SBS 2008 exchange blocking all incoming email
sbs 2008 people cannot send mail to You do not have permission to send to this recipient. For assistance, contact your system administrator.
Worked last night when I set it up, now this morning it doesn't... wierd!
Worked last night when I set it up, now this morning it doesn't... wierd!
In permission groups that is. Also make sure port 25 is forwarded properly from your router
Shaun
Shaun
ASKER
Both are ok
ASKER
There was a SMTP communication problem with the recipient's email server. Please contact your system administrator. Is the bounceback im getting now.
So from outside run a telnet test to your server.
telnet mail.domain.com 25
Then try sending a message to an internal user.
ehlo yourdomai.com
mail from:<you@domain.com>
rcpt to:<internal@domain.com>
data
Test
.
Shaun
telnet mail.domain.com 25
Then try sending a message to an internal user.
ehlo yourdomai.com
mail from:<you@domain.com>
rcpt to:<internal@domain.com>
data
Test
.
Shaun
See here:
http://support.microsoft.com/kb/153119
Where does it fail?
Do you have any accepted domains setup on Exchange? You need to have your external domain setup.
Shaun
http://support.microsoft.com/kb/153119
Where does it fail?
Do you have any accepted domains setup on Exchange? You need to have your external domain setup.
Shaun
ASKER
does not connect when I telnet bur the port is forwarded properly. I do have the accepted domain set up for there domain.
If it doesn't connect then its one of two main causes probably:
1) It's not forwarded properly
2) The server is not listening on port 25.
If you go to the server, enable telnet and then telnet to local IP, does this work? If so, look for firewalls on server / before server and/or port forward issue.
Shaun
1) It's not forwarded properly
2) The server is not listening on port 25.
If you go to the server, enable telnet and then telnet to local IP, does this work? If so, look for firewalls on server / before server and/or port forward issue.
Shaun
If it doesn't connect, make sure the Microsoft Transport service is on and check the IP ranges on receive connector and make sure they are valid. Recreate the receive connector if in doubt on the network ranges of connector.
Shaun
Shaun
ASKER
I cannot find any forwarding or firewall issues. Could my problem doing a telnet be because it goes through a hosted spam filter?
You should be able to telnet directly to your receive connector unless you have specified IP restrictons so only a spam provider can connect to it to send mail? If so, how are you seeing this bounce back message? Coud it be a problem with spam provider? Do you get this messag internally?
Shaun
Shaun
ASKER
There's countless transport service errors saying
Failed to load config due to exception: Microsoft.Exchange.Data.Di
Failed to load config due to exception: Microsoft.Exchange.Data.Di
ASKER
anybody that email to that domain from the outside gets the bounceback.
ASKER
there's also transport logs that say it cannot fin 192.168.1.3 in AD but the servers ip is really 192.168.0.3. Am I missing some place I need to change that?
Is the Microsoft Exchange Transport service started?
It seems you have a more significant problem than just configuration error. Is this a single server scenario? Have you tried giving the server a reboot first of all before going into this any further?
After reboot, check the exchange services and run Health check from Exchange Management Console --> Tools --> Exchange Best Practices Analyser--> Health check.
Shaun
It seems you have a more significant problem than just configuration error. Is this a single server scenario? Have you tried giving the server a reboot first of all before going into this any further?
After reboot, check the exchange services and run Health check from Exchange Management Console --> Tools --> Exchange Best Practices Analyser--> Health check.
Shaun
It's SBS, so single server. Shouldn't have any trouble with finding a domain controller then! Reboot then follow instructions.
Shaun
Shaun
ASKER
Yes, I did a reboot prior to posting the question. Also I ran the health check
Mailbox True
Client Access True
Hub Transport False
Mailbox True
Client Access True
Hub Transport False
Health Check should give you more output than that.
Is the Microsoft Exchange Transport service started? All other exchange services started?
Can you telnet ON THE SERVER to itself? Tried recreating receive connector?
Shaun
Is the Microsoft Exchange Transport service started? All other exchange services started?
Can you telnet ON THE SERVER to itself? Tried recreating receive connector?
Shaun
ASKER
I can telnet to itself, transport shows started, and image is the results of health check
health-check.doc
health-check.doc
ASKER
I figured out the telnet problem but still cannot send email to there domain.
You want to run the Exchange Best Practices Analyser health check, not shell command.
Exchange Console --> Tools --> Exchange Best practices --> Health check.
If you can telnet locally on the server to itself and successfully send a message to a recipient but you cannot telnet from outside your network then it will be either incorrect network assignment on local/remote network tab of receive connector OR firewall blocking TCP 25, OR port forward wrong.
