• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 747
  • Last Modified:

Exchange Server 2003 (Fowarding using this smart host) ddns

Hi all,

I always been using my own exchange server and I used the ddns option to forward emails, and this was possible because the router also supported the ddns feature.

Unfortunately I changed Internet provider and this new people (Tele2) are providing a very bad service and in addition to that they block my mac address so I am obbligeted to use their roter that doesn't have any ddns feature so I am not able to send anymore email I can only received.

Now I switched back the setting in the Exchange Server (Internet Mail smtp connector) to the option use dns to route each address space on this connector. Now I am not able to still send email and everrytime I sent an email I have delivery failure. Now I rember that some email they should reach their own destination even though I am not using a specific static WAN IP because as you know normal internet provider only gives you Dynamic WAN IP. In any case the WAN IP is always the same because I am still using ddns host the hold the same IP at all time.

My question is is there anyway that I could configure exchange on forwarding emails without the ddns option? I hope you understtod what I mean. Any questions are welcome
0
daveviolante
Asked:
daveviolante
  • 29
  • 28
  • 8
2 Solutions
 
woolnoirCommented:
Your problem can have a number of causes. First im not 100% sure why you stopped using a DDNS service in the first place - fine that your ISP didnt have the option, but that doesn't stop you using their email forwarding service, especially as you could install one of the DDNS programs on the email server ?

Now that you dont have a DDNS service, i assume that your issue sending email may be that your IP is flagged as a dynamic end user ISP on some email blacklist ? can you give us an example of one of the bounce emails you have received ?

I would look at

1) Using a DDNS service in conjunction with a DDNS program running on your server, it will use your WAN facing IP and register correctly.
2) use their store-> forward email service, again this will ensure you dont have issues with a blacklist.

This should work, ive done it myself before... if not, give more details and i can try to assist.
0
 
daveviolanteAuthor Commented:
I am register with ddns, and all records I recorded correctly, the issue is that the router it self doesn't have the option of ddns, I mean my old router had it and before changing provider everything was working perfectly. The old router unfortunately doesn't work with Tele 2 I need to use the Tele 2 router that in simple work is crap.

Now the ddns feature as you know gives you the oppurtunity to enter the credential username and password of your ddns service. Now Tele 2 router doesn't have this option how can I bypass this?

This is what happen when I sent an email

Your message did not reach some or all of the intended recipients.

      Subject:      RE: test
      Sent:      26/08/2010 19:35

The following recipient(s) cannot be reached:

      Davide Violante on 28/08/2010 19:53
            Could not deliver the message in the time limit specified.  Please retry or contact your administrator.
            <exch-srv.technopc.eu #4.4.7>
0
 
woolnoirCommented:
Which DDNS service do you use ?
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
woolnoirCommented:
And is technopc you?
0
 
daveviolanteAuthor Commented:
I am using DynDns.com

I have Custom DNS Service, MailHop Backup
0
 
daveviolanteAuthor Commented:
Yes I am technopc.eu
0
 
daveviolanteAuthor Commented:
Mailhop result
10      technopc.eu
50      mx2.mailhop.org

It appears that your MX records are setup correctly.
0
 
daveviolanteAuthor Commented:
Mail Exchangers:       technopc.eu
mx2.mailhop.org
      Edit MX List Set for MailHop
Hostname       Service       Details       Last Updated
technopc.eu       A-record       87.212.183.6       Aug. 17, 2010 2:49 AM
exch-srv.technopc.eu       A-record       87.212.183.6       Aug. 26, 2010 7:13 PM
hoofddorp.technopc.eu       A-record       87.212.183.6       Aug. 17, 2010 2:50 AM
www.technopc.eu       Alias (CNAME)       technopc.eu       N/A
0
 
daveviolanteAuthor Commented:
Hello

I attached a scree shot of the exchange internet mail connector

Doc1.docx
0
 
woolnoirCommented:
can you ping things correctly from your mail server ? the fact that the non delivery is coming from you, suggests that it either cant connect to, or resolve the MX address for the mails your sending ? worth checking resolution.
0
 
daveviolanteAuthor Commented:
resolution it is fine it was working just ok before

The only difference is that before I was using the option (foward all mail through this connector to the following smart host) administrator.dnsdojo.com wich is the DDNS Smart Host

Also still on the internet mail connector on the advanced tab there is an option called <outbound security>if I click there I need to choose <basic authentication> and eneter the DynDns credential username and password.

