SBS2003 POP and SMTP won't work after MX and DNS changes

I got a customer with system i didn't install that had a lot of problems including listing in RBLs, performance problems, connectors problems and more.
I already solved most of the problems and my current (and hopefully the last one) is the usage of POP and SMTP accounts using this server.
In the office I don't have any problems sending and receiving as all clients are using outlook connected to the exchange.
Problem is with the external users using POP and SMTP.

checking with nslookup form the server, client in the office or external client I get the same results:
Non-authoritative answer:
sybilgroup.com
        primary name server = ns1.dnsexit.com
        responsible mail addr = admin.netdorm.com
        serial  = 2000060701
        refresh = 14400 (4 hours)
        retry   = 2400 (40 mins)
        expire  = 604800 (7 days)
        default TTL = 1200 (20 mins)
sybilgroup.com  nameserver = ns3.dnsexit.com
sybilgroup.com  nameserver = ns4.dnsexit.com
sybilgroup.com  nameserver = ns1.dnsexit.com
sybilgroup.com  nameserver = ns2.dnsexit.com
sybilgroup.com  MX preference = 5, mail exchanger = mail.sybilgroup.com
sybilgroup.com  MX preference = 5, mail exchanger = sybilgroup.com
sybilgroup.com  internet address = 62.90.151.119

I configured an outlook account with POP and SMTP = sybilgroup.com.
SMTP requires authentication is check.

POP3 is working and external users can get emails but not send.

when performing test send i get popup for username and password.

what I'm missing? something in the exchange settings? or maybe the DNS settings?

Thanks.

LVL 3
OrenRozenAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Justin OwensITIL Problem ManagerCommented:
When you say "external user", how are they connecting to and authenticating against the domain (VPN, dial up, etc)?  If they are not, then do you have your local firewall set up to forward SMTP requests to your Exchange box?
Justin
0
davorinCommented:
It is not DNS settings problem. (You canb check that using telnet to server using port 25 - SMTP and 110 - POP3.
Do you have SMTP virtual server properly configured. (Accept mail from LAN and authentificated users)

Do you really need to use SMTP and POP3 for outside users? Why don't you use RCP over HTTP?
0
davorinCommented:
You can also use www.mxtoolbox.com web site to check if SMTP is configured fine.
0
IT Pros Agree: AI and Machine Learning Key

We’d all like to think our company’s data is well protected, but when you ask IT professionals they admit the data probably is not as safe as it could be.

B HCommented:
for your usernames, try domain\username
0
B HCommented:
also, outbound port 25 might be blocked by the internet provider the external person is connected to.  att/sbc/yahoo (whatever their name is this week) routinely block this port and force people to use the ISP smtp server.

you can get around this by configuring your exchange smtp to also listen on an additional port, such as 2525, then tell the client mail programs to use outbound port 2525
(and forward 2525 in your firewall too)
0
B HCommented:
your smtp server is answering up as:
220 server2003.sybil-h.local Microsoft ESMTP MAIL Service, Version: 6.0.3790.3959 ready at  Mon, 12 Apr 2010 20:02:36 +0300

you might want to change your outbound settings to reflect mail.sybilgroup.com, so it is a valid HELO domain, else you might be rejected by certain receiving servers (no valid helo domain)
0
OrenRozenAuthor Commented:
---------------------------------------------------------------------------------------------------------------------------------------
this is the results from mxtoolbox:

May be an open relay.
 0 seconds - Good on Connection time
 1.014 seconds - Good on Transaction time
 OK - 62.90.151.119 resolves to
 Warning - Reverse DNS does not match SMTP Banner

Session Transcript:
HELO please-read-policy.mxtoolbox.com
250 sybilgroup.com Hello [192.168.1.10] [359 ms]
MAIL FROM: <supertool@mxtoolbox.com>
250 2.1.0 supertool@mxtoolbox.com....Sender OK [265 ms]
RCPT TO: <test@example.com>
250 2.1.5 test@example.com [187 ms]
QUIT
221 2.0.0 sybilgroup.com Service closing transmission channel [203 ms]

---------------------------------------------------------------------------------------------------------------------------------------
using DOMAIN\USERNAME didn't solve the problem


---------------------------------------------------------------------------------------------------------------------------------------
changed FQDN in SMTP advanced delivery to  : sybilgroup.com


