Solved

exchange receive connector problems

Posted on 2010-08-30
24
349 Views
Last Modified: 2012-08-13
We just setup a new SBS 2008 server and I have an issue that I just can't seem to track down. The Internet Receive Connector seems to accept connections from some mail servers (ip addresses) and not from others.  Example: I can't telnet to port 25 from some locations but not from others. The receive connector is setup to accept from 0.0.0.0-255.255.255.255  I would think that would cover everything.  Anyone with some suggestions would be great.

Thanks in advance
Randy
0
Comment
Question by:rlb001
  • 12
  • 12
24 Comments
 
LVL 28

Accepted Solution

by:
sunnyc7 earned 500 total points
Comment Utility
www.testexchangeconnectivity.com/
Test for inbound SMTP
Copy paste the results here

www.canyouseeme.org
Check if ports 80 25 443 587 are open

please post back
0
 

Author Comment

by:rlb001
Comment Utility
Testing Inbound SMTP Mail flow for domain rbradford@clevelandrcc.org
 Inbound SMTP mail flow was verified successfully.
 Test Steps
 Attempting to retrieve DNS MX records for domain clevelandrcc.org
 One or more MX records were successfully retrieved from DNS.
 Additional Details
 MX Records Host mail.clevelandrcc.org, Preference 10


Testing Mail Exchanger mail.clevelandrcc.org.
 This Mail Exchanger was tested successfully.
 Test Steps
 Attempting to resolve the host name mail.clevelandrcc.org in DNS.
 Host successfully resolved
 Additional Details
 IP(s) returned: 208.40.29.146

Testing TCP Port 25 on host mail.clevelandrcc.org to ensure it is listening and open.
 The port was opened successfully.
 Additional Details
 Banner Received: 220 mail.clevelandrcc.org Microsoft ESMTP MAIL Service ready at Mon, 30 Aug 2010 14:26:47 -0400

Attempting to send test email message to rbradford@clevelandrcc.org using MX mail.clevelandrcc.org.
 The test message was delivered successfully.
Testing the MX mail.clevelandrcc.org for open relay by trying to relay to user Admin@TestExchangeConnectivity.com
 The Open Relay test passed. This mx isn't an open relay.
 Additional Details
 The open relay test message delivery failed (a good thing).
The exception detail is:
Exception details:
Message: Mailbox unavailable. The server response was: 5.7.1 Unable to relay
Type: System.Net.Mail.SmtpFailedRecipientException
Stack trace:
at System.Net.Mail.SmtpTransport.SendMail(MailAddress sender, MailAddressCollection recipients, String deliveryNotify, SmtpFailedRecipientException& exception)
at System.Net.Mail.SmtpClient.Send(MailMessage message)
at Microsoft.Exchange.Tools.ExRca.Tests.SmtpOpenRelayTest.PerformTestReally()

Port 587 wasn't but the others are, I opened 587 but that didn't help.

Randy
0
 

Author Comment

by:rlb001
Comment Utility
By the way I had tried that and seen that it worked, but when I telnet from home or some other addresses no joy.
0
 
LVL 28

Expert Comment

by:sunnyc7
Comment Utility
Open Exchange management console
Go to server config
hub transport
Select server name in top pane
Right click on receive connector in bottom pane > Properties

Go to authentication tab
Check TLS

in Permission Groups tab
Make sure first 4 are checked.

Restart hub transport server.
Lets see if you get something.
0
 

Author Comment

by:rlb001
Comment Utility
Is there a easy way to restart the hub without restarting the actaul server?
0
 
LVL 28

Expert Comment

by:sunnyc7
Comment Utility
start > run > services.msc

restart ms exchange hub transport.
0
 

Author Comment

by:rlb001
Comment Utility
Ok done that and I still can't telnet some locations.  The mail server is mail.clevelandrcc.org in case you would like to try from your location.
0
 
LVL 28

Expert Comment

by:sunnyc7
Comment Utility
I get the full banner

mail.clevelandrcc.org
banner.png
0
 

Author Comment

by:rlb001
Comment Utility
That is weird, This is what I get.
Capture.PNG
0
 

Author Comment

by:rlb001
Comment Utility
I get the connection on some remote locations and I get the above at some others.  So in short, some emails are getting rejected and some are not.
0
 
LVL 28

Expert Comment

by:sunnyc7
Comment Utility
ok
it wont work from within the network if there is no A-record in your DNS for mail.clevelandrcc.org - pointing to LAN IP of your exchange server.

or your ISP is blocking port 25.

www.canyouseeme.org
enter 25
Check if it's blocked.
0
 
LVL 28

Expert Comment

by:sunnyc7
Comment Utility
No that doesnt mean that @ some emails are getting rejected.

