Avatar of excell-tec
excell-tec
Flag for United States of America asked on

SBS 2008 exchange blocking all incoming email

sbs 2008 people cannot send mail to You do not have permission to send to this recipient.  For assistance, contact your system administrator.

Worked last night when I set it up, now this morning it doesn't... wierd!
ExchangeSBS

Avatar of undefined
Last Comment
shauncroucher

8/22/2022 - Mon
shauncroucher

Ensure the 'Anonymous' tick box is on the receive connector properties

Shaun
shauncroucher

In permission groups that is. Also make sure port 25 is forwarded properly from your router

Shaun
excell-tec

ASKER
Both are ok
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy
excell-tec

ASKER
There was a SMTP communication problem with the recipient's email server.  Please contact your system administrator. Is the bounceback im getting now.
shauncroucher

So from outside run a telnet test to your server.

telnet mail.domain.com 25

Then try sending a message to an internal user.

ehlo yourdomai.com
mail from:<you@domain.com>
rcpt to:<internal@domain.com>
data
Test
.

Shaun
shauncroucher

See here:

http://support.microsoft.com/kb/153119

Where does it fail?

Do you have any accepted domains setup on Exchange? You need to have your external domain setup.

Shaun
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
excell-tec

ASKER
does not connect when I telnet bur the port is forwarded properly.  I do have the accepted domain set up for there domain.
shauncroucher

If it doesn't connect then its one of two main causes probably:

1) It's not forwarded properly
2) The server is not listening on port 25.

If you go to the server, enable telnet and then telnet to local IP, does this work? If so, look for firewalls on server / before server and/or port forward issue.

Shaun
shauncroucher

If it doesn't connect, make sure the Microsoft Transport service is on and check the IP ranges on receive connector and make sure they are valid. Recreate the receive connector if in doubt on the network ranges of connector.

Shaun
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
excell-tec

ASKER
I cannot find any forwarding or firewall issues.  Could my problem doing a telnet be because it goes through a hosted spam filter?
shauncroucher

You should be able to telnet directly to your receive connector unless you have specified IP restrictons so only a spam provider can connect to it to send mail? If so, how are you seeing this bounce back message? Coud it be a problem with spam provider? Do you get this messag internally?

Shaun
excell-tec

ASKER
There's countless transport service errors saying

Failed to load config due to exception: Microsoft.Exchange.Data.Directory.NoSuitableServerFoundException: The Exchange Topology service on server localhost did not return a suitable domain controller. at Microsoft.Exchange.Data.Directory.DSAccessTopologyProvider.GetConfigDCInfo(Boolean throwOnFailure) at Microsoft.Exchange.Data.Directory.TopologyProvider.PopulateConfigNamingContexts() at Microsoft.Exchange.Data.Directory.TopologyProvider.GetConfigurationNamingContext() at Microsoft.Exchange.Data.Directory.ADSession.GetConnection(String preferredServer, Boolean isWriteOperation, Boolean isNotifyOperation, ADObjectId& rootId) at Microsoft.Exchange.Data.Directory.ADSession.GetReadConnection(String preferredServer, ADObjectId& rootId) at Microsoft.Exchange.Data.Directory.ADSession.Find(ADObjectId rootId, String optionalBaseDN, ADObjectId readId, QueryScope scope, QueryFilter filter, SortBy sortBy, Int32 maxResults, IEnumerable`1 properties, CreateObjectDelegate objectCreator, CreateObjectsDelegate arrayCreator) at Microsoft.Exchange.Data.Directory.ADSession.Find(ADObjectId rootId, QueryScope scope, QueryFilter filter, SortBy sortBy, Int32 maxResults, IEnumerable`1 properties, CreateObjectDelegate objectCtor, CreateObjectsDelegate arrayCtor) at Microsoft.Exchange.Data.Directory.ADSession.Find[TResult](ADObjectId rootId, QueryScope scope, QueryFilter filter, SortBy sortBy, Int32 maxResults, IEnumerable`1 properties) at Microsoft.Exchange.Data.Directory.SystemConfiguration.ADSystemConfigurationSession.Find[TResult](ADObjectId rootId, QueryScope scope, QueryFilter filter, SortBy sortBy, Int32 maxResults) at Microsoft.Exchange.Data.Directory.SystemConfiguration.ADSystemConfigurationSession.FindServerByFqdn(String serverFqdn) at Microsoft.Exchange.Data.Directory.SystemConfiguration.ADSystemConfigurationSession.FindLocalServer() at Microsoft.Exchange.Transport.LocalServerConfiguration.<>c__DisplayClass2.<TryLoadLocalServer>b__0() at Microsoft.Exchange.Data.Directory.ADNotificationAdapter.RunADOperation(ADOperation adOperation, Int32 retryCount) at Microsoft.Exchange.Data.Directory.ADNotificationAdapter.TryRunADOperation(ADOperation adOperation, Int32 retryCount)
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
excell-tec

