SBS 2008 exchange blocking all incoming email

Ensure the 'Anonymous' tick box is on the receive connector properties

Shaun

In permission groups that is. Also make sure port 25 is forwarded properly from your router

Shaun

Both are ok

There was a SMTP communication problem with the recipient's email server.  Please contact your system administrator. Is the bounceback im getting now.

So from outside run a telnet test to your server.

telnet mail.domain.com 25

Then try sending a message to an internal user.

ehlo yourdomai.com
mail from:<you@domain.com>
rcpt to:<internal@domain.com>
data
Test
.

Shaun

See here:

http://support.microsoft.com/kb/153119

Where does it fail?

Do you have any accepted domains setup on Exchange? You need to have your external domain setup.

Shaun

does not connect when I telnet bur the port is forwarded properly.  I do have the accepted domain set up for there domain.

If it doesn't connect then its one of two main causes probably:

1) It's not forwarded properly
2) The server is not listening on port 25.

If you go to the server, enable telnet and then telnet to local IP, does this work? If so, look for firewalls on server / before server and/or port forward issue.

Shaun

If it doesn't connect, make sure the Microsoft Transport service is on and check the IP ranges on receive connector and make sure they are valid. Recreate the receive connector if in doubt on the network ranges of connector.

Shaun

I cannot find any forwarding or firewall issues.  Could my problem doing a telnet be because it goes through a hosted spam filter?

You should be able to telnet directly to your receive connector unless you have specified IP restrictons so only a spam provider can connect to it to send mail? If so, how are you seeing this bounce back message? Coud it be a problem with spam provider? Do you get this messag internally?

Shaun

There's countless transport service errors saying

Failed to load config due to exception: Microsoft.Exchange.Data.Directory.NoSuitableServerFoundException: The Exchange Topology service on server localhost did not return a suitable domain controller. at Microsoft.Exchange.Data.Directory.DSAccessTopologyProvider.GetConfigDCInfo(Boolean throwOnFailure) at Microsoft.Exchange.Data.Directory.TopologyProvider.PopulateConfigNamingContexts() at Microsoft.Exchange.Data.Directory.TopologyProvider.GetConfigurationNamingContext() at Microsoft.Exchange.Data.Directory.ADSession.GetConnection(String preferredServer, Boolean isWriteOperation, Boolean isNotifyOperation, ADObjectId& rootId) at Microsoft.Exchange.Data.Directory.ADSession.GetReadConnection(String preferredServer, ADObjectId& rootId) at Microsoft.Exchange.Data.Directory.ADSession.Find(ADObjectId rootId, String optionalBaseDN, ADObjectId readId, QueryScope scope, QueryFilter filter, SortBy sortBy, Int32 maxResults, IEnumerable`1 properties, CreateObjectDelegate objectCreator, CreateObjectsDelegate arrayCreator) at Microsoft.Exchange.Data.Directory.ADSession.Find(ADObjectId rootId, QueryScope scope, QueryFilter filter, SortBy sortBy, Int32 maxResults, IEnumerable`1 properties, CreateObjectDelegate objectCtor, CreateObjectsDelegate arrayCtor) at Microsoft.Exchange.Data.Directory.ADSession.Find[TResult](ADObjectId rootId, QueryScope scope, QueryFilter filter, SortBy sortBy, Int32 maxResults, IEnumerable`1 properties) at Microsoft.Exchange.Data.Directory.SystemConfiguration.ADSystemConfigurationSession.Find[TResult](ADObjectId rootId, QueryScope scope, QueryFilter filter, SortBy sortBy, Int32 maxResults) at Microsoft.Exchange.Data.Directory.SystemConfiguration.ADSystemConfigurationSession.FindServerByFqdn(String serverFqdn) at Microsoft.Exchange.Data.Directory.SystemConfiguration.ADSystemConfigurationSession.FindLocalServer() at Microsoft.Exchange.Transport.LocalServerConfiguration.<>c__DisplayClass2.<TryLoadLocalServer>b__0() at Microsoft.Exchange.Data.Directory.ADNotificationAdapter.RunADOperation(ADOperation adOperation, Int32 retryCount) at Microsoft.Exchange.Data.Directory.ADNotificationAdapter.TryRunADOperation(ADOperation adOperation, Int32 retryCount)

anybody that email to that domain from the outside gets the bounceback.

there's also transport logs that say it cannot fin 192.168.1.3 in AD but the servers ip is really 192.168.0.3.  Am I missing some place I need to change that?