Here is the problem you should also open in the router the DDNS service and enter the DynDns credential but like I said the Tele 2 router doesn't have this option, so at the current situation nothing goes out because my router is blocking the mail as the ddns feature doesn't exisist

I hope this is clear not I need an alternative solution
0
 
woolnoirCommented:
Can you telnet to anything on port 25 ? Try cluster1.eu.messagelabs.com:25 - the reason im asking is a lot of ISP's block port 25... when you used the smarthost on the old ISP, it may NOT have blocked SMTP or, the dydns connection may of not been on port25 ?

I think it may just be coincidence that the ISP switch happened at the same time as the DYDNS stuff, hence you think there may be a link.

Check to see if your isp block port 25 ?
0
 
woolnoirCommented:
I'm a bit confused what you are asking them

you used to be on another isp, you have now moved to tele2
you used to have a DYDNS option in your router, you now dont, but the lack of a DYDNS option wont effect you using DYDNS to deliver outgoing email using a smarthost ?

the dydns stuff is used for incoming email so that when your IP changes, incoming mail is delivered to DYDNS hosts which then forward it to you. The outgoing part is generally used for 1) ISP's that block port 25, or 2) for issues where your IP is marked as a dynamic ISP IP and thus gets flagged as blacklisted.

What would you like us to suggest as fixes 1) something that sorts your email deliver (in which case check the port 25 stuff in the post above), or 2) something to fix your dydns issue (lack of router option) in which case use this http://www.dyndns.com/support/clients/windows.html <-- this sits on your server, obtains your external IP and logs into DYDNS - it does the same job as your router.
0
 
daveviolanteAuthor Commented:
Ok I am checking but I can receive emails they also go through port 25 right?
0
 
woolnoirCommented:
Ok so you have 2 problems.

1) you cannot receive email

a few things to check, 1) you have used the client i posted above to update your DYDNS record, your MX records are 10      technopc.eu 50      mx2.mailhop.org, the first is static it seems, the second is dynamic. Assuming you have set the A record manually - do you have a firewall rule set to allow portforwarding for port25 to your email server, and if so is the A record correct ? You mentioned getting a new router, im assuming the old one had a port forward, does the new one ?

Infact i've just tried a telnet to technopc.eu:25 and it doesnt respond, meaning its either the wrong IP, or no firewall port forward.

2) the fact that you cant send email

check that there is a firewall rule allowing 25 out
check that your ISP allows port 25 out (many dont)
install the DYDNS client, update your values and then re-add the smarthost, that will potentially solve your outgoing issue.
0
 
woolnoirCommented:
> Ok I am checking but I can receive emails they also go through port 25 right?

They do, but many ISP's block 25 OUTGOING - its to help stop spam. and i think tele2 are one of those that do.
0
 
daveviolanteAuthor Commented:
Port forwaring is enabled on port 25 on the exch-srv so I guess the Tele 2 is blocking port 25

I am changing the port and installing the updater
0
 
woolnoirCommented:
Well the option then, is to change the port that it uses to say, something like 2525 (random number), get DYDNS's mail forwarder to forward incoming mail to that port at your router and make sure the client updator runs all the time :) - that should fix it.
0
 
sunnyc7Commented:
Dave
Go here
www.testexchangeconnectivity.com

Test for inbound and outbound smtp
Post results here

From within the network, go to
www.canyouseeme.org
Test for ports 25,80,443 are open

Post back results
0
 
woolnoirCommented:
@daveviolante let me know if any of the above worked and we can try some other stuff, but i suspect it will be fixed now.
0
 
daveviolanteAuthor Commented:
Exchange Crashed since I rebooted, not sure why I will kepp you posted when this issue is solved
0
 
daveviolanteAuthor Commented:
Exchange is now up and running upon reboot the exchange crashed because since I installed the ddns updater the dns records on the exchange server was automatically updated with the outside internet dns

But the DC has his own internal dns so the system crashed because there was not anymore dns resolution.

So How shall I configure all that? Shall I add to the DynDns all the host I have into the network?

Because I cannot keep only the exchange that try to resolve via the internet and the DC that has his local dns

Do you know what I mean?
0
 
woolnoirCommented:
The local DNS servers should be set as itself , the dydns program shouldn't as far as i know alter the local DNS servers - if it does there should be an option to stop it.

By default the client DYDNS program should do 2 things, 1) obtain the internet IP of your router and 2) update DYDNS with this address. It shouldnt change the local DNS of your server... since its an AD box ? it needs to be set to the DNS address of the ADDNS server , in this case probably itself.

