Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 546
  • Last Modified:

New Exchange 2010 installation having issues sending mail

Although mail is flowing from the exchange server to the outside world.  I believe there is an issue on my end preventing it from being delivered to some servers.  Specifically google and hotmail, but will go to my private domain emails no problems.

When i go to mxtoolbox it says my rDNS doesn't mach my smtp banner.  I verified with ptr my ip resolves to the public domain of my mail server.  I put a text srv record on my DNS.  I changed the FQDN of the banner displayed on the smtp receive connector.  Any suggestions?

I think my emails are being flagged as not authenticated or something else is flagging them at these big mail server's spam filtration devices.

Thanks!
0
Dean_Kletter
Asked:
Dean_Kletter
  • 13
  • 10
  • 3
  • +1
2 Solutions
 
endital1097Commented:
you need to update the receive connector with the fqdn value of your ptr record
set-receiveconnector "Connector Name" -Fqdn mail.yourdomain.com
0
 
Dean_KletterAuthor Commented:
the default or client? I went with the default, but I believe that i had already changed that using the GUI.  Or is this different?
0
 
Dean_KletterAuthor Commented:
I ran the command and it said 'no changes were made' so I guess that was already addressed via the GUI
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
endital1097Commented:
yes, you would update the default receive connector unless you had created another for anonymous connections

is this inbound or outbound issue?
if it is outbound you'll also want to update your send connector
0
 
Dean_KletterAuthor Commented:
I do have two others, one for a spam filter behind the firewall and another for a web server outside our network.  I'm guessing both need to be adjusted and then leave the default to fqdn?
0
 
Dean_KletterAuthor Commented:
These are the receive/send connectors I have and where the FQDN points as well as the ports  Should I have another general receive connector?  Why are some emails getting out and others not?

Reveive Connectors:
Spam Filter - lan IP port 25 - server.domain.local
Client SERVER - all local port 587 - mail.domain.com
Default SERVER - all local port 25 - server.domain.local
Web Server - WAN IP port 25 - mail.domain.com

Send Connectors:
Send Mail - all local port 25 - mail.domain.com
0
 
Dean_KletterAuthor Commented:
to answer your last suggestion, my FQDN for the send connector was already as it should be...
0
 
kdgoodknechtCommented:
Are you getting an NDR back?
If you are what does the NDR say?
If not, then it is possible that your email is getting flagged as junk or unsolicited commecial email. Do you have SPF setup?
A simple SPF you can use if your outbound server is the same as your inbound server is
 "v=spf1 mx ~all"

Make sure your send and receive connectors HELO name matches the name on your PTR and that name matches the SMTP server on your MX record that points to an A record and not a CNAME record.

Doing this will help prevent your mail from being flagged as junk.
0
 
sunnyc7Commented:
www.testexchangeconnectivity.com/

Test for inbound and outbound SMTP
post back results from there.
0
 
Dean_KletterAuthor Commented:
Error from Inbound............      

        Testing Mail Exchanger mail.domain.com.
       One or more SMTP tests failed for this Mail Exchanger.
       
      Test Steps
       
      Attempting to resolve the host name mail.domain.com in DNS.
       Host successfully resolved
       
      Additional Details
       IP(s) returned: 17.16.98.14
      Testing TCP Port 25 on host mail.domain.com to ensure it is listening and open.
       The specified port is either blocked, not listening, or not producing the expected response.
        Tell me more about this issue and how to resolve it
       
      Additional Details
       A network error occurred while communicating with remote host
Exception details:
Message: No connection could be made because the target machine actively refused it 17.16.98.14:25
Type: System.Net.Sockets.SocketException
Stack trace:
at System.Net.Sockets.TcpClient.Connect(String hostname, Int32 port)
at Microsoft.Exchange.Tools.ExRca.Tests.TcpPortTest.PerformTestReally()

Error on outbound....

      
      Test Steps
       
      ExRCA is attempting to find the SPF record using a DNS TEXT record query.
       ExRCA wasn't able to find the SPF record.
       
      Additional Details
       No records were found.

Yes, I thought I set up an SPF, but I guess not..  I have a different incoming domain as we have a barracuda we filter all our mail through.  MX 10 and 20 are primary and secondary WAN ips for the barracuda and 30 and 40 are the primary and secondary FQDN for our servers WAN IP.  In addition we are hosting a couple of additional domains emails on this server.

