSource           : 20
MaxInboundConnectionPercentagePerSource : 2
MaxHeaderSize                           : 64 KB (65,536 bytes)
MaxHopCount                             : 30
MaxLocalHopCount                        : 8
MaxLogonFailures                        : 3
MaxMessageSize                          : 10 MB (10,485,760 bytes)
MaxProtocolErrors                       : 5
MaxRecipientsPerMessage                 : 200
PermissionGroups                        : AnonymousUsers
PipeliningEnabled                       : True
ProtocolLoggingLevel                    : None
RemoteIPRanges                          : {0.0.0.0-255.255.255.255}
RequireEHLODomain                       : False
RequireTLS                              : False
EnableAuthGSSAPI                        : False
LiveCredentialEnabled                   : False
Server                                  : serv01
SizeEnabled                             : Enabled
TarpitInterval                          : 00:00:05
MaxAcknowledgementDelay                 : 00:00:30
AdminDisplayName                        :
ExchangeVersion                         : 0.1 (8.0.535.0)
Name                                    : domain_Receive
DistinguishedName                       : CN=domain_Receive,CN=SMTP Receive Connectors,CN=Protocols,CN=serv01,CN=Serve
                                          rs,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Group
                                          s,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC
                                          =domain,DC=corp
Identity                                : serv01\domain_Receive
Guid                                    : 0c3c49ca-70dc-4674-9166-ab2f8d62999d
ObjectCategory                          : domain.corp/Configuration/Schema/ms-Exch-Smtp-Receive-Connector
ObjectClass                             : {top, msExchSmtpReceiveConnector}
WhenChanged                             : 12/25/2009 10:26:11 AM
WhenCreated                             : 12/25/2009 10:20:52 AM
WhenChangedUTC                          : 12/25/2009 6:26:11 PM
WhenCreatedUTC                          : 12/25/2009 6:20:52 PM
OrganizationId                          :
OriginatingServer                       : serv01.domain.corp
IsValid                                 : True
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 26122868
Sorry I am not sure what that is.

Can you capture the screen for the connector details using the PRT SCRN button and paste into paint then save as a JPEG then upload it.

Thanks
Glen
0
 

Author Comment

by:brandoincan
ID: 26122882
Glen,  that is the data when you run the  get-receiveconnector |fl from the Exchange shell for that receiver connector.

If you want to know the details, see below.

General Tab
FQDN = serv01.domain.corp
Maximum Message size = 10240

Network Tab
Use Local = 172.16.1.1 Port 25
Receive Mail From = 0.0.0.0 255.255.255.255

Authentication
All boxes are unchecked

Permission Group
Anonymous Users only is checked, the rest are unchecked.

Brando
0
 

Author Comment

by:brandoincan
ID: 26122887
sorry, the FQDN = serv01.domain.com, not corp.
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 26122927
OK, I have just checked a live working 2010 server that is servicing 3000 users and this is what I have set:

Network tab:
All Available IPv6 port 25
All Available IPv4 port 25

receive mail from remote servers section:
::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
0.0.0.0-255.255.255.255

Authentication Tab:
Transport Layer Security (TLS) is the only box checked

Permissions Group:
Anonymous users
Exchange Users
Exchange Servers
Legacy Exchange Servers

all checked
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 26122936
Has the server by any chance got mire than one network card?
Have you disabled IPv6?
0
 

Author Comment

by:brandoincan
ID: 26122937
I removed IPv6 port 25 and ::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff from the settings. I dont think IPv6 is needed as i am not using it on the network.

I tried enabling the other settings above and still no difference.
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 26122938
If you have disabled IPv6 then you need to re-enable it Exchange 2010 requires it.
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 26122939
Is it a 2003 DNS?
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 26122944
Also have you set both the IPv6 and IPv4 to All Unassigned?

If you have made any changes restart the Microsoft Exchange Transport service.
0
 

Author Comment

by:brandoincan
ID: 26122983
its  a 2008 R2 server for DNS. IPv6 is enable on the actual network adapter in Windows, but i removed it from the receive connectors. Now when I try to add it back in the receive connectors, i dont see that option for IPv6.

Is IPv6 a must in the receive connectors even if you are not using it?
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 26122985
I know Exchange 2010 requires IPv6 but I am not sure about the specifics.

If you have formatted and rebuilt then it should work out if the box! Just have to check the anonymous user box.

What changes did you make when you rebuilt it?
0
 

Author Comment

by:brandoincan
ID: 26122997
i just followed the wizards and made sure it met the checklists. The only thing I did was remove the default server receiver connector and added my own.
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 26123137
Did you test it before you removed the default one? It should work out of the box, the fact it doesn't points to that connector not being configured correctly.
0
 

Author Comment

by:brandoincan
ID: 26123184
no, i didnt test with it with the defaults, but if i wanted to create a custom, Internet receive connector, the option for the IPv6 should be there still.
0
 

Author Comment

by:brandoincan
ID: 26123466
UPDATE:

I am reformatting and starting from scratch and i am not going to modify a thing, keep you all updated.

BRB..
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 26123633
Don't forget to check the box for anonymous user and unchect the boxes under authentication.
0
 

Author Comment

by:brandoincan
ID: 26123983
So, i formatted, installed everything again, didnt remove anything and checked off anonymous and unchecked all in the authentication and still the same errors.

This is nuts.
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 26123999
Something else must be stopping it.

When you telnet from outside your network to port 25 do you get the correct banner?

Can you test SMTP using telnet as per: http://support.microsoft.com/kb/153119

0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 26124063
When you goto http://whatsmyip.org does the IP address at the top of the page (you need to do this from your exchange server) match the one associated with your MX record if you goto http://www.mxtoolbox.com and enter your domain name?

0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 26124668
Any luck?
0
 

Author Comment

by:brandoincan
ID: 26124795
Everything as to what you mentioned above checked out ok.
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 26124809
And the telnet test?
0
 

Author Comment

by:brandoincan
ID: 26124893
yes, all good
0
 

Author Comment

by:brandoincan
ID: 26124895
you have a number I can reach you at?
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 26124934
We are not supposed to take contact away from the forums.

Is it possible to provide me with your domain details? My email address is in my profile.
0
 

Author Comment

by:brandoincan
ID: 26124973
ok, i will send it your email
0
 
LVL 74

Accepted Solution

by:
Glen Knight earned 2000 total points
ID: 26125128
Have you set your external domain name as authoritative in Organisation Configuration > Hub Transport> Accepted Domains?
0
 

Author Closing Comment

by:brandoincan
ID: 31669839
Glen was able to quickly figure out the issue. I needed to add the external domain as a accepted domain with the default being "true or false" (makes no difference), so therefore I can receive and send emails.

Well Done Glen

Brando
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you have come across a situation where you need to find some EDB mailbox recovery techniques, then here you will find the same. In this article, we will take you through three techniques using which you will be able to perform EDB recovery. You …
This article will help to fix the below errors for MS Exchange Server 2016 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
how to add IIS SMTP to handle application/Scanner relays into office 365.
Suggested Courses

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question