jeania
asked on
Exchange and no incoming mail
I changed ISP today and everything seems to be working right except my incoming mail. I can send mail internal and external. I can receive mail internal, but no external mail is coming in. What have I overlooked?
oh - you can get your current ip address by going to www.cmyip.com from inside the same network the exchange server is on.
hopefully you received a static ip address from them, so it won't keep changing at random?
hopefully you received a static ip address from them, so it won't keep changing at random?
to see who is your dns host on the outside world:
start > run > cmd
nslookup
server 208.51.8.2
set q=ns
yourdomain.com
note the url of what comes back, like, blah.blah.networksolutions .com or something
go to www.dnsstuff.com and do a lookup for the last part of that result: networksolutions.com in this example
there will be phone numbers. or of course you could just go to their website too.
you would have had to pay them money at one point, so you should already have this info... just throwing it out there to be complete
start > run > cmd
nslookup
server 208.51.8.2
set q=ns
yourdomain.com
note the url of what comes back, like, blah.blah.networksolutions
go to www.dnsstuff.com and do a lookup for the last part of that result: networksolutions.com in this example
there will be phone numbers. or of course you could just go to their website too.
you would have had to pay them money at one point, so you should already have this info... just throwing it out there to be complete
while this next part doesnt affect incoming mail, it will help make sure other people don't reject your emails that you send to their servers...
have your new ISP create a reverse dns entry such that your MX server name (mail.you.com for example) reverses to your new ip address.
just call them and say "make me a reverse dns entry so my ip address resolves to mail.you.com" (or whatever your mx name is)
ok i'll shut up now
have your new ISP create a reverse dns entry such that your MX server name (mail.you.com for example) reverses to your new ip address.
just call them and say "make me a reverse dns entry so my ip address resolves to mail.you.com" (or whatever your mx name is)
ok i'll shut up now
Plus you need to configure your firewall with the new ip address of your exchange !!!
(if they have internet access, and didnt say the internal ip address changed, nothing else needs to be done on the router - nat still goes to the same ip address regardless of the internet provider)
ASKER
Thanks for the answers. I'm going to try and will update in a few.
ASKER
OK checked my DNS hosting and it all has been changed and looks correct. Only thing in question is I have a PTR entry that I'm not 100% sure about.
Do I change anything on the Exchange server?
Now I'm going to double check my firewall and see if I overlooked something on it.
Do I change anything on the Exchange server?
Now I'm going to double check my firewall and see if I overlooked something on it.
no you dont have to change the exchange server if all you did was change internet providers
did you follow my steps above about getting what the world thinks is your mail server via nslooup, and compare it to your current ip address?
if you want, you could just post the last part of an email address that should be going to your server... like @mydomain.com
if we know the domain name, and you know the current outside ip address, we can figure it out for you - but you are able to with my info above
did you follow my steps above about getting what the world thinks is your mail server via nslooup, and compare it to your current ip address?
if you want, you could just post the last part of an email address that should be going to your server... like @mydomain.com
if we know the domain name, and you know the current outside ip address, we can figure it out for you - but you are able to with my info above
ASKER
I followed your instructions and got ns2.us.editdns.net, ns3.us.editdns.net, ns1.us.editdns.net
They host my DNS. I contacted me and they told me to make some more changed to my domain register. I done that. I had email for about 2 mins and now it's gone again.
They host my DNS. I contacted me and they told me to make some more changed to my domain register. I done that. I had email for about 2 mins and now it's gone again.