Try using the DYDNS program again - see if it alters the local dns, if it does then we need to look for an alternative updater tool - it shouldnt, simple as that.

0
 
woolnoirCommented:
to clarify - as far as i know the local NIC DNS properties are set as the server itself for DNS. The server resolves and caches what it can, and then a forwarder is set to forward DNS queries to either a ISP DNS server or the root DNS servers.. ( whichever you have configured) thats how it should be i believe.

I think if the DYDNS has changed any of that, its faulty....keep an eye on it, if it changes them again, we will find another tool.
0
 
daveviolanteAuthor Commented:
Yes guys I chacked again as soon I install the dyndns too updater it changes the local dns.

Indeed like everybody said the DC dns was set to itself and all the other server are using that dns to resolve, but the updater tool changes the local dns on the exchange server and that isn't good
0
 
woolnoirCommented:
So we find a new dydns tool :)
0
 
daveviolanteAuthor Commented:
Hold on i find out why that was happening

On the updater wizard there is an option called DynDns.com internet guide

I didn't check the check box this time so I didn't install this feature and now the local dns didn't change
0
 
woolnoirCommented:
nice - so in that case youre all fixed ? :)
0
 
daveviolanteAuthor Commented:
This is solved now but I cannot still send email out I can receive as before I need to test the ports let you know in a min
0
 
daveviolanteAuthor Commented:
I am still using port 25 that might needs to be changed
0
 
woolnoirCommented:
well you should be able to use the forward service of youre DYDNS now ? they should allow you to send the email to them on a different port them 25 and forward it on ?

or maybe you can send out using the tele2 SMTP server ?
0
 
daveviolanteAuthor Commented:
I run the port test suggested by someone in here the test failed it means they are blocking port 25

                                                                                                                                                                                                                                                                                                                                                           Performing Outbound SMTP Test                                                                                                                                                         Outbound SMTP Test Failed                                                                                                                                                                                                                                                                                                                                         Test Steps                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Attempting reverse DNS lookup for IP 87.212.183.6                                                                                                                                                                                                                     Reverse-DNS Lookup failed                                                                                                                                                                                                                                                                                                                                                                                                                                                                 Additional Details                                                                                                                                                                                                                                             IP Address 87.212.183.6 does not have a PTR record in DNS                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Performing Real-Time Blackhole List (RBL) Test                                                                                                                                                                                                                     Your IP address wasn't found on any of the block lists selected.                                                                                                                                                                                                                                                                                                                                                                                                                                                                 Test Steps                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Checking Block List "SpamHaus Block List (SBL)"                                                                                                                                                                                                                                                                                 The address isn't on the block list.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         Additional Details                                                                                                                                                                                                                                                                                                         IP 87.212.183.6 was not found on RBL                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Checking Block List "SpamHaus Exploits Block List (XBL)"                                                                                                                                                                                                                                                                                 The address isn't on the block list.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         Additional Details                                                                                                                                                                                                                                                                                                         IP 87.212.183.6 was not found on RBL                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Checking Block List "SpamHaus Policy Block List (PBL)"                                                                                                                                                                                                                                                                                 The address isn't on the block list.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         Additional Details                                                                                                                                                                                                                                                                                                         IP 87.212.183.6 was not found on RBL                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Checking Block List "SpamCop Block List"                                                                                                                                                                                                                                                                                 The address isn't on the block list.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         Additional Details                                                                                                                                                                                                                                                                                                         IP 87.212.183.6 was not found on RBL                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Checking Block List "NJABL.ORG Block List"                                                                                                                                                                                                                                                                                 The address isn't on the block list.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         Additional Details                                                                                                                                                                                                                                                                                                         IP 87.212.183.6 was not found on RBL                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Checking Block List "SORBS Block List"                                                                                                                                                                                                                                                                                 The address isn't on the block list.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         Additional Details                                                                                                                                                                                                                                                                                                         IP 87.212.183.6 was not found on RBL                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Checking Block List "MSRBL Combined Block List"                                                                                                                                                                                                                                                                                 The address isn't on the block list.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         Additional Details                                                                                                                                                                                                                                                                                                         IP 87.212.183.6 was not found on RBL                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Checking Block List "UCEPROTECT Level 1 Block List"                                                                                                                                                                                                                                                                                 The address isn't on the block list.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         Additional Details                                                                                                                                                                                                                                                                                                         IP 87.212.183.6 was not found on RBL                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Checking Block List "AHBL Block List"                                                                                                                                                                                                                                                                                 The address isn't on the block list.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         Additional Details                                                                                                                                                                                                                                                                                                         IP 87.212.183.6 was not found on RBL                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 Performing Sender ID validation                                                                                                                                                                                                                     Sender ID validation performed successfully                                                                                                                                                                                                                                                                                                                                                                                                                                                                 Test Steps
0
 
daveviolanteAuthor Commented:
                                                                                                                                                                                                                                                                                                                                                          I am getting confuse