Can you telnet from an internal LAN PC to server?
Shaun
Exchange Console --> Tools --> Exchange Best practices --> Health check.
If you can telnet locally on the server to itself and successfully send a message to a recipient but you cannot telnet from outside your network then it will be either incorrect network assignment on local/remote network tab of receive connector OR firewall blocking TCP 25, OR port forward wrong.
Can you telnet from an internal LAN PC to server?
Shaun
If you can telnet from outside, then run through telnet test and where does it fail?
Use mxtoolbox.com diagnostics and post results.
Use http://testexchangeconnectivity.com inbound test and post results.
Make sure on receive connector Anonymous is ticked on permission group
Shaun
Use mxtoolbox.com diagnostics and post results.
Use http://testexchangeconnectivity.com inbound test and post results.
Make sure on receive connector Anonymous is ticked on permission group
Shaun
ASKER
While I'm doing this could you tell me why the bounceback message would say unable to relay?
Most likely causes are:
1) The email address used as the recipient is not in the accepted domain list on the server.
2) Anonymous connections are not allowed.
3) The sender IP is blacklisted and you use blacklist provider / static list on exchange (but this is not so likely as slightly different DSN for this).
Shaun
1) The email address used as the recipient is not in the accepted domain list on the server.
2) Anonymous connections are not allowed.
3) The sender IP is blacklisted and you use blacklist provider / static list on exchange (but this is not so likely as slightly different DSN for this).
Shaun
ASKER
How do you know if the address is in the accepted domain list? the other two causes are ok.
ASKER
Also the in bound test
Testing Inbound SMTP Mail flow for domainuser@domain.com
Failed to test inbound SMTP mail flow.
Test Steps
Attempting to retrieve DNS MX records for domain larrymeyerconstruction.com
Successfully retrieved one or more MX records from DNS
Additional Details
MX Records Host larrymeyerconstruction.com
, Host domain.com.netpros-inc.mai
Testing Mail Exchanger domain.com.netpros-inc.mai
One or more SMTP tests failed for this Mail Exchanger.
Test Steps
Testing Inbound SMTP Mail flow for domainuser@domain.com
Failed to test inbound SMTP mail flow.
Test Steps
Attempting to retrieve DNS MX records for domain larrymeyerconstruction.com
Successfully retrieved one or more MX records from DNS
Additional Details
MX Records Host larrymeyerconstruction.com
, Host domain.com.netpros-inc.mai
Testing Mail Exchanger domain.com.netpros-inc.mai
One or more SMTP tests failed for this Mail Exchanger.
Test Steps
ASKER
Testing Inbound SMTP Mail flow for domain excell-tec@larrymeyerconst
Failed to test inbound SMTP mail flow.
Test Steps
Attempting to retrieve DNS MX records for domain larrymeyerconstruction.com
Successfully retrieved one or more MX records from DNS
Additional Details
MX Records Host larrymeyerconstruction.com
, Host larrymeyerconstruction.com
Testing Mail Exchanger larrymeyerconstruction.com
One or more SMTP tests failed for this Mail Exchanger.
Test Steps
Attempting to resolve the host name larrymeyerconstruction.com
Host successfully resolved
Additional Details
IP(s) returned: 64.18.4.10
Testing TCP Port 25 on host larrymeyerconstruction.com
The port was opened successfully.
Additional Details
Banner Received: 220 Postini ESMTP 265 y6_24_0c10 ready. CA Business and Professions Code Section 17538.45 forbids use of this system for unsolicited electronic mail advertisements.
Attempting to send test email message to excell-tec@larrymeyerconst
The test message failed to be delivered.
Additional Details
Server returned status code 550 - Mailbox unavailable. The server response was: No such user - psmtp
Exception Details:
Message: Mailbox unavailable. The server response was: No such user - psmtp
Type: System.Net.Mail.SmtpFailed
Stack Trace:
at System.Net.Mail.SmtpTransp
at System.Net.Mail.SmtpClient
at Microsoft.Exchange.Tools.E
Failed to test inbound SMTP mail flow.
Test Steps
Attempting to retrieve DNS MX records for domain larrymeyerconstruction.com
Successfully retrieved one or more MX records from DNS
Additional Details
MX Records Host larrymeyerconstruction.com
, Host larrymeyerconstruction.com
Testing Mail Exchanger larrymeyerconstruction.com
One or more SMTP tests failed for this Mail Exchanger.
