[Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 699
  • Last Modified:

SBS 2003 Exchange Not Sending Email

I have a brand new Microsoft Small Business Server 2003 that is setup as an Exchange box.  The configuration went very smoothly and I'm able to receive mail from the internet, but when I send mail it just sits in the queue with a status of "retry".

I turned on SMTP logging and this is all I see:
21:14:37 65.254.254.55 - - 0
21:15:37 65.254.254.54 - - 0
21:16:37 65.254.254.53 - - 0
21:18:53 65.254.254.52 - - 0
21:21:54 151.57.90.68 HELO - 250
21:21:54 151.57.90.68 MAIL - 250
21:21:54 151.57.90.68 RCPT - 250
21:21:57 151.57.90.68 DATA - 250
21:21:57 151.57.90.68 QUIT - 240
21:21:57 208.65.144.12 - - 0
21:21:57 208.65.144.12 EHLO - 0
21:21:57 208.65.144.12 - - 0
21:21:57 208.65.144.12 MAIL - 0
21:21:58 208.65.144.12 - - 0
21:21:58 208.65.144.12 RCPT - 0
21:21:58 208.65.144.12 - - 0
21:21:58 208.65.144.12 DATA - 0
21:21:58 208.65.144.12 - - 0
21:22:00 208.65.144.12 - - 0
21:22:00 208.65.144.12 QUIT - 0
21:22:00 208.65.144.12 - - 0

I don't see any event in the Event Viewer and the firewall doesn't show anything in it's logs.  To verify I did an nslookup for MX records fromt the server and I did a telnet to port 25 on an external mail server from the server.

I've tried this as several users including the Administrator.

Any suggestions greatly appreciated.

Thanks and Happy New Year!
0
Wolf1739
Asked:
Wolf1739
  • 16
  • 9
  • 8
  • +1
1 Solution
 
Rob WilliamsCommented:
Can you e-mail internally? i.e. from one domain user to another?
0
 
Rob WilliamsCommented:
I also assume you ran the CEICW (server management | Internet and E-mail | Connect to the Internet)? This needs to be run for Exchange to finish configuration. When you did so did you choose "use DNS to route e-mail" or "forward all e-mail to an e-mail service with your ISP"?

Is external DNS working properly? You can test this by trying to connect to a couple of external web sites with a browser.
0
 
Wolf1739Author Commented:
Yes I can email internally.

I did run the CEICW and I did choose the Use DNS to Route E-Mail.

I can browse the web from the server and from other computers on the network.
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
Alan HardistyCommented:
Can you please download and run the SBS 2003 and / or the Exchange 2003 Best Practices Analyzers and see what they throw up please:
SBS - http://www.microsoft.com/downloads/details.aspx?familyid=3874527A-DE19-49BB-800F-352F3B6F2922&displaylang=en
Exchange - http://www.microsoft.com/downloads/details.aspx?FamilyID=DBAB201F-4BEE-4943-AC22-E2DDBD258DF3&displaylang=en
Also, please check with your ISP that they are not blocking TCP port 25 outbound - quite a lot of them do now (and often deny it), so you may need to speak several times to them until they admit that they are!
0
 
Wolf1739Author Commented:
I did successfully telnet on port 25 to a mail server outside my firewall before I posted, but to be thorough I did it again and it was successful again.  (This was from the server)

I downloaded both the analyzers, but I've decided to download and install Exchange SP2 before I run them.  I'll post results shortly.
0
 
Wolf1739Author Commented:
Also, I did go to testexchangeconnectivity.com and ran both the Inbound and Outbound SMTP tests and both were succesful.  The Outbound test did give me a warning about not having an SPF record.
0
 
Wolf1739Author Commented:
OK, Windows SBS Analyzer results:

(7) Critical Issues
Windows SBS 2003 Service Pack 1 not installed (That's because Service Pack 2 is installed)
POP3 Connector has not been updated
Receive Side Scaling is enabled
Task Offloading is enabled
TCP Chimney is enabled
TCPA is enabled
Windows SharePoint Service 2.0 RTM version installed
0
 
