Exchange and no incoming mail

I changed ISP today and everything seems to be working right except my incoming mail. I can send mail internal and external. I can receive mail internal, but no external mail is coming in. What have I overlooked?
jeaniaAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

B HCommented:
you should check with your dns provider on the outside world, and update your A record for your MX record

ex:
MX = mail.you.com  (stays the same)
A:  mail.you.com = old.ip.addy.here   (needs to get the new ip address)
0
B HCommented:
oh - you can get your current ip address by going to www.cmyip.com from inside the same network the exchange server is on.

hopefully you received a static ip address from them, so it won't keep changing at random?

0
B HCommented:
to see who is your dns host on the outside world:

start > run > cmd
nslookup
server 208.51.8.2
set q=ns
yourdomain.com

note the url of what comes back, like, blah.blah.networksolutions.com or something

go to www.dnsstuff.com  and do a lookup for the last part of that result:  networksolutions.com  in this example
there will be phone numbers.  or of course you could just go to their website too.

you would have had to pay them money at one point, so you should already have this info... just throwing it out there to be complete
0
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

B HCommented:
while this next part doesnt affect incoming mail, it will help make sure other people don't reject your emails that you send to their servers...

have your new ISP create a reverse dns entry such that your MX server name (mail.you.com for example) reverses to your new ip address.

just call them and say "make me a reverse dns entry so my ip address resolves to mail.you.com"  (or whatever your mx name is)

ok i'll shut up now
0
TimorosCommented:
Plus you need to configure your firewall with the new ip address of your exchange !!!
0
B HCommented:
(if they have internet access, and didnt say the internal ip address changed, nothing else needs to be done on the router - nat still goes to the same ip address regardless of the internet provider)
0
jeaniaAuthor Commented:
Thanks for the answers. I'm going to try and will update in a few.
0
jeaniaAuthor Commented:
OK checked my DNS hosting and it all has been changed and looks correct. Only thing in question is I have a PTR entry that I'm not 100% sure about.

Do I change anything on the Exchange server?

Now I'm going to double check my firewall and see if I overlooked something on it.
0
B HCommented:
no you dont have to change the exchange server if all you did was change internet providers

did you follow my steps above about getting what the world thinks is your mail server via nslooup, and compare it to your current ip address?

if you want, you could just post the last part of an email address that should be going to your server... like @mydomain.com

if we know the domain name, and you know the current outside ip address, we can figure it out for you - but you are able to with my info above
0
jeaniaAuthor Commented:
I followed your instructions and got ns2.us.editdns.net, ns3.us.editdns.net, ns1.us.editdns.net

They host my DNS. I contacted me and they told me to make some more changed to my domain register. I done that. I had email for about 2 mins and now it's gone again.
0
jeaniaAuthor Commented:
my domain name: bfasystems.com
0
B HCommented:
ok so:
C:\Users\Valued Customer>nslookup
Default Server:  ns1.myesuite.net
Address:  208.51.8.2

> set q=mx
> bfasystems.com
Server:  ns1.myesuite.net
Address:  208.51.8.2

Non-authoritative answer:
bfasystems.com  MX preference = 1, mail exchanger = mail.bfasystems.com

bfasystems.com  nameserver = ns1.us.editdns.net
bfasystems.com  nameserver = ns3.us.editdns.net
bfasystems.com  nameserver = ns2.us.editdns.net
mail.bfasystems.com     internet address = 64.89.121.18
ns2.us.editdns.net      internet address = 91.186.15.45
ns3.us.editdns.net      internet address = 64.251.8.112
ns1.us.editdns.net      internet address = 64.251.8.112
> exit

telnet mail.bfasystems.com 25
220 barracuda.bfasystems.com ESMTP (67f9e9c18ba59e7bec4e75c47914da76)

assuming your new outside ip address is 64.89.121.18, then you appear to have a barracuda spam filter.  you might need to log into the barracuda device and inform it of your new outside ip address

