Wolf1739
asked on
SBS 2003 Exchange Not Sending Email
I have a brand new Microsoft Small Business Server 2003 that is setup as an Exchange box. The configuration went very smoothly and I'm able to receive mail from the internet, but when I send mail it just sits in the queue with a status of "retry".
I turned on SMTP logging and this is all I see:
21:14:37 65.254.254.55 - - 0
21:15:37 65.254.254.54 - - 0
21:16:37 65.254.254.53 - - 0
21:18:53 65.254.254.52 - - 0
21:21:54 151.57.90.68 HELO - 250
21:21:54 151.57.90.68 MAIL - 250
21:21:54 151.57.90.68 RCPT - 250
21:21:57 151.57.90.68 DATA - 250
21:21:57 151.57.90.68 QUIT - 240
21:21:57 208.65.144.12 - - 0
21:21:57 208.65.144.12 EHLO - 0
21:21:57 208.65.144.12 - - 0
21:21:57 208.65.144.12 MAIL - 0
21:21:58 208.65.144.12 - - 0
21:21:58 208.65.144.12 RCPT - 0
21:21:58 208.65.144.12 - - 0
21:21:58 208.65.144.12 DATA - 0
21:21:58 208.65.144.12 - - 0
21:22:00 208.65.144.12 - - 0
21:22:00 208.65.144.12 QUIT - 0
21:22:00 208.65.144.12 - - 0
I don't see any event in the Event Viewer and the firewall doesn't show anything in it's logs. To verify I did an nslookup for MX records fromt the server and I did a telnet to port 25 on an external mail server from the server.
I've tried this as several users including the Administrator.
Any suggestions greatly appreciated.
Thanks and Happy New Year!
I turned on SMTP logging and this is all I see:
21:14:37 65.254.254.55 - - 0
21:15:37 65.254.254.54 - - 0
21:16:37 65.254.254.53 - - 0
21:18:53 65.254.254.52 - - 0
21:21:54 151.57.90.68 HELO - 250
21:21:54 151.57.90.68 MAIL - 250
21:21:54 151.57.90.68 RCPT - 250
21:21:57 151.57.90.68 DATA - 250
21:21:57 151.57.90.68 QUIT - 240
21:21:57 208.65.144.12 - - 0
21:21:57 208.65.144.12 EHLO - 0
21:21:57 208.65.144.12 - - 0
21:21:57 208.65.144.12 MAIL - 0
21:21:58 208.65.144.12 - - 0
21:21:58 208.65.144.12 RCPT - 0
21:21:58 208.65.144.12 - - 0
21:21:58 208.65.144.12 DATA - 0
21:21:58 208.65.144.12 - - 0
21:22:00 208.65.144.12 - - 0
21:22:00 208.65.144.12 QUIT - 0
21:22:00 208.65.144.12 - - 0
I don't see any event in the Event Viewer and the firewall doesn't show anything in it's logs. To verify I did an nslookup for MX records fromt the server and I did a telnet to port 25 on an external mail server from the server.
I've tried this as several users including the Administrator.
Any suggestions greatly appreciated.
Thanks and Happy New Year!
Can you e-mail internally? i.e. from one domain user to another?
I also assume you ran the CEICW (server management | Internet and E-mail | Connect to the Internet)? This needs to be run for Exchange to finish configuration. When you did so did you choose "use DNS to route e-mail" or "forward all e-mail to an e-mail service with your ISP"?
Is external DNS working properly? You can test this by trying to connect to a couple of external web sites with a browser.
Is external DNS working properly? You can test this by trying to connect to a couple of external web sites with a browser.
ASKER
Yes I can email internally.
I did run the CEICW and I did choose the Use DNS to Route E-Mail.
I can browse the web from the server and from other computers on the network.
I did run the CEICW and I did choose the Use DNS to Route E-Mail.
I can browse the web from the server and from other computers on the network.