I have network solution so I needed to add it as a text record.  Yes, the mail.domain.com is an A record, no CNAME.

v=spf1 mx ptr:secondarydomain.com mx ptr:thirddomain.com mx:mail.maindomain.com mx:mail2.maindomain2.com ip4:123.123.123.123 -all
0
 
endital1097Commented:
on your receive connector to you add anonymous to the permssionsgroup for the receive connector that internet connections use
0
 
Dean_KletterAuthor Commented:
The answer for my 4 receive connectors

Spam Filter - Yes
Client - No
Default - No
Web Server - No
0
 
endital1097Commented:
Okay, your spam receive connector uses the local domain and not the fqdn

Reveive Connectors:
Spam Filter - lan IP port 25 - server.domain.local
Client SERVER - all local port 587 - mail.domain.com
Default SERVER - all local port 25 - server.domain.local
Web Server - WAN IP port 25 - mail.domain.com
0
 
Dean_KletterAuthor Commented:
Yes, but again, this is my first exchange 2010 (or 2007 for that matter) deployment so I could have something screwy here.  
0
 
endital1097Commented:
You need to look at the remote IP ranges for your receive connectors
one of them should have the range
{::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff, 0.0.0.0-255.255.255.255}

this connector should have the anonymous permissions group enabled

Exception details:
Message: No connection could be made because the target machine actively refused it 17.16.98.14:25
0
 
Dean_KletterAuthor Commented:
I'm guessing this will be on port 25? Should it have the mail.domain.com as the FQDN?
0
 
endital1097Commented:
yes, your bindings for this connector will be with port 25
and it should have the mail.domain.com fqdn
0
 
Dean_KletterAuthor Commented:
Ok, I ran the smtp inbound and outbound tests again and only with the below error on outbound:

      Test Steps
       
      ExRCA is attempting to find the SPF record using a DNS TEXT record query.
       ExRCA wasn't able to find the SPF record.

So I probably have to correct that as well.  Now, however, I'm unable to telnet to port 25 of my domain to test.  It says connection actively refused.  But I could on legacy port 587
0
 
endital1097Commented:
you can create an SPF record on your external DNS server

to connect internally you need to check the remote ip ranges for the receive connectors
which ever connector matches your internal ip is the one you should be connecting to
0
 
sunnyc7Commented:
Who is your ISP - maybe they are blocking port 25 (if you are telnetting from home)
When you call an ISP and they say port 25 is allowed -> ask them if port 25 is allowed for only *their* SMTP servers.

For example comcast blocks all other SMTP other than smtp.optonline.net
0
 
endital1097Commented:
here's a site that can help with the spf record
http://www.openspf.org/
0
 
Dean_KletterAuthor Commented:
in regards to the SPF, this is what I have in TXT format now:

v=spf1 mx ptr:secondarydomain.com mx ptr:thirddomain.com mx:mail.maindomain.com mx:mail2.maindomain2.com ip4:123.123.123.123 -all

My incoming email is routed through my spam filter IP first
My outgoing server is the only IP which should be sending email
I have two additional domains email hosted on my server

First question is how close was I, i did use MS tool to develop?  Secondly, if it's right, why would is it not getting picked up by mxtoolbox and microsofts stmp outbound test?

I've tested telnet remotely from my home comptuer, which works and is on consumer comcast, but fails from a domain enviornment with a business grade T1.  Figures, at least I know its nothing with the server/firewall.

Thoughts on the SPF?
0
 
endital1097Commented:
sounds like your internal connections are hitting the wrong receive connector
you could also enable verbose logging on each to determine which one, then adjust the remote ip range accordingly

i would use a tool to verify your spf record
http://www.dnsquery.org/
0
 
Dean_KletterAuthor Commented:
The tool doesn't find any spf records, however since I'm on Network Solutions I need to enter as a TXT record, so I could be dropping the ball with how I enter it.

How many receive connectors do I really need?  There was the client SERVER and default SERVER originally and I added the other 2 for relay purposes.  Maybe I really only need the two defaults.  Here is what I have.,..

Spam Filter - LAN IP port 25 - server.domain.local
Client SERVER - all local port 587 - mail.domain.com
Default SERVER - all local port 25 - mail.domain.com
Web Server - WAN IP port 25 - mail.domain.com
0
 
endital1097Commented:
double check your records on network solutions, you should have the ability to create this record

in most instances you only need two, but it comes down to security and how you want to control SMTP connections to your server
i like to add a third for my internal systems, it makes debugging easier
0
 
sunnyc7Commented:
When was the last time you restarted the server ?
Can you try that and then test from www.testexchangeconnectivity.com

0
 
Dean_KletterAuthor Commented:
thanks guys, it was a combination of both of your ideas.  First being the smtp reciever and the second involving me accidentally adding the smtp server role to the server.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 13
  • 10
  • 3
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now