Email Pass/Fail test is

www.testexchangeconnectivity.com
If it passes - all emails will pass.

unless you are in some blacklist
www.mxtoolbox.com
>> which you are not.
http://www.mxtoolbox.com/SuperTool.aspx?action=mx:clevelandrcc.org

or your sender reputation is bad
>> Which is blank (new setup probably ?)
http://www.senderbase.org/senderbase_queries/detaildomain?search_string=clevelandrcc.org

let me send some test emails and see how that goes.
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 

Author Comment

by:rlb001
Comment Utility
Well port 25 is open and I have an A record for mail.clevelandrcc.org.  This all started when I couldn't get my barracuda Spam Firewall to connect because it can't open port 25.  I thought that it was just the Barracuda but lately I have been phone calls about people trying to send emails to our server and they are rejected because of the server could not be contacted.  So I tried to telnet from some outside locations and some are working and some are not.  So that is the whole story. Thanks in advance for all of your help.
0
 
LVL 28

Expert Comment

by:sunnyc7
Comment Utility
Thanks for clearing-up the picture.
i was troubleshooting with just the exchange server in mind.

Can you post a screenshot of your baracuda configuration.
apparently its not going to baracuda anymore and going straight to exchange server, based upon the headers atleast.

*unless I am missing something
0
 

Author Comment

by:rlb001
Comment Utility
Yes it is going directly to the mail server.  I changed the A record when I couldn't get the Barracuda to connect.  I figured I would work on it at a later time and just by pass it for now.  But now I think that it is a bigger problem since I can't connect via telnet from some other locations also.
0
 
LVL 28

Expert Comment

by:sunnyc7
Comment Utility
if you cannot telnet from other locations, then your ISP has blocked port 25.
Test it.

Go here
www.canyouseeme.org

enter 25

Check if it's blocked
0
 

Author Comment

by:rlb001
Comment Utility
It's open no problem.  You connected, I can connect from some locations and not others.  This is not a case of nobody can connect from anywhere.  Some locations can and others can't.   That is why I am having such a hard time figuring this out.
0
 
LVL 28

Expert Comment

by:sunnyc7
Comment Utility
Can you check with these guys what errors they are getting.

a) Need the DSN code 4.4.7 or something.

b) Ask them to ping your email server

ping mail.clevelandrcc.org -t

See if that works.

c) Ask them to pathping

pathping mail.clevelandrcc.org

See where it times out.
---------
If their port 25 is open from canyouseeme.org, and they can telnet to other domains, check if they can tracert / pathping to your domain.

0
 
LVL 28

Expert Comment

by:sunnyc7
Comment Utility
Trying to trace where the issue is.
0
 

Author Comment

by:rlb001
Comment Utility
The pathping from my home computer (which can not telnet to port 25) has 22 hops but it does finally see's it.  The ping works fine with no misses.  I don't have the DSN code yet.  I requested the people that had rejected emails to send me one, but none yet.
0
 
LVL 28

Expert Comment

by:sunnyc7
Comment Utility
try tracert your public IP

Also try tracert from here
http://www.dnsstuff.com/
0
 

Author Comment

by:rlb001
Comment Utility
22 hops and found it
http://www.dnsstuff.com/ got to my firewall also
0
 
LVL 28

Expert Comment

by:sunnyc7
Comment Utility
If both tested ok
a) your home > your firewall
b) DNS Stuff > your firewall.

I dont think there is any issue with your server right now.

whosoever received a 4.4.7 - can you ask them to retry now and see if they are still facing these issues.

PS: you might want to consider putting *some* anti-spam in front of that.
Try vamsoft ORF
http://www.vamsoft.com/
Free 30 day trial for full server - $239 per server if you decide to keep it.
0
 

Author Closing Comment

by:rlb001
Comment Utility
I still have the issue but have worked around it by using a different IP to connect to my exchange and it seems to work.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now