i cant test sending mail into your server because administrator@ and postmaster@ don't exist (as per barracuda's response)
0
B HCommented:
if your mail server's outside ip address is not 64.89.121.18, then you need to contact editdns.net and tell them to change that "A" record to match your mail servers new outside ip address.  you can get the current ip address by going to www.cmyip.com from the mail server
0
jeaniaAuthor Commented:
yes i have a Barracuda spam filter. and yes 64.89.121.18 is the new outside IP. Let me check the spam filter and see what happens.
0
B HCommented:
i see you just made some changes to the barracuda, it was offline for a minute, back up and responding very fast now.  but it says info@bfasystems.com doesnt exist, so it's starting to look like a configuration change in the barracuda has to happen
(i found info@ on your website as a contact-us) your website is unresponsive, had to google cache it
0
jeaniaAuthor Commented:
yeah when I changed the IP on editDNS i also lost my website which is the same IP as mail.

I reset the Barracuda so i'm waiting to see.
0
jeaniaAuthor Commented:
The Barracuda is giving me this message now.

 Your mail server is accepting invalid email. To improve the performance and accuracy of the Barracuda Spam & Virus Firewall, please configure your mail server to not accept email to invalid recipients and/or domains. You may also want to verify your LDAP server configuration.    
0
B HCommented:
lets back up a second...

your barracuda, is it in your office behind the new internet connection?

and your exchange server is there too right?

where is your website hosted, near the mail server or a 3rd party host?

previously, did someone else accept mail on your behalf and then forward it to you, like a mailbag drop or something?

your barracuda LDAP configuration is where you can tell it your domain controller, domain username and domain password - that way it knows, live, which email addresses are valid.  if it can't contact your domain controller, it can't look them up.

do your internal users have email addresses in active directory that end with @bfasystems.com ?
0
jeaniaAuthor Commented:
Yes the barracuda is in the office behind the new connection and the exchange is her also.

As far as I know the website is hosted near mail server.

I'm not aware that anyone has accepted mail and forward it.

yes all users have AD email address that end @bfasystems.com
0
B HCommented:
ok so if your website is in the same place as the exchange server, then the website has a new ip address too... you'll have to have the dns guys update www.bfasystems.com to point to the new ip address too

take a look around the barracuda and verify the mail and domain settings look right

0
jeaniaAuthor Commented:
I see no where on the Barracuda where the external IP address goes.

I found some old notes ans before the IP's changed the mail and website had the same address. Is that possible?

I get a few email every now and then coming through. In the spam filter it keeps saying bad recipients.
0
jeaniaAuthor Commented:
If I enter 64.89.121.18 I get the web page.
0
jeaniaAuthor Commented:
could it be that the changes in IP just hasn't resolved ?
0
B HCommented:
your mail and website could have the same ip address - if you host both of them in your building yes.

right now, www.bfasystems.com points to 216.180.46.121.
right now, mail.bfasystems.com points to 64.89.121.18

there are some problems with your dns host, they dont have things set up properly.

i'll explain, and then you might want to ask your dns provider what's going on based on the comments after what i paste here:


in the code snippet:

i check a random dns server, and say "who is responsible for bfasystems.com?"
it tells me "ns3.us.editdns.net, ns1.us.editdns.net, and ns2.us.editdns.net are responsible for it"

i go to ns3.us.editdns.net and say "where is www.bfasystems.com?"
it tells me "i don't know pal, go ask root-servers.net"
(root-servers.net are in charge of all things dot com)
root-servers.net says "i dont know, go ask editdns, they're responsible for it"...

based on that - editdns.net does NOT have a www record for you, they need to add this:
A: www.bfasystems.com = 64.89.121.18

further, ns1.us.editdns.net and ns2.us.editdns.net don't exist, or are not answering up for dns resolution.

that's for your WWW problem.

for your mail problem, we have to figure out why your barracuda thinks everything is an invalid recipient... can you tell me what's running the barracuda software?  is it a hardware device, if so, is there a model number?  what version of the barracuda software is it?

with that info i can go get the directions to make sure it works ok.

did your inside ip address of your mail server change?  did you change the password which the barracuda authenticates with?  as it stands, the barracuda isn't able to look at your server and see which email addresses are valid, so it assumes nothing is valid.

