Solved

Exchange 2010 SP1 - Can receive but cannot send mail

Posted on 2010-09-14
24
986 Views
Last Modified: 2012-05-10
Hello there!

I have a fresh build of Server 2008 R2 with Exchange 2010 SP1 loaded. I have checked and re-checked all the prereqs, and have loaded my send connector for the internet (address space = * ). I thought that my ISP might be blocking outgoing mail so I changed the port as well. I see all my messages in the queue, they just won't go. I have no problems logging into OWA and receiving mail from various sources, but cannot send. I don't get any bounce backs or other errors that I can see. I've used the testexchangeconnectity site, and the SMTP tests reveal:

      ExRCA is attempting to find the SPF record using a DNS TEXT record query.
       ExRCA wasn't able to find the SPF record.

Other than that, I'm out of ideas- thanks for your insight!

Dane
0
Comment
Question by:dmsander
  • 10
  • 9
  • 3
  • +1
24 Comments
 
LVL 14

Expert Comment

by:Schnell Solutions
ID: 33674944

Have you created "Send Connectors", what configuration do you have?
You can go to Exchange Management Shell and write
Get-SendConnectors | Format-List

And it can return the information about your configuration

Another thing,
Are you planning to send the emails directly from your IP address or across your ISP?

0
 

Author Comment

by:dmsander
ID: 33675046
I'd like to send the mail directly, as my ISP doesn't let me use their outgoing servers with an address other than their own.


[PS] C:\Windows\system32>Get-SendConnector | Format-List

AddressSpaces                : {SMTP:*;1}
AuthenticationCredential     :
Comment                      :
ConnectedDomains             : {}
ConnectionInactivityTimeOut  : 00:10:00
DNSRoutingEnabled            : True
DomainSecureEnabled          : False
Enabled                      : True
ErrorPolicies                : Default
ForceHELO                    : False
Fqdn                         : mail.sandersen.org
HomeMTA                      : Microsoft MTA
HomeMtaServerId              : WEBBOX2
Identity                     : inet-mail
IgnoreSTARTTLS               : False
IsScopedConnector            : False
IsSmtpConnector              : True
LinkedReceiveConnector       :
MaxMessageSize               : 10 MB (10,485,760 bytes)
Name                         : inet-mail
Port                         : 25
ProtocolLoggingLevel         : None
RequireOorg                  : False
RequireTLS                   : False
SmartHostAuthMechanism       : None
SmartHosts                   : {}
SmartHostsString             :
SmtpMaxMessagesPerConnection : 20
SourceIPAddress              : 0.0.0.0
SourceRoutingGroup           : Exchange Routing Group (DWBGZMFD01QNBJR)
SourceTransportServers       : {WEBBOX2}
TlsAuthLevel                 :
TlsDomain                    :
UseExternalDNSServersEnabled : True

0
 
LVL 14

Expert Comment

by:Schnell Solutions
ID: 33675219


The Send Connector configuration looks "Ok" for been able to send external emails

Can you try to telnet an External email server in order to check the followint things:
- That the O.S. firewall is not blocking port 25
- That the Antivirus or another software is not blocking port 25
- That your external firewall allows you to go to the internet using SMTP (TCP Port 25)

Follow this procedure:

(First install the telnet client, open Power Shell)
Import-Module ServerManager
Add-WindowsFeature Telnet-Client

(In order to try the telnet connection, open the command prompt or use Power Shell and write)

telnet 65.54.188.78 25


(In this example I have written the IP address of hotmail, you can try this one or write any server that you want)

It shall return a welcome message with the following information:

220 BAY0-PAMC1-F6.Bay0.hotmail.com Sending unsolicited commercial or bulk e-mail to Microsoft's computer network is prohibited. Other restrictions are found at http://privacy.msn.com/Anti-spam/. Violations will result in use of equipment located in California and other states. Bla... Bla... Bla...

Let us know the result


0
 

Author Comment

by:dmsander
ID: 33675693
I made sure my firewalls allow 25.

Okay, so I've learned that my ISP completely locks down port 25. Is it possible to run this on another port? In Exchange powershell I ran the command:

Set-SendConnector -Identity inet-mail -port 28

But that didn't seem to work..
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33675927
from your DC can you get me this

dcdiag /v /e /TEST:DNS > c:\dcdiag.txt
Upload it here

Also check the guide here
http://www.exchangelog.info/2007/08/how-to-change-smtp-port-25-in-exchange.html

thanks
0
 

Author Comment

by:dmsander
ID: 33676287
See attached.
dcdiag.txt
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33676395
is exchange 2010 directly connected on a public IP ?

