Solved

New Exchange 2010 installation having issues sending mail

Posted on 2010-09-01
27
533 Views
Last Modified: 2012-05-10
Although mail is flowing from the exchange server to the outside world.  I believe there is an issue on my end preventing it from being delivered to some servers.  Specifically google and hotmail, but will go to my private domain emails no problems.

When i go to mxtoolbox it says my rDNS doesn't mach my smtp banner.  I verified with ptr my ip resolves to the public domain of my mail server.  I put a text srv record on my DNS.  I changed the FQDN of the banner displayed on the smtp receive connector.  Any suggestions?

I think my emails are being flagged as not authenticated or something else is flagging them at these big mail server's spam filtration devices.

Thanks!
0
Comment
Question by:Dean_Kletter
  • 13
  • 10
  • 3
  • +1
27 Comments
 
LVL 32

Expert Comment

by:endital1097
ID: 33578417
you need to update the receive connector with the fqdn value of your ptr record
set-receiveconnector "Connector Name" -Fqdn mail.yourdomain.com
0
 

Author Comment

by:Dean_Kletter
ID: 33578438
the default or client? I went with the default, but I believe that i had already changed that using the GUI.  Or is this different?
0
 

Author Comment

by:Dean_Kletter
ID: 33578451
I ran the command and it said 'no changes were made' so I guess that was already addressed via the GUI
0
 
LVL 32

Expert Comment

by:endital1097
ID: 33578470
yes, you would update the default receive connector unless you had created another for anonymous connections

is this inbound or outbound issue?
if it is outbound you'll also want to update your send connector
0
 

Author Comment

by:Dean_Kletter
ID: 33578504
I do have two others, one for a spam filter behind the firewall and another for a web server outside our network.  I'm guessing both need to be adjusted and then leave the default to fqdn?
0
 

Author Comment

by:Dean_Kletter
ID: 33578569
These are the receive/send connectors I have and where the FQDN points as well as the ports  Should I have another general receive connector?  Why are some emails getting out and others not?

Reveive Connectors:
Spam Filter - lan IP port 25 - server.domain.local
Client SERVER - all local port 587 - mail.domain.com
Default SERVER - all local port 25 - server.domain.local
Web Server - WAN IP port 25 - mail.domain.com

Send Connectors:
Send Mail - all local port 25 - mail.domain.com
0
 

Author Comment

by:Dean_Kletter
ID: 33578579
to answer your last suggestion, my FQDN for the send connector was already as it should be...
0
 
LVL 4

Expert Comment

by:kdgoodknecht
ID: 33578659
Are you getting an NDR back?
If you are what does the NDR say?
If not, then it is possible that your email is getting flagged as junk or unsolicited commecial email. Do you have SPF setup?
A simple SPF you can use if your outbound server is the same as your inbound server is
 "v=spf1 mx ~all"

Make sure your send and receive connectors HELO name matches the name on your PTR and that name matches the SMTP server on your MX record that points to an A record and not a CNAME record.

Doing this will help prevent your mail from being flagged as junk.
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33578671
www.testexchangeconnectivity.com/

Test for inbound and outbound SMTP
post back results from there.
0
 

Author Comment

by:Dean_Kletter
ID: 33578820
Error from Inbound............      

        Testing Mail Exchanger mail.domain.com.
       One or more SMTP tests failed for this Mail Exchanger.
       
      Test Steps
       
      Attempting to resolve the host name mail.domain.com in DNS.
       Host successfully resolved
       
      Additional Details
       IP(s) returned: 17.16.98.14
      Testing TCP Port 25 on host mail.domain.com to ensure it is listening and open.
       The specified port is either blocked, not listening, or not producing the expected response.
        Tell me more about this issue and how to resolve it
       
      Additional Details
       A network error occurred while communicating with remote host
Exception details:
Message: No connection could be made because the target machine actively refused it 17.16.98.14:25
Type: System.Net.Sockets.SocketException
Stack trace:
at System.Net.Sockets.TcpClient.Connect(String hostname, Int32 port)
at Microsoft.Exchange.Tools.ExRca.Tests.TcpPortTest.PerformTestReally()

Error on outbound....

      
      Test Steps
       
      ExRCA is attempting to find the SPF record using a DNS TEXT record query.
       ExRCA wasn't able to find the SPF record.
       
      Additional Details
       No records were found.

Yes, I thought I set up an SPF, but I guess not..  I have a different incoming domain as we have a barracuda we filter all our mail through.  MX 10 and 20 are primary and secondary WAN ips for the barracuda and 30 and 40 are the primary and secondary FQDN for our servers WAN IP.  In addition we are hosting a couple of additional domains emails on this server.

I have network solution so I needed to add it as a text record.  Yes, the mail.domain.com is an A record, no CNAME.

v=spf1 mx ptr:secondarydomain.com mx ptr:thirddomain.com mx:mail.maindomain.com mx:mail2.maindomain2.com ip4:123.123.123.123 -all
0
 
LVL 32

Expert Comment

by:endital1097
ID: 33578860
on your receive connector to you add anonymous to the permssionsgroup for the receive connector that internet connections use
0
 

Author Comment

by:Dean_Kletter
ID: 33578895
The answer for my 4 receive connectors

Spam Filter - Yes
Client - No
Default - No
Web Server - No
0
 
LVL 32

Expert Comment

by:endital1097
ID: 33578906
Okay, your spam receive connector uses the local domain and not the fqdn

Reveive Connectors:
Spam Filter - lan IP port 25 - server.domain.local
Client SERVER - all local port 587 - mail.domain.com
Default SERVER - all local port 25 - server.domain.local
Web Server - WAN IP port 25 - mail.domain.com
0
Wish Marketing would stop bothering you?