C:\Users\Valued Customer>nslookup
Default Server:  ns1.myesuite.net
Address:  208.51.8.2

> set q=ns
> bfasystems.com
Server:  ns1.myesuite.net
Address:  208.51.8.2

Non-authoritative answer:
bfasystems.com  nameserver = ns3.us.editdns.net
bfasystems.com  nameserver = ns1.us.editdns.net
bfasystems.com  nameserver = ns2.us.editdns.net
> server ns3.us.editdns.net
Default Server:  ns3.us.editdns.net
Address:  64.251.8.112

> www.bfasystems.com
Server:  ns3.us.editdns.net
Address:  64.251.8.112

(root)  nameserver = L.ROOT-SERVERS.NET
(root)  nameserver = M.ROOT-SERVERS.NET
(root)  nameserver = A.ROOT-SERVERS.NET
(root)  nameserver = B.ROOT-SERVERS.NET
(root)  nameserver = C.ROOT-SERVERS.NET
(root)  nameserver = D.ROOT-SERVERS.NET
(root)  nameserver = E.ROOT-SERVERS.NET
(root)  nameserver = F.ROOT-SERVERS.NET
(root)  nameserver = G.ROOT-SERVERS.NET
(root)  nameserver = H.ROOT-SERVERS.NET
(root)  nameserver = I.ROOT-SERVERS.NET
(root)  nameserver = J.ROOT-SERVERS.NET
(root)  nameserver = K.ROOT-SERVERS.NET
> server ns1.us.editdns.net
*** Can't find address for server ns1.us.editdns.net: Non-authoritative answer
> server ns2.us.editdns.net
*** Can't find address for server ns2.us.editdns.net: Non-authoritative answer
> exit

C:\Users\Valued Customer>ping mail.bfasystems.com

Pinging mail.bfasystems.com [64.89.121.18] with 32 bytes of data:

Open in new window

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
B HCommented:
oh - the only reason i can see an ip address for www.bfasystems.com is because the dns server i use has previously cached the address, but by tomorrow, the cached address will be stale, and when it tries to look it up again for a fresh answer from editdns.net, it won't get one because it looks like editdns.net deleted it
0
jeaniaAuthor Commented:
OK I made some changes with editdns and now it's just a waiting game. I'm starting to think my Barracuda has went bad. It is rejecting almost everything.
0
B HCommented:
i doubt the barracuda went bad the same time you changed your internet provider, probably just have to have some settings in there changed

if you can get me the model/version of your barracuda i can get the instructions... or if you have support with barracuda, they can help you blow up the config and redo it
0
jeaniaAuthor Commented:
Firmware v4.0.1.009 (2009-10-28 15:32:52)
Model: 300

Take a stab at it. I've tried everything short of resetting and starting over new.

Thanks so much for all the help. You've been a lifesaver.
0
B HCommented:
(write down any settings you change, in case you need to revert back)

ok in the barracuda config > basic > ip config, there's a thing for 'destination mail server'... in there, put in the inside ip address of your exchange server

in that same screen, it shows tcp/ip configuration - are these internal ip addresses or external, on your barracuda?

in the same screen, it has entries for what dns server to use - put in the internal dns server on your network for primary, and any random outside dns server for secondary

in the same screen, you should have 'allowed email recipients', put in in just one asterisk (*)

save those changes and lets see what happens

0
jeaniaAuthor Commented:
tcp/ip config is internal addresses.

OK i changed the DNS .... the secondary DNS was set to another internal server.

I'm not seeing the allowed email recipients on the ip config screen.