To troubleshoot further try SMTP through Telnet:
http://www.msexchange.org/tutorials/Telnet-Exchange2003-POP3-SMTP-Troubleshooting.html
http://www.yuki-onna.co.uk/email/smtp.html
http://support.microsoft.com/kb/323350
http://www.msexchange.org/tutorials/Telnet-Exchange2003-POP3-SMTP-Troubleshooting.html
http://www.yuki-onna.co.uk/email/smtp.html
http://support.microsoft.com/kb/323350
Can you please download and run the SBS 2003 and / or the Exchange 2003 Best Practices Analyzers and see what they throw up please:
SBS - http://www.microsoft.com/downloads/details.aspx?familyid=3874527A-DE19-49BB-800F-352F3B6F2922&displaylang=en
Exchange - http://www.microsoft.com/downloads/details.aspx?FamilyID=DBAB201F-4BEE-4943-AC22-E2DDBD258DF3&displaylang=en
Also, please check with your ISP that they are not blocking TCP port 25 outbound - quite a lot of them do now (and often deny it), so you may need to speak several times to them until they admit that they are!
SBS - http://www.microsoft.com/downloads/details.aspx?familyid=3874527A-DE19-49BB-800F-352F3B6F2922&displaylang=en
Exchange - http://www.microsoft.com/downloads/details.aspx?FamilyID=DBAB201F-4BEE-4943-AC22-E2DDBD258DF3&displaylang=en
Also, please check with your ISP that they are not blocking TCP port 25 outbound - quite a lot of them do now (and often deny it), so you may need to speak several times to them until they admit that they are!
ASKER
I did successfully telnet on port 25 to a mail server outside my firewall before I posted, but to be thorough I did it again and it was successful again. (This was from the server)
I downloaded both the analyzers, but I've decided to download and install Exchange SP2 before I run them. I'll post results shortly.
I downloaded both the analyzers, but I've decided to download and install Exchange SP2 before I run them. I'll post results shortly.
ASKER
Also, I did go to testexchangeconnectivity.c om and ran both the Inbound and Outbound SMTP tests and both were succesful. The Outbound test did give me a warning about not having an SPF record.
ASKER
OK, Windows SBS Analyzer results:
(7) Critical Issues
Windows SBS 2003 Service Pack 1 not installed (That's because Service Pack 2 is installed)
POP3 Connector has not been updated
Receive Side Scaling is enabled
Task Offloading is enabled
TCP Chimney is enabled
TCPA is enabled
Windows SharePoint Service 2.0 RTM version installed
(7) Critical Issues
Windows SBS 2003 Service Pack 1 not installed (That's because Service Pack 2 is installed)
POP3 Connector has not been updated
Receive Side Scaling is enabled
Task Offloading is enabled
TCP Chimney is enabled
TCPA is enabled
Windows SharePoint Service 2.0 RTM version installed
ASKER
Exchange BPA results:
Health Check - (2) Critical Issues
Paging file larger than Physical Memory
Database backup critical
Permission Check - No Issues
Connectivity Check - No Issues
Health Check - (2) Critical Issues
Paging file larger than Physical Memory
Database backup critical
Permission Check - No Issues
Connectivity Check - No Issues
You need to install SBS service pack 1 separately. Exchange Service Pack 2 is different to SBS SP1.
Though I doubt the service packs are the issue. The order in which they are installed is important:
Best practices states SBS Service packs should be installed in the following order:
Windows Server 2003 SP1
Exchange Server 2003 SP1
Windows SharePoint Services SP1
Windows Small Business Server 2003 Update KB891193 for Windows XP Service Pack 2
Windows Small Business Server 2003 SP1
ISA 2004 SP1 (If SBS premium and ISA installed)
SQL 2000 SP4 (If SBS premium and SQL installed)
Exchange Server 2003 SP2
Windows Server 2003 SP2
I don't believe any of the tests you ran actually verify mail was/can be sent from your server. Assuming you basically did a default install, and you have verified you can send internally, it is probably not a server issue. A few ISP's will block that traffic, but usually they do so on incoming SMTP, you could be blacklisted, or some other restriction.
I assume your ISP provides e-mail service. If so try switching to send using a smart host (forward all e-mail to an e-mail service with your ISP). This is the default configuration with SBS 2008 and does eliminate some of these issues. Just enter their server name such as smtp.MyISP.com
Best practices states SBS Service packs should be installed in the following order:
Windows Server 2003 SP1
Exchange Server 2003 SP1
Windows SharePoint Services SP1
Windows Small Business Server 2003 Update KB891193 for Windows XP Service Pack 2
Windows Small Business Server 2003 SP1
ISA 2004 SP1 (If SBS premium and ISA installed)
SQL 2000 SP4 (If SBS premium and SQL installed)
Exchange Server 2003 SP2
Windows Server 2003 SP2
I don't believe any of the tests you ran actually verify mail was/can be sent from your server. Assuming you basically did a default install, and you have verified you can send internally, it is probably not a server issue. A few ISP's will block that traffic, but usually they do so on incoming SMTP, you could be blacklisted, or some other restriction.