---------------------------------------------------------------------------------------------------------------------------------------
firewall is not blocking the ports

---------------------------------------------------------------------------------------------------------------------------------------
more from mxtoolbox. Can it be a ptr record problem?
Auth=N       Type=PTR       IP Address=62.90.151.119 Domain Name=62-90-151-119.barak.net.il      TTL=24 hrs



Problem still not solved.
0
Justin OwensITIL Problem ManagerCommented:
There is a difference between not blocking the ports and not forwarding the requests.  Your public MX record and IP addresses are different than your internal ones.  Your router or firewall need to know where to send that type of request when it is from external sources.
0
OrenRozenAuthor Commented:
result for telnet sybilgroup.com 25 :
220 sybilgroup.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.3959 ready at  Mon, 12 Apr 2010 20:53:16 +0300

I guess that if the port was blocked i could not get this result?!
0
davorinCommented:
You have more problems:
- You have two MX records pointing to the same server. I would keep only one - mail.sybilgroup.com.
- you have to change your PTR (rDNS) record to match your SMTP banner - I suggest mail.sybilgroup.com
- change your SMTP banner to mail.sybilgroup.com
- On exchange 2003 I normaly don't use SMTP connector. If you have only the default one, you can delete it. (Write down settings in case you will have to create it again.)
- Configure your SMTP server to allow relaying only for your internal LAN and authenticated users.
- Try to send/receve mails in your internal lan using POP3/SMTP. For SMTP, POP3 server use server internal name - server 2003.

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
davorinCommented:
And as many ISPs are bloking port 25, why don't you try to configure RPC over http?

Instructions:
http://www.msexchange.org/tutorials/outlookrpchttp.html
0
OrenRozenAuthor Commented:
- Set to only one MX. mail.sybilgroup.com
- Changed FQDN in smtp to mail.sybilgroup.com
- There is no SMTP connector
- External users are using their notebooks and sometimes thay are coming to the office, so I can't set their POP/SMTP to the internal server name.  BTW, I don't have a problem with setting the FQDN in other places.
- Only the ISP can change the PTR. I'll call them tomorrow morning. Domains Dep. is working only during working hrs :-(
0
B HCommented:
your dns resolves fine, which is why we can telnet to it and get the smtp server, so:
1. it resolves fine
2. the ports are not blocked

also, i was just able to send a test message into your server (see code snippet), so you don't have a flow problem

the only other problem you could have at this point is the internet provider that your external machines are using.  that isp has to be blocking port 25.  

to TEST this, have one of your external machines do:
start > run > telnet mail.sybilgroup.com 25
see if they get the 220 line.  if so, that's not the problem.  if it errors out/closes, that is the problem.

to get around this:
exchange system manager > ... > your server > protocols > smtp
right-click the smtp virtual server, properties
advanced (button on general tab)
add...
all unassigned, tcp port 2525, ok
ok
- then go NAT your firewall/router such that port tcp 2525 flows to the exchange server (same place 25 already goes)
- then set up your outside machines to SEND out port 2525 (this is under account settings, advanced)
if they're in the building or in the outside world, port 2525 will still work


220 mail.sybilgroup.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.3959 rea
dy at  Mon, 12 Apr 2010 22:08:36 +0300
helo whatever.com
250 mail.sybilgroup.com Hello [192.168.1.10]
mail from: joe@whatever.com
250 2.1.0 joe@whatever.com....Sender OK
rcpt to: administrator@sybilgroup.com
250 2.1.5 administrator@sybilgroup.com
data
354 Start mail input; end with <CRLF>.<CRLF>
subject: testing
testing from the experts-exchange thread
bryon44035v3
thanks
.
250 2.6.0 <SERVER2003WtIIZS2TR0000007a@mail.sybilgroup.com> Queued mail for delivery

Open in new window

0
B HCommented:
big red warning right here man:  you're an open relay - which is why you're on all the spam lists

(see code snippet)

while not related to your problem, it must be fixed asap


220 mail.sybilgroup.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.3959 rea
dy at  Mon, 12 Apr 2010 22:23:43 +0300
helo whatever.com
250 mail.sybilgroup.com Hello [192.168.1.10]
mail from: joe@whatever.com
250 2.1.0 joe@whatever.com....Sender OK
rcpt to: bryon@***********.com
250 2.1.5 bryon@***********.com
data
354 Start mail input; end with <CRLF>.<CRLF>
subject: i AM an open relay
pls fix me
kthxbye
.
250 2.6.0 <SERVER2003I2rV4ZneA0000007c@mail.sybilgroup.com> Queued mail for deli
very