0
B HCommented:
here's the admin guide i was looking at, page 20, step 3 is what calls for it
http://www.google.com/url?sa=t&source=web&ct=res&cd=4&ved=0CBwQFjAD&url=http%3A%2F%2Fwww.securicore.ca%2Fantispam%2Fdatasheets%2Fbarracuda_spam_admin_guide.pdf&rct=j&q=barracuda+300+admin+guide&ei=llDDS-jnBYL78Ab-94mtAw&usg=AFQjCNFeZ_svJO7txcg2cfgLS_pgfrkU9g

and on page 65 is how to configure it to talk to your server to see which email addresses are valid
0
jeaniaAuthor Commented:
believe it or not I think email is finally working correctly. Now I just got to wait on the web page to start. Hopefully it will be good by tomorrow.
0
jeaniaAuthor Commented:
Thanks for all the great help. You have been a lifesaver.
0
B HCommented:
what did you just change to make it work?

i currently see:
mail.bfasystems.com = 64.89.121.18
www.bfasystems.com = 64.89.121.18

if you host your own website, i think you need to check your firewall and forward (NAT) port 80 over to your web server...

it looks like the dns is complete now, but, still no website
0
B HCommented:
update:
if i go to http://64.89.121.18/
i see your website perfectly

which means, you do have your port forwarded properly, but in IIS you should double check your header value for this site... make sure you have www.bfasystems.com  in here:
start > programs > admin tools > iis manager
server > web sites > (your web site)
right-click the site, properties
advanced (button on the web site tab)
add (button under the top box)
all unassigned / port 80 / header value = www.bfasystems.com
ok, ok, ok, restart the web site
(right click the site, stop.  right click again, start)
0
jeaniaAuthor Commented:
Yeah website is back up and running. Only thing I'm having issues with is my webmail.
0
B HCommented:
ok, what's the address you enter for webmail?

mail.bfasystems.com/exchange ?

if so, it seems that site in IIS is stopped, or terribly misconfigured

0
jeaniaAuthor Commented:
0
B HCommented:
please contact alanhardisty here, he's the god of OWA as far as i'm concerned:
http://www.experts-exchange.com/M_4926565.html
0
jeaniaAuthor Commented:
OK thanks
0
B HCommented:
first, your SSL certificate isn't really valid:
mail.bfasystems.com uses an invalid security certificate.

The certificate is not trusted because the issuer certificate is unknown.
The certificate expired on 7/8/2009 10:44 AM.

(Error code: sec_error_unknown_issuer)

it expired on 7/8/2009

if i accept it anyway, i get a login prompt... so at least the flow is correct, just have to deal with the security certificate
0
jeaniaAuthor Commented:
from my end i can't even hit the site. It times out.
0
B HCommented:
from inside or outside of your network?  i'm outside obviously, and i hit http://mail.bfasystems.com, it then redirects me to https://mail.bfasystems.com/exchange

notice the differences between http and https there

that explains the security certificate problem... and you don't need to fix it... here's why:

your webmail is perfectly healthy at https://mail.bfasystems.com/exchange

your forwarder on 'default web site' is what breaks it... just go to the address above, https, and it works fine
0
jeaniaAuthor Commented:
Your link timed out on my end. I'm inside the network, but others at our off site locations time out also.
0
B HCommented:
is it timing out after the login prompt?  i get the login prompt instantly


bfasys.jpg
0
B HCommented:
i gota run to work, check with alanhardisty he can take it from here - i'll continue to watch but won't be able to post until about 10 hours
0
jeaniaAuthor Commented:
never get to login prompt.

I just had another off site person try and he also timed out.
0
jeaniaAuthor Commented:
OK thanks
0
B HCommented:
i cant understand how i see it and they dont...

from the outside world, if they ping mail.bfasystems.com
do they get the ip address 64.89.121.18
?

if not, their dns server didnt update yet, or has it wrong...  or they have a hard-coded resolver to a wrong ip address (their own local dns server or their own hosts file in c:\windows\system32\drivers\etc\hosts )

if they do get that ip address, i'm stumped... because that's what i get and it works
0
jeaniaAuthor Commented:
Ok I'm going to have one of them check.

I just had someone at home check and it worked there also.
0
jeaniaAuthor Commented:
OK inside my network I ping mail.bfasystems.com and I get the old IP address

Had another person check it from another location and it worked fine for her.

So I'd say it's a DNS server issue.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.