Exchange and no incoming mail

you should check with your dns provider on the outside world, and update your A record for your MX record

ex:
MX = mail.you.com  (stays the same)
A:  mail.you.com = old.ip.addy.here   (needs to get the new ip address)

oh - you can get your current ip address by going to www.cmyip.com from inside the same network the exchange server is on.

hopefully you received a static ip address from them, so it won't keep changing at random?

to see who is your dns host on the outside world:

start > run > cmd
nslookup
server 208.51.8.2
set q=ns
yourdomain.com

note the url of what comes back, like, blah.blah.networksolutions.com or something

go to www.dnsstuff.com  and do a lookup for the last part of that result:  networksolutions.com  in this example
there will be phone numbers.  or of course you could just go to their website too.

you would have had to pay them money at one point, so you should already have this info... just throwing it out there to be complete

while this next part doesnt affect incoming mail, it will help make sure other people don't reject your emails that you send to their servers...

have your new ISP create a reverse dns entry such that your MX server name (mail.you.com for example) reverses to your new ip address.

just call them and say "make me a reverse dns entry so my ip address resolves to mail.you.com"  (or whatever your mx name is)

ok i'll shut up now

Plus you need to configure your firewall with the new ip address of your exchange !!!

(if they have internet access, and didnt say the internal ip address changed, nothing else needs to be done on the router - nat still goes to the same ip address regardless of the internet provider)

Thanks for the answers. I'm going to try and will update in a few.

OK checked my DNS hosting and it all has been changed and looks correct. Only thing in question is I have a PTR entry that I'm not 100% sure about.

Do I change anything on the Exchange server?

Now I'm going to double check my firewall and see if I overlooked something on it.

no you dont have to change the exchange server if all you did was change internet providers

did you follow my steps above about getting what the world thinks is your mail server via nslooup, and compare it to your current ip address?

if you want, you could just post the last part of an email address that should be going to your server... like @mydomain.com

if we know the domain name, and you know the current outside ip address, we can figure it out for you - but you are able to with my info above

I followed your instructions and got ns2.us.editdns.net, ns3.us.editdns.net, ns1.us.editdns.net

They host my DNS. I contacted me and they told me to make some more changed to my domain register. I done that. I had email for about 2 mins and now it's gone again.

my domain name: bfasystems.com

ok so:
C:\Users\Valued Customer>nslookup
Default Server:  ns1.myesuite.net
Address:  208.51.8.2

> set q=mx
> bfasystems.com
Server:  ns1.myesuite.net
Address:  208.51.8.2

Non-authoritative answer:
bfasystems.com  MX preference = 1, mail exchanger = mail.bfasystems.com

bfasystems.com  nameserver = ns1.us.editdns.net
bfasystems.com  nameserver = ns3.us.editdns.net
bfasystems.com  nameserver = ns2.us.editdns.net
mail.bfasystems.com     internet address = 64.89.121.18
ns2.us.editdns.net      internet address = 91.186.15.45
ns3.us.editdns.net      internet address = 64.251.8.112
ns1.us.editdns.net      internet address = 64.251.8.112
> exit

telnet mail.bfasystems.com 25
220 barracuda.bfasystems.com ESMTP (67f9e9c18ba59e7bec4e75c47914da76)

assuming your new outside ip address is 64.89.121.18, then you appear to have a barracuda spam filter.  you might need to log into the barracuda device and inform it of your new outside ip address

i cant test sending mail into your server because administrator@ and postmaster@ don't exist (as per barracuda's response)

if your mail server's outside ip address is not 64.89.121.18, then you need to contact editdns.net and tell them to change that "A" record to match your mail servers new outside ip address.  you can get the current ip address by going to www.cmyip.com from the mail server

yes i have a Barracuda spam filter. and yes 64.89.121.18 is the new outside IP. Let me check the spam filter and see what happens.

i see you just made some changes to the barracuda, it was offline for a minute, back up and responding very fast now.  but it says info@bfasystems.com doesnt exist, so it's starting to look like a configuration change in the barracuda has to happen
(i found info@ on your website as a contact-us) your website is unresponsive, had to google cache it

yeah when I changed the IP on editDNS i also lost my website which is the same IP as mail.

I reset the Barracuda so i'm waiting to see.

The Barracuda is giving me this message now.

 Your mail server is accepting invalid email. To improve the performance and accuracy of the Barracuda Spam & Virus Firewall, please configure your mail server to not accept email to invalid recipients and/or domains. You may also want to verify your LDAP server configuration.    

lets back up a second...

your barracuda, is it in your office behind the new internet connection?

and your exchange server is there too right?

where is your website hosted, near the mail server or a 3rd party host?

previously, did someone else accept mail on your behalf and then forward it to you, like a mailbag drop or something?

your barracuda LDAP configuration is where you can tell it your domain controller, domain username and domain password - that way it knows, live, which email addresses are valid.  if it can't contact your domain controller, it can't look them up.

do your internal users have email addresses in active directory that end with @bfasystems.com ?

Yes the barracuda is in the office behind the new connection and the exchange is her also.

As far as I know the website is hosted near mail server.

I'm not aware that anyone has accepted mail and forward it.

yes all users have AD email address that end @bfasystems.com

ok so if your website is in the same place as the exchange server, then the website has a new ip address too... you'll have to have the dns guys update www.bfasystems.com to point to the new ip address too

take a look around the barracuda and verify the mail and domain settings look right

I see no where on the Barracuda where the external IP address goes.