ASKER
my domain name: bfasystems.com
ok so:
C:\Users\Valued Customer>nslookup
Default Server: ns1.myesuite.net
Address: 208.51.8.2
> set q=mx
> bfasystems.com
Server: ns1.myesuite.net
Address: 208.51.8.2
Non-authoritative answer:
bfasystems.com MX preference = 1, mail exchanger = mail.bfasystems.com
bfasystems.com nameserver = ns1.us.editdns.net
bfasystems.com nameserver = ns3.us.editdns.net
bfasystems.com nameserver = ns2.us.editdns.net
mail.bfasystems.com internet address = 64.89.121.18
ns2.us.editdns.net internet address = 91.186.15.45
ns3.us.editdns.net internet address = 64.251.8.112
ns1.us.editdns.net internet address = 64.251.8.112
> exit
telnet mail.bfasystems.com 25
220 barracuda.bfasystems.com ESMTP (67f9e9c18ba59e7bec4e75c47 914da76)
assuming your new outside ip address is 64.89.121.18, then you appear to have a barracuda spam filter. you might need to log into the barracuda device and inform it of your new outside ip address
i cant test sending mail into your server because administrator@ and postmaster@ don't exist (as per barracuda's response)
C:\Users\Valued Customer>nslookup
Default Server: ns1.myesuite.net
Address: 208.51.8.2
> set q=mx
> bfasystems.com
Server: ns1.myesuite.net
Address: 208.51.8.2
Non-authoritative answer:
bfasystems.com MX preference = 1, mail exchanger = mail.bfasystems.com
bfasystems.com nameserver = ns1.us.editdns.net
bfasystems.com nameserver = ns3.us.editdns.net
bfasystems.com nameserver = ns2.us.editdns.net
mail.bfasystems.com internet address = 64.89.121.18
ns2.us.editdns.net internet address = 91.186.15.45
ns3.us.editdns.net internet address = 64.251.8.112
ns1.us.editdns.net internet address = 64.251.8.112
> exit
telnet mail.bfasystems.com 25
220 barracuda.bfasystems.com ESMTP (67f9e9c18ba59e7bec4e75c47
assuming your new outside ip address is 64.89.121.18, then you appear to have a barracuda spam filter. you might need to log into the barracuda device and inform it of your new outside ip address
i cant test sending mail into your server because administrator@ and postmaster@ don't exist (as per barracuda's response)
if your mail server's outside ip address is not 64.89.121.18, then you need to contact editdns.net and tell them to change that "A" record to match your mail servers new outside ip address. you can get the current ip address by going to www.cmyip.com from the mail server
ASKER
yes i have a Barracuda spam filter. and yes 64.89.121.18 is the new outside IP. Let me check the spam filter and see what happens.
i see you just made some changes to the barracuda, it was offline for a minute, back up and responding very fast now. but it says info@bfasystems.com doesnt exist, so it's starting to look like a configuration change in the barracuda has to happen
(i found info@ on your website as a contact-us) your website is unresponsive, had to google cache it
(i found info@ on your website as a contact-us) your website is unresponsive, had to google cache it
ASKER
yeah when I changed the IP on editDNS i also lost my website which is the same IP as mail.
I reset the Barracuda so i'm waiting to see.
I reset the Barracuda so i'm waiting to see.
ASKER
The Barracuda is giving me this message now.
Your mail server is accepting invalid email. To improve the performance and accuracy of the Barracuda Spam & Virus Firewall, please configure your mail server to not accept email to invalid recipients and/or domains. You may also want to verify your LDAP server configuration.
Your mail server is accepting invalid email. To improve the performance and accuracy of the Barracuda Spam & Virus Firewall, please configure your mail server to not accept email to invalid recipients and/or domains. You may also want to verify your LDAP server configuration.
lets back up a second...
your barracuda, is it in your office behind the new internet connection?
and your exchange server is there too right?
where is your website hosted, near the mail server or a 3rd party host?
previously, did someone else accept mail on your behalf and then forward it to you, like a mailbag drop or something?
your barracuda LDAP configuration is where you can tell it your domain controller, domain username and domain password - that way it knows, live, which email addresses are valid. if it can't contact your domain controller, it can't look them up.
do your internal users have email addresses in active directory that end with @bfasystems.com ?
your barracuda, is it in your office behind the new internet connection?
and your exchange server is there too right?
where is your website hosted, near the mail server or a 3rd party host?
previously, did someone else accept mail on your behalf and then forward it to you, like a mailbag drop or something?
your barracuda LDAP configuration is where you can tell it your domain controller, domain username and domain password - that way it knows, live, which email addresses are valid. if it can't contact your domain controller, it can't look them up.
do your internal users have email addresses in active directory that end with @bfasystems.com ?
ASKER
Yes the barracuda is in the office behind the new connection and the exchange is her also.
As far as I know the website is hosted near mail server.
I'm not aware that anyone has accepted mail and forward it.
yes all users have AD email address that end @bfasystems.com
As far as I know the website is hosted near mail server.
I'm not aware that anyone has accepted mail and forward it.
yes all users have AD email address that end @bfasystems.com
ok so if your website is in the same place as the exchange server, then the website has a new ip address too... you'll have to have the dns guys update www.bfasystems.com to point to the new ip address too
take a look around the barracuda and verify the mail and domain settings look right
take a look around the barracuda and verify the mail and domain settings look right
ASKER
I see no where on the Barracuda where the external IP address goes.
I found some old notes ans before the IP's changed the mail and website had the same address. Is that possible?
I get a few email every now and then coming through. In the spam filter it keeps saying bad recipients.