Open in new window

0
B HCommented:
here's how to fix your open relay - until this is done, any spammer can use YOUR server to send their spam (they are actively doing this right now)

http://www.petri.co.il/preventing_exchange_2000_2003_from_relaying.htm

0
Justin OwensITIL Problem ManagerCommented:
And, to make matters worse, you just identified yourself publically as such by being on this forum.  Fix this ASAP, as bryon44035v3 suggested.
0
davorinCommented:
- External users are using their notebooks and sometimes thay are coming to the office, so I can't set their POP/SMTP to the internal server name.  BTW, I don't have a problem with setting the FQDN in other places.

If you configure one client in internal LAN using server internal name for test purposes, you will be able to narrow your search to cause of the problem to the server - if sending still does not work, or network (port forwarding, ISP bloking port25,...) - if it is working.

If your PTR record is incorrect, only some mail servers will reject your mails. SMTP sending is not affected.

I would not change SMTP port on your SMTP virtual server, as you will not be reachable by other mail servers. (Look at warning - http://support.microsoft.com/kb/274842). (Anyway It would be enough to redirect port on router from 2525 to 25, without changing anything on server - but don't do it.)
Another (temporary) workaround could be using dial-up VPN.

0
B HCommented:
@davorin:  i suggested he ADD port 2525 to his smtp virtual server, not replace the existing one.

thus, his server would listen on both 25 AND 2525
0
davorinCommented:
bryon44035v3: Sorry, I was not careful enough. Obviously, today is not my day.. ;)
0
OrenRozenAuthor Commented:
Hi All,

- SMTP Relay is now accepting only local IP subnet and authenticated users
- SMTP and POP3 is working if testing from WITH IN the organization.

when testing from external connection:

1. if SMTP and POP3 configured to mail.sybilgroup.com and SMTP authentication is checked, mail is stuck in the outbox.
2. if SMTP and POP3 configured to mail.sybilgroup.com and SMTP authentication is NOT checked, i get the message:
    554 5.7.1 This message has been blocked because the HELO/EHLO domain is invalid
0
OrenRozenAuthor Commented:
Sorry. checked again and:

1. if SMTP and POP3 configured to mail.sybilgroup.com and SMTP authentication is checked, I get a window for
    username password.

2. if SMTP and POP3 configured to mail.sybilgroup.com and SMTP authentication is NOT checked, i get the message:
    554 5.7.1 This message has been blocked because the HELO/EHLO domain is invalid
0
B HCommented:
that's kind of ok...

leave it set up like #1 you said in your last comment

fill in the username/password in people's outlooks.  that's normal, because the spammers wont know your usernames and passwords (we hope)

in your comment #2 above, that's fine because spammers always fake the helo/ehlo domain

0
OrenRozenAuthor Commented:
1. PTR record is now set to mail.sybilgroup.com
2. SMTP and POP3 configured to mail.sybilgroup.com and SMTP authentication is checked

Problem is still the popup window for username and password.
0
Justin OwensITIL Problem ManagerCommented:
Is it just prompting over and over without letting you in, or is it prompting once and then allowing the connection?
0
OrenRozenAuthor Commented:
prompting over and over without letting me in
0
davorinCommented:
Hi,
What fqdn entry do you have in  Protocols-> default virtual SMTP server-> Properties->Delivery->Advanced Options->Settings? It is mail.sybilgroup.com?
0
OrenRozenAuthor Commented:
yes
0
OrenRozenAuthor Commented:
any ideas why this sbs2003 is not accepting smtp requests?
maybe something with dns?
0
davorinCommented:
try to enable smtp logging and check logs at the time you are trying to send messages from outside.
maybe you can try to enter username in form username@domain.local (whatever it is)
0
OrenRozenAuthor Commented:
username@domain.local didn't work.