Is the Microsoft Exchange Transport service started?

It seems you have a more significant problem than just configuration error. Is this a single server scenario? Have you tried giving the server a reboot first of all before going into this any further?

After reboot, check the exchange services and run Health check from Exchange Management Console --> Tools --> Exchange Best Practices Analyser--> Health check.

Shaun

It's SBS, so single server. Shouldn't have any trouble with finding a domain controller then! Reboot then follow instructions.

Shaun

Yes, I did a reboot prior to posting the question.  Also I ran the health check

Mailbox   True

Client Access True

Hub Transport False

Health Check should give you more output than that.

Is the Microsoft Exchange Transport service started? All other exchange services started?

Can you telnet ON THE SERVER to itself? Tried recreating receive connector?

Shaun

I can telnet to itself, transport shows started, and image is the results of health check


health-check.doc

I figured out the telnet problem but still cannot send email to there domain.

You want to run the Exchange Best Practices Analyser health check, not shell command.

Exchange Console --> Tools --> Exchange Best practices --> Health check.

If you can telnet locally on the server to itself and successfully send a message to a recipient but you cannot telnet from outside your network then it will be either incorrect network assignment on local/remote network tab of receive connector OR firewall blocking TCP 25, OR port forward wrong.

Can you telnet from an internal LAN PC to server?

Shaun

If you can telnet from outside, then run through telnet test and where does it fail?

Use mxtoolbox.com diagnostics and post results.

Use http://testexchangeconnectivity.com inbound test and post results.

Make sure on receive connector Anonymous is ticked on permission group

Shaun

While I'm doing this could you tell me why the bounceback message would say unable to relay?

Most likely causes are:

1) The email address used as the recipient is not in the accepted domain list on the server.

2) Anonymous connections are not allowed.

3) The sender IP is blacklisted and you use blacklist provider / static list on exchange (but this is not so likely as slightly different DSN for this).

Shaun

How do you know if the address is in the accepted domain list?  the other two causes are ok.

Also the in bound test

Testing Inbound SMTP Mail flow for domainuser@domain.com
  Failed to test inbound SMTP mail flow.
   Test Steps
   Attempting to retrieve DNS MX records for domain larrymeyerconstruction.com
  Successfully retrieved one or more MX records from DNS
   Additional Details
  MX Records Host larrymeyerconstruction.com.netpros-inc.mail2.psmtp.com, Preference 200
, Host domain.com.netpros-inc.mail1.psmtp.com, Preference 100
 
 
 Testing Mail Exchanger domain.com.netpros-inc.mail1.psmtp.com.
  One or more SMTP tests failed for this Mail Exchanger.
   Test Steps
 
 
 

Testing Inbound SMTP Mail flow for domain excell-tec@larrymeyerconstruction.com
  Failed to test inbound SMTP mail flow.
   Test Steps
   Attempting to retrieve DNS MX records for domain larrymeyerconstruction.com
  Successfully retrieved one or more MX records from DNS
   Additional Details
  MX Records Host larrymeyerconstruction.com.netpros-inc.mail2.psmtp.com, Preference 200
, Host larrymeyerconstruction.com.netpros-inc.mail1.psmtp.com, Preference 100
 
 
 Testing Mail Exchanger larrymeyerconstruction.com.netpros-inc.mail1.psmtp.com.
  One or more SMTP tests failed for this Mail Exchanger.
   Test Steps
   Attempting to resolve the host name larrymeyerconstruction.com.netpros-inc.mail1.psmtp.com in DNS.
  Host successfully resolved
   Additional Details
  IP(s) returned: 64.18.4.10  
 
 Testing TCP Port 25 on host larrymeyerconstruction.com.netpros-inc.mail1.psmtp.com to ensure it is listening and open.
  The port was opened successfully.
   Additional Details
  Banner Received: 220 Postini ESMTP 265 y6_24_0c10 ready. CA Business and Professions Code Section 17538.45 forbids use of this system for unsolicited electronic mail advertisements.  
 