I assume your ISP provides e-mail service. If so try switching to send using a smart host (forward all e-mail to an e-mail service with your ISP). This is the default configuration with SBS 2008 and does eliminate some of these issues. Just enter their server name such as smtp.MyISP.com
ASKER
Rob,
I'm a little confused by your post.
If I can sit at the server console, use nslookup to find an mx record, and telnet to that mail host on port 25, then how is that any different than what my Exchange server is trying to do?
I'm just not following how my firewall or my ISP could be an issue in this scenario.
Also, it's not just some emails not going out, it's all emails. So if it was a blacklist situation, wouldn't you expect at least a few to make it out?
I'm a little confused by your post.
If I can sit at the server console, use nslookup to find an mx record, and telnet to that mail host on port 25, then how is that any different than what my Exchange server is trying to do?
I'm just not following how my firewall or my ISP could be an issue in this scenario.
Also, it's not just some emails not going out, it's all emails. So if it was a blacklist situation, wouldn't you expect at least a few to make it out?
Telnet is an incoming connection, though I suppose the reply is a reasonable test.
It was just a suggestion. Do you have any others? 2 minutes to change.
It was just a suggestion. Do you have any others? 2 minutes to change.
ASKER
Alan,
Sorry, I was actually referring to Windows Server Service Pack 2. I'm already past the SBS SP1 on the Server and the Exchange, but I'm downloading the SharePoint and SBS SP1 now. Hopefully being out of step on the installation order won't be a significant problem.
Sorry, I was actually referring to Windows Server Service Pack 2. I'm already past the SBS SP1 on the Server and the Exchange, but I'm downloading the SharePoint and SBS SP1 now. Hopefully being out of step on the installation order won't be a significant problem.
>>"Hopefully being out of step on the installation order won't be a significant problem."
It can be but I don't know which ones cause issues. The main issue I know is installing server 2003 SP1 before SBS SP1.
Prior to SP2 this order was quite critical. I have read a couple of articles that state you can skip SP1 and SBS SP1 and jump to SP 2 but I have yet to find confirmation of that.
Another thought. What are you using for Anti-virus software? Avast and a couple of others have been known to block outgoing mail from SBS until tweaked.
It can be but I don't know which ones cause issues. The main issue I know is installing server 2003 SP1 before SBS SP1.
Prior to SP2 this order was quite critical. I have read a couple of articles that state you can skip SP1 and SBS SP1 and jump to SP 2 but I have yet to find confirmation of that.
Another thought. What are you using for Anti-virus software? Avast and a couple of others have been known to block outgoing mail from SBS until tweaked.
ASKER
Would you see any value in upgrading to IE7 or IE8 and rerunning the CEICW?
ASKER
Rob,
Since I'm already at Server SP2, would you recommend applying the SBS SP1?
Also, I haven't installed the server Anti-Virus yet. I didn't want to complicate matters until after I knew everything was functional.
Since I'm already at Server SP2, would you recommend applying the SBS SP1?
Also, I haven't installed the server Anti-Virus yet. I didn't want to complicate matters until after I knew everything was functional.
Your comment "I did successfully telnet on port 25 to a mail server outside my firewall" wraps it: No SP issues! Look further and outside the box
>>"Since I'm already at Server SP2, would you recommend applying the SBS SP1?"
No I would not install it now.
No I would not install it now.
>>"Would you see any value in upgrading to IE7 or IE8"
No problem doing so but I cannot imagine that making a difference.
>>" and rerunning the CEICW?"
You can do that at any time and on occasion resolves problems.
Did you add the ISP's DNS in the CEICW? This is important as it adds them to the forwarders list in DNS. The SBS should point ONLY to itself for DNS, and not an ISP or router, even a an alternate.
No problem doing so but I cannot imagine that making a difference.
>>" and rerunning the CEICW?"
You can do that at any time and on occasion resolves problems.
Did you add the ISP's DNS in the CEICW? This is important as it adds them to the forwarders list in DNS. The SBS should point ONLY to itself for DNS, and not an ISP or router, even a an alternate.