I found some old notes ans before the IP's changed the mail and website had the same address. Is that possible?

I get a few email every now and then coming through. In the spam filter it keeps saying bad recipients.

If I enter 64.89.121.18 I get the web page.

could it be that the changes in IP just hasn't resolved ?

oh - the only reason i can see an ip address for www.bfasystems.com is because the dns server i use has previously cached the address, but by tomorrow, the cached address will be stale, and when it tries to look it up again for a fresh answer from editdns.net, it won't get one because it looks like editdns.net deleted it

OK I made some changes with editdns and now it's just a waiting game. I'm starting to think my Barracuda has went bad. It is rejecting almost everything.

i doubt the barracuda went bad the same time you changed your internet provider, probably just have to have some settings in there changed

if you can get me the model/version of your barracuda i can get the instructions... or if you have support with barracuda, they can help you blow up the config and redo it

Firmware v4.0.1.009 (2009-10-28 15:32:52)
Model: 300

Take a stab at it. I've tried everything short of resetting and starting over new.

Thanks so much for all the help. You've been a lifesaver.

(write down any settings you change, in case you need to revert back)

ok in the barracuda config > basic > ip config, there's a thing for 'destination mail server'... in there, put in the inside ip address of your exchange server

in that same screen, it shows tcp/ip configuration - are these internal ip addresses or external, on your barracuda?

in the same screen, it has entries for what dns server to use - put in the internal dns server on your network for primary, and any random outside dns server for secondary

in the same screen, you should have 'allowed email recipients', put in in just one asterisk (*)

save those changes and lets see what happens

tcp/ip config is internal addresses.

OK i changed the DNS .... the secondary DNS was set to another internal server.

I'm not seeing the allowed email recipients on the ip config screen.

here's the admin guide i was looking at, page 20, step 3 is what calls for it
http://www.google.com/url?sa=t&source=web&ct=res&cd=4&ved=0CBwQFjAD&url=http%3A%2F%2Fwww.securicore.ca%2Fantispam%2Fdatasheets%2Fbarracuda_spam_admin_guide.pdf&rct=j&q=barracuda+300+admin+guide&ei=llDDS-jnBYL78Ab-94mtAw&usg=AFQjCNFeZ_svJO7txcg2cfgLS_pgfrkU9g

and on page 65 is how to configure it to talk to your server to see which email addresses are valid

believe it or not I think email is finally working correctly. Now I just got to wait on the web page to start. Hopefully it will be good by tomorrow.

Thanks for all the great help. You have been a lifesaver.

what did you just change to make it work?

i currently see:
mail.bfasystems.com = 64.89.121.18
www.bfasystems.com = 64.89.121.18

if you host your own website, i think you need to check your firewall and forward (NAT) port 80 over to your web server...

it looks like the dns is complete now, but, still no website

update:
if i go to http://64.89.121.18/
i see your website perfectly

which means, you do have your port forwarded properly, but in IIS you should double check your header value for this site... make sure you have www.bfasystems.com  in here:
start > programs > admin tools > iis manager
server > web sites > (your web site)
right-click the site, properties
advanced (button on the web site tab)
add (button under the top box)
all unassigned / port 80 / header value = www.bfasystems.com
ok, ok, ok, restart the web site
(right click the site, stop.  right click again, start)

Yeah website is back up and running. Only thing I'm having issues with is my webmail.

ok, what's the address you enter for webmail?

mail.bfasystems.com/exchange ?

if so, it seems that site in IIS is stopped, or terribly misconfigured

https://mail.bfasystems.com

please contact alanhardisty here, he's the god of OWA as far as i'm concerned:
https://www.experts-exchange.com/M_4926565.html

OK thanks

first, your SSL certificate isn't really valid:
mail.bfasystems.com uses an invalid security certificate.

The certificate is not trusted because the issuer certificate is unknown.
The certificate expired on 7/8/2009 10:44 AM.

(Error code: sec_error_unknown_issuer)

it expired on 7/8/2009

if i accept it anyway, i get a login prompt... so at least the flow is correct, just have to deal with the security certificate

from my end i can't even hit the site. It times out.

from inside or outside of your network?  i'm outside obviously, and i hit http://mail.bfasystems.com, it then redirects me to https://mail.bfasystems.com/exchange

notice the differences between http and https there

that explains the security certificate problem... and you don't need to fix it... here's why:

your webmail is perfectly healthy at https://mail.bfasystems.com/exchange

your forwarder on 'default web site' is what breaks it... just go to the address above, https, and it works fine

Your link timed out on my end. I'm inside the network, but others at our off site locations time out also.

is it timing out after the login prompt?  i get the login prompt instantly


bfasys.jpg

i gota run to work, check with alanhardisty he can take it from here - i'll continue to watch but won't be able to post until about 10 hours

never get to login prompt.

I just had another off site person try and he also timed out.

OK thanks

i cant understand how i see it and they dont...

from the outside world, if they ping mail.bfasystems.com
do they get the ip address 64.89.121.18
?

if not, their dns server didnt update yet, or has it wrong...  or they have a hard-coded resolver to a wrong ip address (their own local dns server or their own hosts file in c:\windows\system32\drivers\etc\hosts )

if they do get that ip address, i'm stumped... because that's what i get and it works

Ok I'm going to have one of them check.

I just had someone at home check and it worked there also.

OK inside my network I ping mail.bfasystems.com and I get the old IP address

Had another person check it from another location and it worked fine for her.

So I'd say it's a DNS server issue.