I found some old notes ans before the IP's changed the mail and website had the same address. Is that possible?
I get a few email every now and then coming through. In the spam filter it keeps saying bad recipients.
ASKER
If I enter 64.89.121.18 I get the web page.
ASKER
could it be that the changes in IP just hasn't resolved ?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
oh - the only reason i can see an ip address for www.bfasystems.com is because the dns server i use has previously cached the address, but by tomorrow, the cached address will be stale, and when it tries to look it up again for a fresh answer from editdns.net, it won't get one because it looks like editdns.net deleted it
ASKER
OK I made some changes with editdns and now it's just a waiting game. I'm starting to think my Barracuda has went bad. It is rejecting almost everything.
i doubt the barracuda went bad the same time you changed your internet provider, probably just have to have some settings in there changed
if you can get me the model/version of your barracuda i can get the instructions... or if you have support with barracuda, they can help you blow up the config and redo it
if you can get me the model/version of your barracuda i can get the instructions... or if you have support with barracuda, they can help you blow up the config and redo it
ASKER
Firmware v4.0.1.009 (2009-10-28 15:32:52)
Model: 300
Take a stab at it. I've tried everything short of resetting and starting over new.
Thanks so much for all the help. You've been a lifesaver.
Model: 300
Take a stab at it. I've tried everything short of resetting and starting over new.
Thanks so much for all the help. You've been a lifesaver.
(write down any settings you change, in case you need to revert back)
ok in the barracuda config > basic > ip config, there's a thing for 'destination mail server'... in there, put in the inside ip address of your exchange server
in that same screen, it shows tcp/ip configuration - are these internal ip addresses or external, on your barracuda?
in the same screen, it has entries for what dns server to use - put in the internal dns server on your network for primary, and any random outside dns server for secondary
in the same screen, you should have 'allowed email recipients', put in in just one asterisk (*)
save those changes and lets see what happens
ok in the barracuda config > basic > ip config, there's a thing for 'destination mail server'... in there, put in the inside ip address of your exchange server
in that same screen, it shows tcp/ip configuration - are these internal ip addresses or external, on your barracuda?
in the same screen, it has entries for what dns server to use - put in the internal dns server on your network for primary, and any random outside dns server for secondary
in the same screen, you should have 'allowed email recipients', put in in just one asterisk (*)
save those changes and lets see what happens
ASKER
tcp/ip config is internal addresses.
OK i changed the DNS .... the secondary DNS was set to another internal server.
I'm not seeing the allowed email recipients on the ip config screen.
OK i changed the DNS .... the secondary DNS was set to another internal server.
I'm not seeing the allowed email recipients on the ip config screen.
here's the admin guide i was looking at, page 20, step 3 is what calls for it
http://www.google.com/url?sa=t&source=web&ct=res&cd=4&ved=0CBwQFjAD&url=http%3A%2F%2Fwww.securicore.ca%2Fantispam%2Fdatasheets%2Fbarracuda_spam_admin_guide.pdf&rct=j&q=barracuda+300+admin+guide&ei=llDDS-jnBYL78Ab-94mtAw&usg=AFQjCNFeZ_svJO7txcg2cfgLS_pgfrkU9g
and on page 65 is how to configure it to talk to your server to see which email addresses are valid
http://www.google.com/url?sa=t&source=web&ct=res&cd=4&ved=0CBwQFjAD&url=http%3A%2F%2Fwww.securicore.ca%2Fantispam%2Fdatasheets%2Fbarracuda_spam_admin_guide.pdf&rct=j&q=barracuda+300+admin+guide&ei=llDDS-jnBYL78Ab-94mtAw&usg=AFQjCNFeZ_svJO7txcg2cfgLS_pgfrkU9g
and on page 65 is how to configure it to talk to your server to see which email addresses are valid
ASKER
believe it or not I think email is finally working correctly. Now I just got to wait on the web page to start. Hopefully it will be good by tomorrow.