ASKER
anybody that email to that domain from the outside gets the bounceback.
excell-tec

ASKER
there's also transport logs that say it cannot fin 192.168.1.3 in AD but the servers ip is really 192.168.0.3.  Am I missing some place I need to change that?
shauncroucher

Is the Microsoft Exchange Transport service started?

It seems you have a more significant problem than just configuration error. Is this a single server scenario? Have you tried giving the server a reboot first of all before going into this any further?

After reboot, check the exchange services and run Health check from Exchange Management Console --> Tools --> Exchange Best Practices Analyser--> Health check.

Shaun
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
rwheeler23
shauncroucher

It's SBS, so single server. Shouldn't have any trouble with finding a domain controller then! Reboot then follow instructions.

Shaun
excell-tec

ASKER
Yes, I did a reboot prior to posting the question.  Also I ran the health check

Mailbox   True

Client Access True

Hub Transport False
shauncroucher

Health Check should give you more output than that.

Is the Microsoft Exchange Transport service started? All other exchange services started?

Can you telnet ON THE SERVER to itself? Tried recreating receive connector?

Shaun
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
excell-tec

ASKER
I can telnet to itself, transport shows started, and image is the results of health check


health-check.doc
excell-tec

ASKER
I figured out the telnet problem but still cannot send email to there domain.
shauncroucher

You want to run the Exchange Best Practices Analyser health check, not shell command.

Exchange Console --> Tools --> Exchange Best practices --> Health check.

If you can telnet locally on the server to itself and successfully send a message to a recipient but you cannot telnet from outside your network then it will be either incorrect network assignment on local/remote network tab of receive connector OR firewall blocking TCP 25, OR port forward wrong.

Can you telnet from an internal LAN PC to server?

Shaun
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck
shauncroucher

If you can telnet from outside, then run through telnet test and where does it fail?

Use mxtoolbox.com diagnostics and post results.

Use http://testexchangeconnectivity.com inbound test and post results.

Make sure on receive connector Anonymous is ticked on permission group

Shaun
excell-tec

ASKER
While I'm doing this could you tell me why the bounceback message would say unable to relay?
shauncroucher

Most likely causes are:

1) The email address used as the recipient is not in the accepted domain list on the server.

2) Anonymous connections are not allowed.

3) The sender IP is blacklisted and you use blacklist provider / static list on exchange (but this is not so likely as slightly different DSN for this).

Shaun
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
excell-tec

ASKER
How do you know if the address is in the accepted domain list?  the other two causes are ok.
excell-tec

ASKER
Also the in bound test

Testing Inbound SMTP Mail flow for domainuser@domain.com
  Failed to test inbound SMTP mail flow.
   Test Steps
   Attempting to retrieve DNS MX records for domain larrymeyerconstruction.com
  Successfully retrieved one or more MX records from DNS
   Additional Details
  MX Records Host larrymeyerconstruction.com.netpros-inc.mail2.psmtp.com, Preference 200
, Host domain.com.netpros-inc.mail1.psmtp.com, Preference 100
 
 
 Testing Mail Exchanger domain.com.netpros-inc.mail1.psmtp.com.
  One or more SMTP tests failed for this Mail Exchanger.
   Test Steps
 
 
 
excell-tec

ASKER
Testing Inbound SMTP Mail flow for domain excell-tec@larrymeyerconstruction.com
  Failed to test inbound SMTP mail flow.
   Test Steps
   Attempting to retrieve DNS MX records for domain larrymeyerconstruction.com
  Successfully retrieved one or more MX records from DNS
   Additional Details
  MX Records Host larrymeyerconstruction.com.netpros-inc.mail2.psmtp.com, Preference 200
, Host larrymeyerconstruction.com.netpros-inc.mail1.psmtp.com, Preference 100
 
 
 Testing Mail Exchanger larrymeyerconstruction.com.netpros-inc.mail1.psmtp.com.
  One or more SMTP tests failed for this Mail Exchanger.
   Test Steps
   Attempting to resolve the host name larrymeyerconstruction.com.netpros-inc.mail1.psmtp.com in DNS.
  Host successfully resolved
   Additional Details
  IP(s) returned: 64.18.4.10  
 
 Testing TCP Port 25 on host larrymeyerconstruction.com.netpros-inc.mail1.psmtp.com to ensure it is listening and open.
  The port was opened successfully.
   Additional Details
  Banner Received: 220 Postini ESMTP 265 y6_24_0c10 ready. CA Business and Professions Code Section 17538.45 forbids use of this system for unsolicited electronic mail advertisements.  
 