The results of the log:
#Software: Microsoft Internet Information Services 6.0
#Version: 1.0
#Date: 2010-04-13 18:55:19
#Fields: date time c-ip cs-username s-sitename s-computername s-ip s-port cs-method cs-uri-stem cs-uri-query sc-status sc-win32-status cs-version cs-host cs(User-Agent) cs(Referer)
2010-04-13 18:55:19 205.188.190.2 OutboundConnectionResponse SMTPSVC1 SERVER2003 - 25 - - 554-+(RTR:SC)++http://postmaster.info.aol.com/errors/554rtrsc.html 0 0 SMTP - - -
2010-04-13 18:55:19 205.188.190.2 OutboundConnectionResponse SMTPSVC1 SERVER2003 - 25 - - 554++Connecting+IP:+62.90.151.119 0 0 SMTP - - -

2010-04-13 19:03:02 192.168.1.10 ORENRPC SMTPSVC1 SERVER2003 192.168.1.1 0 EHLO - +ORENRPC 250 0 SMTP - - -
2010-04-13 19:03:12 192.168.1.10 ORENRPC SMTPSVC1 SERVER2003 192.168.1.1 0 QUIT - ORENRPC 240 10312 SMTP - - -
2010-04-13 19:03:43 192.168.1.10 ORENRPC SMTPSVC1 SERVER2003 192.168.1.1 0 EHLO - +ORENRPC 250 0 SMTP - - -
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   
0
davorinCommented:
Are you using some sort of antispam filter or appliance? Have you checked its configuration?

In log you have error about sending mail to aol. Cause RTR:SC - look at link in log.
0
OrenRozenAuthor Commented:
check the antispam (Bitdefender for Exchange). problem not there.
I've disabled it when tried to send email. same problem.
0
OrenRozenAuthor Commented:
I've created a new account called test.

with SMTP authentication checked or unchecked email is sent out and I get auto-response of :
554 5.7.1 This message has been blocked because the HELO/EHLO domain is invalid

in the log:
2010-04-14 06:29:25 192.168.1.10 ORENRPC SMTPSVC1 SERVER2003 192.168.1.1 0 EHLO - +ORENRPC 250 0 SMTP - - -
2010-04-14 06:29:25 192.168.1.10 ORENRPC SMTPSVC1 SERVER2003 192.168.1.1 0 MAIL - +FROM:+<test@sybilgroup.com> 250 0 SMTP - - -
2010-04-14 06:29:25 192.168.1.10 ORENRPC SMTPSVC1 SERVER2003 192.168.1.1 0 QUIT - ORENRPC 240 109 SMTP - - -
2010-04-14 06:30:21 192.168.1.10 ORENRPC SMTPSVC1 SERVER2003 192.168.1.1 0 EHLO - +ORENRPC 250 0 SMTP - - -
2010-04-14 06:30:21 192.168.1.10 ORENRPC SMTPSVC1 SERVER2003 192.168.1.1 0 MAIL - +FROM:+<test@sybilgroup.com> 250 0 SMTP - - -
2010-04-14 06:30:21 192.168.1.10 ORENRPC SMTPSVC1 SERVER2003 192.168.1.1 0 QUIT - ORENRPC 240 218 SMTP - - -
0
davorinCommented:
I'm running slowly out of ideas.
QUIT result mode 240 means - Success with other or undefined network or routing status.
Other "strange" thing is repeating cs-username OPENRPC (client username) - what it is?
What it is at 192.168.1.1? Is it there configured/installed some sort of mail filtering?
0
B HCommented:
something you changed to prevent being an open relay is causing this.

you probably set something like 'helo domain verification'.  that's usually ok, but if someone on comcast internet tries to send mail to your server claiming to be someone@yahoo.com, the helo domain won't match... so you might want to remove that setting.

while still making sure you're not an open relay

0
OrenRozenAuthor Commented:
Problem solved :-)
Ok........it took some time but, with your help and our digging and understanding the configuration of this server showed us the way to "salvation".

The problems:
1. this domain was recognized as a spammer and listed in rbl's.
2. problem with mx and ptr records.
3. problems with dns records.
4. exchange pop3 connector was not configured properly. if fact it was not in use.
5. instead adding second domain to the exchange recipient policies, it was added as a contact for the same user in active directory. I have no idea why it was configured that way
6. duplicates and triplets of x400 protocol for most of the account configured for users NOT with the same account name.
7. Wrong zones configuration at the ISP.
8. Wrong configuration settings on fortigate filtering.


0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Email Protocols

From novice to tech pro — start learning today.