Wolf1739Author Commented:
Exchange BPA results:

Health Check  - (2) Critical Issues
Paging file larger than Physical Memory
Database backup critical

Permission Check - No Issues

Connectivity Check - No Issues

0
 
Alan HardistyCommented:
You need to install SBS service pack 1 separately.  Exchange Service Pack 2 is different to SBS SP1.
0
 
Rob WilliamsCommented:
Though I doubt the service packs are the issue. The order in which they are installed is important:
Best practices states SBS Service packs should be installed in the following order:
Windows Server 2003 SP1
Exchange Server 2003 SP1
Windows SharePoint Services SP1
Windows Small Business Server 2003 Update KB891193 for Windows XP Service Pack 2
Windows Small Business Server 2003 SP1
ISA 2004 SP1 (If SBS premium and ISA installed)
SQL 2000 SP4 (If SBS premium and SQL installed)
Exchange Server 2003 SP2
Windows Server 2003 SP2

I don't believe any of the tests you ran actually verify mail was/can be sent from your server. Assuming you basically did a default install, and you have verified you can send internally, it is probably not a server issue. A few ISP's will block that traffic, but usually they do so on incoming SMTP, you could be blacklisted, or some other restriction.
I assume your ISP provides e-mail service. If so try switching to send using a smart host (forward all e-mail to an e-mail service with your ISP). This is the default configuration with SBS 2008 and does eliminate some of these issues. Just enter their server name such as  smtp.MyISP.com
0
 
Wolf1739Author Commented:
Rob,

I'm a little confused by your post.

If I can sit at the server console, use nslookup to find an mx record, and telnet to that mail host on port 25, then how is that any different than what my Exchange server is trying to do?

I'm just not following how my firewall or my ISP could be an issue in this scenario.

Also, it's not just some emails not going out, it's all emails.  So if it was a blacklist situation, wouldn't you expect at least a few to make it out?

0
 
Rob WilliamsCommented:
Telnet is an incoming connection, though I suppose the reply is a reasonable test.

It was just a suggestion. Do you have any others? 2 minutes to change.
0
 
Wolf1739Author Commented:
Alan,

Sorry, I was actually referring to Windows Server Service Pack 2.  I'm already past the SBS SP1 on the Server and the Exchange, but I'm downloading the SharePoint and SBS SP1 now.  Hopefully being out of step on the installation order won't be a significant problem.
0
 
Rob WilliamsCommented:
>>"Hopefully being out of step on the installation order won't be a significant problem."
It can be but I don't know which ones cause issues. The main issue I know is installing server 2003 SP1 before SBS SP1.
Prior to SP2 this order was quite critical. I have read a couple of articles that state you can skip SP1 and SBS SP1 and jump to SP 2 but I have yet to find confirmation of that.

Another thought. What are you using for Anti-virus software? Avast and a couple of others have been known to block outgoing mail from SBS until tweaked.
0
 
Wolf1739Author Commented:
Would you see any value in upgrading to IE7 or IE8 and rerunning the CEICW?
0
 
Wolf1739Author Commented:
Rob,

Since I'm already at Server SP2, would you recommend applying the SBS SP1?

Also, I haven't installed the server Anti-Virus yet.  I didn't want to complicate matters until after I knew everything was functional.
0
 
peakpeakCommented:
Your comment "I did successfully telnet on port 25 to a mail server outside my firewall" wraps it: No SP issues! Look further and outside the box
0
 
Rob WilliamsCommented:
>>"Since I'm already at Server SP2, would you recommend applying the SBS SP1?"
No I would not install it now.
0
 
Rob WilliamsCommented:
>>"Would you see any value in upgrading to IE7 or IE8"
No problem doing so but I cannot imagine that making a difference.