I run www.canyouseeme.org and this is telling me that the port 25 is open

Success: I can see your service on 87.212.183.6  on port (25)
Your ISP is not blocking port 25


0
 
woolnoirCommented:
So you have two options

1) setup a smarthost to send email to your ISP's SMTP server
or
2) setup a smarthost to send email to DYDNS's email server on a diff port than 25 :)
0
 
woolnoirCommented:
I run www.canyouseeme.org and this is telling me that the port 25 is open

Success: I can see your service on 87.212.183.6  on port (25)
Your ISP is not blocking port 25
---

thats incoming though - i.e mail INTO you... not outgoing.
0
 
daveviolanteAuthor Commented:
Hey guys I already said that I am using the smart host on the smtp connector this is already done

As far I know reading at the dyndns instructions the router should support ddns feature, but some other people told me that this is not necessary if you install the dyndns updater
0
 
daveviolanteAuthor Commented:
In any case if I run www.canyouseeme.org on port 2525 that fails
0
 
woolnoirCommented:
can you confirm were talking about the same thing....

i.e

http://www.no-ip.com/support/guides/email/quick_start_alternate_port_smtp.html

can yuo confirm you have changed the outgoing SMTP port to something other than 25 ... and something that DYDNS support for their email service ?

I'm starting to get a little confused as to what you have done and not done. The canyouseeme.org is designed to check INCOMING traffic not outgoing.. you need a port that allows OUTGOING exchange connectivity. Normally this needs to be on port 25 as thats what other SMTP servers expect, we need to either setup a smarthost TO YOUR ISP SMTP SERVER or , setup a connector on an alternative port to 25 to dydns email forwarder.
0
 
woolnoirCommented:
is it this service your using from dydns http://www.dyndns.com/services/mailhop/relay.html ?
0
 
woolnoirCommented:
Relay mail to any of the following ports: 24, 25, 587, 2525, 10025, 52525 the relay service supports those ports .. so you should configure your connector as per http://www.no-ip.com/support/guides/email/quick_start_alternate_port_smtp.html to forward to dydns servers on one of those ports..... that should bypass the tele2 imposed block.
0
 
daveviolanteAuthor Commented:
I got you guys

I will come to you as soon I can
0
 
sunnyc7Commented:
0
 
daveviolanteAuthor Commented:
Sunnyc7

did you setup your smarthost like this >>
http://www.dyndns.com/support/kb/mail_servers_and_mailhop_outbound.html#exchange2003

Yes I did. Guys here it is not about how to configure a smart host or Exchange it self, I am actually an exchange admin and mainly I do know this things here is about understanding if Tele2 is blocking port 25 in my home address I mean it seems that receiving email it is OK but sending out the port 25 is blocked. I changed the port to 2525 or 10025 or 3325 and no matter what it seems that all those port are blocked too.

I mean I will change this provider soon I called them to court for not telling me the truth and so on, but mean time I need to workaround this issue. The only thing I haven't done is that every time I changed the outbound port to 2525 or 3325 I only restarted the smtp mail protocol would be better actually reboot all server?

The thing is that as an Exchange Admin in a real company we would never had this kind of issue so this is kind of totally different way of doing things
0
 
woolnoirCommented:
Ok so you change the outbound port, but is this set to forward mail to dydns? Remember most smtp servers will only accept on port 25. You need to change the outgoing port and configure a smart host.
0
 
daveviolanteAuthor Commented:
I did that I think I am not very clear possibly the way I write English, I mean isn't my native language ahahah.

Everything you said it has been configured following this guide
http://www.dyndns.com/support/kb/mail_servers_and_mailhop_outbound.html#exchange2003

Also this was working for over 3 years I never had any issue before changing provider, the only difernce is that with previous provider I could use my own router and the router also has the ddns feature, that apparently this feature can be replaced by the DynDns updater that is now installed and running into the exch-srv

0
 
woolnoirCommented:
Call up tele2 ask them if they block any outgoing ports.
0
 
sunnyc7Commented:
Tele2 : smtp.tele2.se

Here's the problem.
Port 25 may not be blocked by tele2. But it is allowed to connect to *only tele2 SMTP server*, and all others are blocked.