 Attempting to send test email message to excell-tec@larrymeyerconstruction.com using MX larrymeyerconstruction.com.netpros-inc.mail1.psmtp.com.
  The test message failed to be delivered.
   Additional Details
  Server returned status code 550 - Mailbox unavailable. The server response was: No such user - psmtp
Exception Details:
Message: Mailbox unavailable. The server response was: No such user - psmtp
Type: System.Net.Mail.SmtpFailedRecipientException
Stack Trace:
at System.Net.Mail.SmtpTransport.SendMail(MailAddress sender, MailAddressCollection recipients, String deliveryNotify, SmtpFailedRecipientException& exception)
at System.Net.Mail.SmtpClient.Send(MailMessage message)
at Microsoft.Exchange.Tools.ExRca.Tests.SmtpMessageTest.PerformTestReally()
 
 
 
 
 
 
Your help has saved me hundreds of hours of internet surfing.
fblack61
shauncroucher

You have multiple problems.

Firstly, you have 2 DNS servers for your domain.

dns.netpros-inc.net
dns2.netpros-inc.net

One is pointing to smtp.larrymeyerconstruction.com and the other is pointing to larrymeyerconstruction.com.netpros-inc.mail1.psmtp.com. - TWO DIFFERENT servers.

Neither of these is accepting mail for your domain. The psmtp.com (spam filtering you were talking about I guess) refuses because no mailbox.

Your server (smtp.xxx) refused because it doesn't like the domain name.

You need to do two things.

1) Make sure the domain is in your accepted domains list. Exchange Management Console --> Org Config --> Hub Transport --> Accepted Domains. If it isn't add authoritative domain for larrymeyerconstruction.com

Next, make sure you have a recipient called excell-tec in your organisation and they have been given the email domain larrymeyerconstruction.com.

Thirdly, make sure your psmtp.com. (postini?) service is able to query your server for a list of valid users as I believe it can be configured for recipient validation.

Shaun
shauncroucher

I should point out that the DNS servers should really be giving out the same information, so either ALL email to smtp.xxx or ALL email to the psmtp.com. service OR you allow delivery to both with different priorities if you want to use psmtp.com. as a backup service.

The MX records should not really be different on these two nameservers.

Shaun
shauncroucher

⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
excell-tec

ASKER
the mx record was changed a little while ago to bypass postini and is now going directly to the exchange server.  I will worry about spam filtering later.  All the steps listed above that you gave me were already set that way.  Any other suggestions?  One thing I might want to mention is that we set this server up identical to the old one before realizing that the inside domain name and email domain name were different and I fear that that's where everything has gone haywire.
shauncroucher

You have two sets of MX records on your nameservers at the moment - that is an error that you should resolve. Unless you have requested that change and the DNS provider has not implemented it, its a problem.

So if you go to Exchange management shell and type:

Get-AcceptedDomain

What does it say? Does it have amcotech.com Domain type authoritative?

Does your receive connector have any network restrictions set for specific IP ranges? Try recreating the receive connector as a default Internet connector and then tick 'Anonymous users' in permission tab.

Shaun
excell-tec

ASKER
It has the .com as the default and the .local one below it.  Also, I just went on mxtoolbox and there is only 1 mx record and it is pointing to there static.  I've recreated the connector 3 times but I will do it again.  Let me know if you have any other ideas.
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes
excell-tec

ASKER
There was a SMTP communication problem with the recipient's email server.  Please contact your system administrator.  Is the bounceback I get now.  I'm not sure if im putting the ehlo in properly.  I have it as xxxx.com.  Is this correct?
ASKER CERTIFIED SOLUTION
shauncroucher

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
excell-tec

ASKER
Part of it was a rollover that was installed and part was that IPv6 was disabled.  Thanks for the excellent ideas though!
shauncroucher

Glad to help,

Shaun
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.