Is your marketing department constantly asking for new email signature updates? Are they requesting a different design for every department? Do they need yet another banner added? Don’t let it get you down! There is an easy way to manage all of these requests...

 

Author Comment

by:Dean_Kletter
ID: 33578930
Yes, but again, this is my first exchange 2010 (or 2007 for that matter) deployment so I could have something screwy here.  
0
 
LVL 32

Expert Comment

by:endital1097
ID: 33578983
You need to look at the remote IP ranges for your receive connectors
one of them should have the range
{::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff, 0.0.0.0-255.255.255.255}

this connector should have the anonymous permissions group enabled

Exception details:
Message: No connection could be made because the target machine actively refused it 17.16.98.14:25
0
 

Author Comment

by:Dean_Kletter
ID: 33579087
I'm guessing this will be on port 25? Should it have the mail.domain.com as the FQDN?
0
 
LVL 32

Expert Comment

by:endital1097
ID: 33579099
yes, your bindings for this connector will be with port 25
and it should have the mail.domain.com fqdn
0
 

Author Comment

by:Dean_Kletter
ID: 33579783
Ok, I ran the smtp inbound and outbound tests again and only with the below error on outbound:

      Test Steps
       
      ExRCA is attempting to find the SPF record using a DNS TEXT record query.
       ExRCA wasn't able to find the SPF record.

So I probably have to correct that as well.  Now, however, I'm unable to telnet to port 25 of my domain to test.  It says connection actively refused.  But I could on legacy port 587
0
 
LVL 32

Expert Comment

by:endital1097
ID: 33579862
you can create an SPF record on your external DNS server

to connect internally you need to check the remote ip ranges for the receive connectors
which ever connector matches your internal ip is the one you should be connecting to
0
 
LVL 28

Accepted Solution

by:
sunnyc7 earned 250 total points
ID: 33579866
Who is your ISP - maybe they are blocking port 25 (if you are telnetting from home)
When you call an ISP and they say port 25 is allowed -> ask them if port 25 is allowed for only *their* SMTP servers.

For example comcast blocks all other SMTP other than smtp.optonline.net
0
 
LVL 32

Expert Comment

by:endital1097
ID: 33579873
here's a site that can help with the spf record
http://www.openspf.org/
0
 

Author Comment

by:Dean_Kletter
ID: 33579965
in regards to the SPF, this is what I have in TXT format now:

v=spf1 mx ptr:secondarydomain.com mx ptr:thirddomain.com mx:mail.maindomain.com mx:mail2.maindomain2.com ip4:123.123.123.123 -all

My incoming email is routed through my spam filter IP first
My outgoing server is the only IP which should be sending email
I have two additional domains email hosted on my server

First question is how close was I, i did use MS tool to develop?  Secondly, if it's right, why would is it not getting picked up by mxtoolbox and microsofts stmp outbound test?

I've tested telnet remotely from my home comptuer, which works and is on consumer comcast, but fails from a domain enviornment with a business grade T1.  Figures, at least I know its nothing with the server/firewall.

Thoughts on the SPF?
0
 
LVL 32

Expert Comment

by:endital1097
ID: 33580197
sounds like your internal connections are hitting the wrong receive connector
you could also enable verbose logging on each to determine which one, then adjust the remote ip range accordingly

i would use a tool to verify your spf record
http://www.dnsquery.org/
0
 

Author Comment

by:Dean_Kletter
ID: 33580691
The tool doesn't find any spf records, however since I'm on Network Solutions I need to enter as a TXT record, so I could be dropping the ball with how I enter it.

How many receive connectors do I really need?  There was the client SERVER and default SERVER originally and I added the other 2 for relay purposes.  Maybe I really only need the two defaults.  Here is what I have.,..

Spam Filter - LAN IP port 25 - server.domain.local
Client SERVER - all local port 587 - mail.domain.com
Default SERVER - all local port 25 - mail.domain.com
Web Server - WAN IP port 25 - mail.domain.com
0
 
LVL 32

Assisted Solution

by:endital1097
endital1097 earned 250 total points
ID: 33580821
double check your records on network solutions, you should have the ability to create this record

in most instances you only need two, but it comes down to security and how you want to control SMTP connections to your server
i like to add a third for my internal systems, it makes debugging easier
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33581094
When was the last time you restarted the server ?
Can you try that and then test from www.testexchangeconnectivity.com

0
 

Author Closing Comment

by:Dean_Kletter
ID: 33607350
thanks guys, it was a combination of both of your ideas.  First being the smtp reciever and the second involving me accidentally adding the smtp server role to the server.
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

We are happy to announce a brand new addition to our line of acclaimed email signature management products – CodeTwo Email Signatures for Office 365.
Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now