What you need to do is call them up and ask them if you can use port 25 to relay to other SMARTHOST's

Also check with them what is their policy for allowing relay to other smarthosts.

Most ISP's at this point in conversation will sell you, their version of smarthost.

Tele2's smarthost
mail.tele2.se

Please post back.
0
 
daveviolanteAuthor Commented:
Sure I will

I need to call them soon
0
 
woolnoirCommented:
@sunnyc7 i think i suggested that above and i'm not sure if the OP took the advise or not. Using the ISP's smtp server is the way most ISP's at least in the UK suggest its done.
0
 
woolnoirCommented:
daveviolante - check out what sunnyc7 suggested, i mentioned earlier up the thread to use your ISP's SMTP server as a smarthost, can you confirm if you have tried this or not ?
0
 
sunnyc7Commented:
@woolnoir

That's one of the things that makes sense, given:
- port 25 is open
- still cannot relay mails.

0
 
daveviolanteAuthor Commented:
woolnoir:

daveviolante - check out what sunnyc7 suggested, i mentioned earlier up the thread to use your ISP's SMTP server as a smarthost, can you confirm if you have tried this or not ?

No I haven't tried that, how shall I do that? ? Can you help? As Exchange admin we have never done those things here where I am working
0
 
woolnoirCommented:
use this article, and enter the server details that sunny provided

http://technet.microsoft.com/en-us/library/aa996215(EXCHG.65).aspx

0
 
sunnyc7Commented:
Dave Violante
>> Call your ISP TELE2

Ask them this:
a) Is SMTP Port 25 blocked ?

b) If NO >
Do you allow SMTP relay **only through your SMTP Server**   smtp.tele2.se ?

c) What do I need to do to relay emails to others using Exchange Server ? My mails are getting blocked at your end.

d) If they say smarthost and it costs XX > 
>> I already have a smarthost service from mail-hop.
How do I relay off you to mailhop ?

>> they might allow you / or they may not (most likely). In that case ask them smarthost costs per month ?
0
 
woolnoirCommented:
What this does is instead of attempting delivery via port 25 to any mailserver using DNS resolution (which wont work since tele2 block it ) it forwards all mail to your ISP server. This is traditionally setup to relay any mail from a LOCAL isp IP.
0
 
sunnyc7Commented:
Tele2 is swedish - Correct ?
(Dont want to divert you to the latvian Tele2 :( )
0
 
daveviolanteAuthor Commented:
Well I am in the Netherlands, I am actually now working for DataDomain here I was their Exchange Admin but I am now the filesystem expert and I am not sure if Tele 2 here in the Netherlands is Swedish. It could be that is the Italian one, I cannot tell you

I am Italian and I know how bad is it Tele 2 in Italy
0
 
sunnyc7Commented:
For netherlands I think it is

smtp.tele2.nl

web
http://se.tele2.nl/

Can you call them and ask them questions which I posted above.
0
 
woolnoirCommented:
Find out whatever the SMTP server is in your country... and use the instructions i posted above to configure a smarthost for that address.. that should fix your issue. Sunnyc7 is posting addresses for various countries .
0
 
sunnyc7Commented:
It's hard to figure this out from here by using google translate :(

I'd suggest clal your ISP and ask them the smarthost details.
You dont want to pipe your mails through swededn from netherlands because of a google translate error.

that wont work at all.
0
 
woolnoirCommented:
> Well I am in the Netherlands,

Ive just checked, if hes dutch and in holland the address for the smarthost is

smtp.tele2.nl : port 25
0
 
daveviolanteAuthor Commented:
It should be that one smtp.tele2.nl I can double check that no worries
0
 
woolnoirCommented:
follow the guide above then, for a smarthost and set it to that server.
0
 
daveviolanteAuthor Commented:
Hi all,

I called Tele2 and the open port (Outgoing) is 587

I changed the port on the exchange to 587 and opened up the port forwarding into the router to foward from port 587.

I changed the smart host on the smtp protcol to smtp.tele2.nl and I my the Tele2 Credential on the " Outbound Security" it's all working now and the issue it is solved

Thanks all
0
 
daveviolanteAuthor Commented:
Great People very helpfull

They solved my Tele2 issue

Bloody Tele2 but we made it thanks
0

Featured Post

SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

  • 29
  • 28
  • 8
Tackle projects and never again get stuck behind a technical roadblock.
Join Now