Can you have a read through my FAQ to make sure your domain is setup properly:
http://www.it-eye.co.uk/faqs/readQuestion.php?qid=2
Also, if you click on one of the queues, at the bottom of the screen is additional queue information. What does it say on for the queues?
http://www.it-eye.co.uk/faqs/readQuestion.php?qid=2
Also, if you click on one of the queues, at the bottom of the screen is additional queue information. What does it say on for the queues?
ASKER
Rob,
I did add the ISP's DNS in the CEICW and the server is only looking at itself for DNS with no alternate.
I did add the ISP's DNS in the CEICW and the server is only looking at itself for DNS with no alternate.
ASKER
Alan,
It says "An SMTP Protocol Error Occurred"
It says "An SMTP Protocol Error Occurred"
Of Course: Telnet works and you're trying to apply different SP's ..
That sugests that you are being rejected at the receiving end. Please run through my FAQ and check yourself on Blacklists, Check you have Reverse DNS setup and that you have an SPF record setup.
Are any mails leaving your server at all?
Can you please try a test email to alan @ it-eye.co.uk
Are any mails leaving your server at all?
Can you please try a test email to alan @ it-eye.co.uk
ASKER
I did run the blacklist checks from your FAQ and I'm not on any of them.
My ISP didn't get the reverse DNS setup before the holiday, so I know that's not done yet.
I did just try to send you an email 2 minutes ago.
My ISP didn't get the reverse DNS setup before the holiday, so I know that's not done yet.
I did just try to send you an email 2 minutes ago.
Does your domain name start with patriot?
ASKER
My email got bounced from your server, it says I'm listed in the Spamhaus PBL.
Your IP is listed on the Spamhaus Policy Block List:
http://www.spamhaus.org/pbl/query/PBL183851
Are you on a fixed IP address? I am not convinced that you are and this wil be why you are on the block list.
http://www.spamhaus.org/pbl/query/PBL183851
Are you on a fixed IP address? I am not convinced that you are and this wil be why you are on the block list.
ASKER
Alan,
Yes it does
Yes it does
ASKER
I will double check with the ISP, but a static address was requested.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
So, my email to you actually made it to your server.
At this point is the most likely culprit for my problems the lack of reverse DNS?
At this point is the most likely culprit for my problems the lack of reverse DNS?
Yes, your email hit my server and got rejected if you sent from administrator@patriot..... .........c om
If you are on a fixed IP, then you need to get Reverse DNS setup. If you are on a dynamic IP, you need to get a fixed IP and then get Reverse DNS setup.
At the moment, your biggest problem will be the Spamhaus PBL listing.
If you are on a fixed IP, then you need to get Reverse DNS setup. If you are on a dynamic IP, you need to get a fixed IP and then get Reverse DNS setup.
At the moment, your biggest problem will be the Spamhaus PBL listing.
So, on reflection, your problem is not a sending problem, but more of a message being rejected problem due to being blacklisted. The most likely cause is lack of a fixed IP Address.
I would start by calling your ISP and confirming your IP status to see if they have neglected to allocate you a Fixed IP Address. Once you know you are on a fixed IP, then get them to setup Reverse DNS as mail.patriot.......com (I telnetted to your IP and you are set as mail.patriot............co m) and then make sure the Fixed IP you have is not listed on any Blacklists (www.mxtoolbox.com/blacklists.aspx) and then drop me another test email. If you are clean, setup properly and mail is flowing, you should be temporarily rejected and then allowed through on the second send attempt.
I would start by calling your ISP and confirming your IP status to see if they have neglected to allocate you a Fixed IP Address. Once you know you are on a fixed IP, then get them to setup Reverse DNS as mail.patriot.......com (I telnetted to your IP and you are set as mail.patriot............co
Again, if you switch to using a smart host as outlined in ID:26158228 you will get around the blacklisting and the absence of a reverse DNS record. It is at least a good test to verify everything else is working.
Also verify you are not an open relay. This may be why you are blacklisted, and your ISP may choose to block the outgoing traffic from your IP until remedied.
http://www.amset.info/exchange/smtp-openrelay.asp
Also verify you are not an open relay. This may be why you are blacklisted, and your ISP may choose to block the outgoing traffic from your IP until remedied.
http://www.amset.info/exchange/smtp-openrelay.asp