 Attempting to send test email message to excell-tec@larrymeyerconstruction.com using MX larrymeyerconstruction.com.netpros-inc.mail1.psmtp.com.
  The test message failed to be delivered.
   Additional Details
  Server returned status code 550 - Mailbox unavailable. The server response was: No such user - psmtp
Exception Details:
Message: Mailbox unavailable. The server response was: No such user - psmtp
Type: System.Net.Mail.SmtpFailedRecipientException
Stack Trace:
at System.Net.Mail.SmtpTransport.SendMail(MailAddress sender, MailAddressCollection recipients, String deliveryNotify, SmtpFailedRecipientException& exception)
at System.Net.Mail.SmtpClient.Send(MailMessage message)
at Microsoft.Exchange.Tools.ExRca.Tests.SmtpMessageTest.PerformTestReally()
 
 
 
 
 
 

You have multiple problems.

Firstly, you have 2 DNS servers for your domain.

dns.netpros-inc.net
dns2.netpros-inc.net

One is pointing to smtp.larrymeyerconstruction.com and the other is pointing to larrymeyerconstruction.com.netpros-inc.mail1.psmtp.com. - TWO DIFFERENT servers.

Neither of these is accepting mail for your domain. The psmtp.com (spam filtering you were talking about I guess) refuses because no mailbox.

Your server (smtp.xxx) refused because it doesn't like the domain name.

You need to do two things.

1) Make sure the domain is in your accepted domains list. Exchange Management Console --> Org Config --> Hub Transport --> Accepted Domains. If it isn't add authoritative domain for larrymeyerconstruction.com

Next, make sure you have a recipient called excell-tec in your organisation and they have been given the email domain larrymeyerconstruction.com.

Thirdly, make sure your psmtp.com. (postini?) service is able to query your server for a list of valid users as I believe it can be configured for recipient validation.

Shaun

I should point out that the DNS servers should really be giving out the same information, so either ALL email to smtp.xxx or ALL email to the psmtp.com. service OR you allow delivery to both with different priorities if you want to use psmtp.com. as a backup service.

The MX records should not really be different on these two nameservers.

Shaun

Have a good read through these:

http://www.petri.co.il/configure-exchange-2007-recieve-email-other-domains.htm

http://www.petri.co.il/configure_mx_records_for_incoming_smtp_email_traffic.htm

Shaun

the mx record was changed a little while ago to bypass postini and is now going directly to the exchange server.  I will worry about spam filtering later.  All the steps listed above that you gave me were already set that way.  Any other suggestions?  One thing I might want to mention is that we set this server up identical to the old one before realizing that the inside domain name and email domain name were different and I fear that that's where everything has gone haywire.

You have two sets of MX records on your nameservers at the moment - that is an error that you should resolve. Unless you have requested that change and the DNS provider has not implemented it, its a problem.

So if you go to Exchange management shell and type:

Get-AcceptedDomain

What does it say? Does it have amcotech.com Domain type authoritative?

Does your receive connector have any network restrictions set for specific IP ranges? Try recreating the receive connector as a default Internet connector and then tick 'Anonymous users' in permission tab.

Shaun

It has the .com as the default and the .local one below it.  Also, I just went on mxtoolbox and there is only 1 mx record and it is pointing to there static.  I've recreated the connector 3 times but I will do it again.  Let me know if you have any other ideas.

There was a SMTP communication problem with the recipient's email server.  Please contact your system administrator.  Is the bounceback I get now.  I'm not sure if im putting the ehlo in properly.  I have it as xxxx.com.  Is this correct?

Part of it was a rollover that was installed and part was that IPv6 was disabled.  Thanks for the excellent ideas though!

Glad to help,

Shaun