>>" and rerunning the CEICW?"
You can do that at any time and on occasion resolves problems.
Did you add the ISP's DNS in the CEICW? This is important as it adds them to the forwarders list in DNS. The SBS should point ONLY to itself for DNS, and not an ISP or router, even a an alternate.
0
 
Alan HardistyCommented:
Can you have a read through my FAQ to make sure your domain is setup properly:
http://www.it-eye.co.uk/faqs/readQuestion.php?qid=2
Also, if you click on one of the queues, at the bottom of the screen is additional queue information.  What does it say on for the queues?
0
 
Wolf1739Author Commented:
Rob,

I did add the ISP's DNS in the CEICW and the server is only looking at itself for DNS with no alternate.
0
 
Wolf1739Author Commented:
Alan,

It says "An SMTP Protocol Error Occurred"
0
 
peakpeakCommented:
Of Course: Telnet works and you're trying to apply different SP's ..
0
 
Alan HardistyCommented:
That sugests that you are being rejected at the receiving end.  Please run through my FAQ and check yourself on Blacklists, Check you have Reverse DNS setup and that you have an SPF record setup.
Are any mails leaving your server at all?
Can you please try a test email to alan @ it-eye.co.uk
0
 
Wolf1739Author Commented:
I did run the blacklist checks from your FAQ and I'm not on any of them.

My ISP didn't get the reverse DNS setup before the holiday, so I know that's not done yet.

I did just try to send you an email 2 minutes ago.
0
 
Alan HardistyCommented:
Does your domain name start with patriot?
0
 
Wolf1739Author Commented:
My email got bounced from your server, it says I'm listed in the Spamhaus PBL.
0
 
Alan HardistyCommented:
Your IP is listed on the Spamhaus Policy Block List:
http://www.spamhaus.org/pbl/query/PBL183851
Are you on a fixed IP address?  I am not convinced that you are and this wil be why you are on the block list.
0
 
Wolf1739Author Commented:
Alan,

Yes it does
0
 
Wolf1739Author Commented:
I will double check with the ISP, but a static address was requested.
0
 
Alan HardistyCommented:
It seems that you are in a dynamic address block, which is why the policy would apply.
If you cannot get through to the ISP, then you can visit www.whatismyip.com and check your IP address.  If you then reboot your router, and then check back again on www.whatismyip.com, if the IP has changed then you are definitely on a dynamic IP.  If you are on the same IP, then it is possible you are on a dynamic IP, but not guaranteed to be on a fixed IP.
If you are dynamic, this will explain why you can't sent mail to the vast majority of domains because dynamic IP's are not trusted as spammers use dynamic addresses.
If you are on a fixed IP address, then your ISP needs to talk to Spamhaus and get the IP block delisted.
0
 
Wolf1739Author Commented:
So, my email to you actually made it to your server.  

At this point is the most likely culprit for my problems the lack of reverse DNS?
0
 
Alan HardistyCommented:
Yes, your email hit my server and got rejected if you sent from administrator@patriot..............com
If you are on a fixed IP, then you need to get Reverse DNS setup.  If you are on a dynamic IP, you need to get a fixed IP and then get Reverse DNS setup.
At the moment, your biggest problem will be the Spamhaus PBL listing.
0
 
Alan HardistyCommented:
So, on reflection, your problem is not a sending problem, but more of a message being rejected problem due to being blacklisted.  The most likely cause is lack of a fixed IP Address.
I would start by calling your ISP and confirming your IP status to see if they have neglected to allocate you a Fixed IP Address.  Once you know you are on a fixed IP, then get them to setup Reverse DNS as mail.patriot.......com (I telnetted to your IP and you are set as mail.patriot............com) and then make sure the Fixed IP you have is not listed on any Blacklists (www.mxtoolbox.com/blacklists.aspx) and then drop me another test email.  If you are clean, setup properly and mail is flowing, you should be temporarily rejected and then allowed through on the second send attempt.
0
 
Rob WilliamsCommented:
Again, if you switch to using a smart host as outlined in ID:26158228 you will get around the blacklisting and the absence of a reverse DNS record. It is at least a good test to verify everything else is working.


Also verify you are not an open relay. This may be why you are blacklisted, and your ISP may choose to block the outgoing traffic from your IP until remedied.
http://www.amset.info/exchange/smtp-openrelay.asp
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

  • 16
  • 9
  • 8
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now