Test Steps
Attempting to resolve the host name larrymeyerconstruction.com
Host successfully resolved
Additional Details
IP(s) returned: 64.18.4.10
Testing TCP Port 25 on host larrymeyerconstruction.com
The port was opened successfully.
Additional Details
Banner Received: 220 Postini ESMTP 265 y6_24_0c10 ready. CA Business and Professions Code Section 17538.45 forbids use of this system for unsolicited electronic mail advertisements.
Attempting to send test email message to excell-tec@larrymeyerconst
The test message failed to be delivered.
Additional Details
Server returned status code 550 - Mailbox unavailable. The server response was: No such user - psmtp
Exception Details:
Message: Mailbox unavailable. The server response was: No such user - psmtp
Type: System.Net.Mail.SmtpFailed
Stack Trace:
at System.Net.Mail.SmtpTransp
at System.Net.Mail.SmtpClient
at Microsoft.Exchange.Tools.E
You have multiple problems.
Firstly, you have 2 DNS servers for your domain.
dns.netpros-inc.net
dns2.netpros-inc.net
One is pointing to smtp.larrymeyerconstructio
Neither of these is accepting mail for your domain. The psmtp.com (spam filtering you were talking about I guess) refuses because no mailbox.
Your server (smtp.xxx) refused because it doesn't like the domain name.
You need to do two things.
1) Make sure the domain is in your accepted domains list. Exchange Management Console --> Org Config --> Hub Transport --> Accepted Domains. If it isn't add authoritative domain for larrymeyerconstruction.com
Next, make sure you have a recipient called excell-tec in your organisation and they have been given the email domain larrymeyerconstruction.com
Thirdly, make sure your psmtp.com. (postini?) service is able to query your server for a list of valid users as I believe it can be configured for recipient validation.
Shaun
Firstly, you have 2 DNS servers for your domain.
dns.netpros-inc.net
dns2.netpros-inc.net
One is pointing to smtp.larrymeyerconstructio
Neither of these is accepting mail for your domain. The psmtp.com (spam filtering you were talking about I guess) refuses because no mailbox.
Your server (smtp.xxx) refused because it doesn't like the domain name.
You need to do two things.
1) Make sure the domain is in your accepted domains list. Exchange Management Console --> Org Config --> Hub Transport --> Accepted Domains. If it isn't add authoritative domain for larrymeyerconstruction.com
Next, make sure you have a recipient called excell-tec in your organisation and they have been given the email domain larrymeyerconstruction.com
Thirdly, make sure your psmtp.com. (postini?) service is able to query your server for a list of valid users as I believe it can be configured for recipient validation.
Shaun
I should point out that the DNS servers should really be giving out the same information, so either ALL email to smtp.xxx or ALL email to the psmtp.com. service OR you allow delivery to both with different priorities if you want to use psmtp.com. as a backup service.
The MX records should not really be different on these two nameservers.
Shaun
The MX records should not really be different on these two nameservers.
Shaun
ASKER
the mx record was changed a little while ago to bypass postini and is now going directly to the exchange server. I will worry about spam filtering later. All the steps listed above that you gave me were already set that way. Any other suggestions? One thing I might want to mention is that we set this server up identical to the old one before realizing that the inside domain name and email domain name were different and I fear that that's where everything has gone haywire.
You have two sets of MX records on your nameservers at the moment - that is an error that you should resolve. Unless you have requested that change and the DNS provider has not implemented it, its a problem.
So if you go to Exchange management shell and type:
Get-AcceptedDomain
What does it say? Does it have amcotech.com Domain type authoritative?
Does your receive connector have any network restrictions set for specific IP ranges? Try recreating the receive connector as a default Internet connector and then tick 'Anonymous users' in permission tab.
Shaun
So if you go to Exchange management shell and type:
Get-AcceptedDomain
What does it say? Does it have amcotech.com Domain type authoritative?
Does your receive connector have any network restrictions set for specific IP ranges? Try recreating the receive connector as a default Internet connector and then tick 'Anonymous users' in permission tab.
Shaun
ASKER
It has the .com as the default and the .local one below it. Also, I just went on mxtoolbox and there is only 1 mx record and it is pointing to there static. I've recreated the connector 3 times but I will do it again. Let me know if you have any other ideas.
ASKER
There was a SMTP communication problem with the recipient's email server. Please contact your system administrator. Is the bounceback I get now. I'm not sure if im putting the ehlo in properly. I have it as xxxx.com. Is this correct?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Part of it was a rollover that was installed and part was that IPv6 was disabled. Thanks for the excellent ideas though!
Glad to help,
Shaun
Shaun
Shaun