ASKER
Thanks for all the great help. You have been a lifesaver.
what did you just change to make it work?
i currently see:
mail.bfasystems.com = 64.89.121.18
www.bfasystems.com = 64.89.121.18
if you host your own website, i think you need to check your firewall and forward (NAT) port 80 over to your web server...
it looks like the dns is complete now, but, still no website
i currently see:
mail.bfasystems.com = 64.89.121.18
www.bfasystems.com = 64.89.121.18
if you host your own website, i think you need to check your firewall and forward (NAT) port 80 over to your web server...
it looks like the dns is complete now, but, still no website
update:
if i go to http://64.89.121.18/
i see your website perfectly
which means, you do have your port forwarded properly, but in IIS you should double check your header value for this site... make sure you have www.bfasystems.com in here:
start > programs > admin tools > iis manager
server > web sites > (your web site)
right-click the site, properties
advanced (button on the web site tab)
add (button under the top box)
all unassigned / port 80 / header value = www.bfasystems.com
ok, ok, ok, restart the web site
(right click the site, stop. right click again, start)
if i go to http://64.89.121.18/
i see your website perfectly
which means, you do have your port forwarded properly, but in IIS you should double check your header value for this site... make sure you have www.bfasystems.com in here:
start > programs > admin tools > iis manager
server > web sites > (your web site)
right-click the site, properties
advanced (button on the web site tab)
add (button under the top box)
all unassigned / port 80 / header value = www.bfasystems.com
ok, ok, ok, restart the web site
(right click the site, stop. right click again, start)
ASKER
Yeah website is back up and running. Only thing I'm having issues with is my webmail.
ok, what's the address you enter for webmail?
mail.bfasystems.com/exchan ge ?
if so, it seems that site in IIS is stopped, or terribly misconfigured
mail.bfasystems.com/exchan
if so, it seems that site in IIS is stopped, or terribly misconfigured
please contact alanhardisty here, he's the god of OWA as far as i'm concerned:
https://www.experts-exchange.com/M_4926565.html
https://www.experts-exchange.com/M_4926565.html
ASKER
OK thanks
first, your SSL certificate isn't really valid:
mail.bfasystems.com uses an invalid security certificate.
The certificate is not trusted because the issuer certificate is unknown.
The certificate expired on 7/8/2009 10:44 AM.
(Error code: sec_error_unknown_issuer)
it expired on 7/8/2009
if i accept it anyway, i get a login prompt... so at least the flow is correct, just have to deal with the security certificate
mail.bfasystems.com uses an invalid security certificate.
The certificate is not trusted because the issuer certificate is unknown.
The certificate expired on 7/8/2009 10:44 AM.
(Error code: sec_error_unknown_issuer)
it expired on 7/8/2009
if i accept it anyway, i get a login prompt... so at least the flow is correct, just have to deal with the security certificate
ASKER
from my end i can't even hit the site. It times out.
from inside or outside of your network? i'm outside obviously, and i hit http://mail.bfasystems.com, it then redirects me to https://mail.bfasystems.com/exchange
notice the differences between http and https there
that explains the security certificate problem... and you don't need to fix it... here's why:
your webmail is perfectly healthy at https://mail.bfasystems.com/exchange
your forwarder on 'default web site' is what breaks it... just go to the address above, https, and it works fine
notice the differences between http and https there
that explains the security certificate problem... and you don't need to fix it... here's why:
your webmail is perfectly healthy at https://mail.bfasystems.com/exchange
your forwarder on 'default web site' is what breaks it... just go to the address above, https, and it works fine
ASKER
Your link timed out on my end. I'm inside the network, but others at our off site locations time out also.
i gota run to work, check with alanhardisty he can take it from here - i'll continue to watch but won't be able to post until about 10 hours
ASKER
never get to login prompt.
I just had another off site person try and he also timed out.
I just had another off site person try and he also timed out.
ASKER
OK thanks
i cant understand how i see it and they dont...
from the outside world, if they ping mail.bfasystems.com
do they get the ip address 64.89.121.18
?
if not, their dns server didnt update yet, or has it wrong... or they have a hard-coded resolver to a wrong ip address (their own local dns server or their own hosts file in c:\windows\system32\driver s\etc\host s )
if they do get that ip address, i'm stumped... because that's what i get and it works
from the outside world, if they ping mail.bfasystems.com
do they get the ip address 64.89.121.18
?
if not, their dns server didnt update yet, or has it wrong... or they have a hard-coded resolver to a wrong ip address (their own local dns server or their own hosts file in c:\windows\system32\driver
if they do get that ip address, i'm stumped... because that's what i get and it works
ASKER
Ok I'm going to have one of them check.
I just had someone at home check and it worked there also.
I just had someone at home check and it worked there also.
ASKER
OK inside my network I ping mail.bfasystems.com and I get the old IP address
Had another person check it from another location and it worked fine for her.
So I'd say it's a DNS server issue.
Had another person check it from another location and it worked fine for her.
So I'd say it's a DNS server issue.
ex:
MX = mail.you.com (stays the same)
A: mail.you.com = old.ip.addy.here (needs to get the new ip address)