Internet > Exchange ?

Usual configuration is
Internet > firewall > switch > exchange

Also exchange needs to be behind the firewall so that it can communicate with the DC
---
Your IP address shows that it's a public IP
Also it's a dynamic IP -probably through a ADSL/SDSL

You need to ask your ISP and get a public static IP
--
  IP address: 69.131.30.251, fe80::fcf3:a0c2:46eb:8feb
                     DNS servers:

                        127.0.0.1 (webbox2.sandersen.org.) [Valid]
                  The A host record(s) for this DC was found
                  The SOA record for the Active Directory zone was found
                  The Active Directory zone on this DC/DNS server was found primary
                  Root zone on this DC/DNS server was not found
                 
               TEST: Forwarders/Root hints (Forw)
                  Recursion is enabled
                  Forwarders Information:
                     216.165.129.158 (<name unavailable>) [Valid]
                     216.170.153.146 (<name unavailable>) [Valid]
                 
               TEST: Delegations (Del)
                  Delegation information for the zone: sandersen.org.
                     Delegated domain name: _msdcs.sandersen.org.
                        Warning: Delegation of DNS server webbox2.sandersen.org. is broken on IP:2002:4583:1efb::4583:1efb
                        DNS server: webbox2.sandersen.org. IP:69.131.30.251 [Valid]
                   
0
 

Author Comment

by:dmsander
ID: 33676558
This "server" is directly connected to the Internet, with a public IP. While it's set to dynamic, the lease really doesn't expire (the IP is essentially static). Exchange is running on the DC- this is a small family implementation.

Can I use another port of outgoing messages?

---
Your IP address shows that it's a public IP
Also it's a dynamic IP -probably through a ADSL/SDSL

You need to ask your ISP and get a public static IP
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33676574
This setup is really not advisable.
where is your domain controller ? your exchange server needs to talk to the DC/GC to do ad-lookups.
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33676588
It leaves you open to so many things:
You will probably get attacked 30 times in a day through multiple spam / trojans bots

Usual configuration is
Internet > firewall > switch > exchange

Exchange is on a LAN IP of 192.168.1.10 etc
AD is on a LAN IP - 192.168.1.20

Port-forwarding is set in firewall for 25 80 443 to lan ip of exchange server.
0
 

Author Comment

by:dmsander
ID: 33676597
Exchange is running on the DC. I know this is all not advisable. This is a very, very small implementation- I think it will be okay.
0
Free book by J.Peter Bruzzese, Microsoft MVP

Are you using Office 365? Trying to set up email signatures but you’re struggling with transport rules and connectors? Let renowned Microsoft MVP J.Peter Bruzzese show you how in this exclusive e-book on Office 365 email signatures. Better yet, it’s free!

 
LVL 28

Expert Comment

by:sunnyc7
ID: 33676620
It wont be.
You will get hacked before you know it - they will drop some really small mail relays and use your exchange server to spam. Your IP will get blacklisted and your ISP will call you and ask if you are spamming.

this setup is very very risky.
You need a firewall
Sonicwall TZ - early series / anything will do.

Even if it is for 3 users.
0
 

Author Comment

by:dmsander
ID: 33676664
I have a hardware firewall that passes the real IP, and symantec endpoint protection running on the server. Thanks for the insight on the security- Do you have any advice on why my mail won't send?
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33676677
Go here
www.testexchangeconnectivity.com/

Test for outbound SMTP
Please post back the errors from there.

thanks
0
 
LVL 14

Expert Comment

by:Schnell Solutions
ID: 33676712
you need to have outgoing access by port 25. And you shall not change it because the standard port is 25, so this is the port that the other servers have configured

You shall ask to your ISP to open the TCP port 25 in order to be able to outgoing emails


0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33676732
ISP's usually wont open port 25.

So you will have to ask your ISP for the smarthost config - so that you can relay off their SMTP server.

Also you need a PTR record for reverse DNS setup and I am wondering how you will do that without a fixed IP.
0
 

Author Comment

by:dmsander
ID: 33676787
I've used the testexchangeconnectity site, and the SMTP tests reveal:

      ExRCA is attempting to find the SPF record using a DNS TEXT record query.
       ExRCA wasn't able to find the SPF record.

If I can't open port 25, does anyone know of other smart hosts that are available?
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33676824
Your ISP should be able to provide you one

Mxtoolbox also has a smarthost solution.
http://community.mxtoolbox.com/blog/2009/03/04/what-blacklists-are-and-how-mxtoolbox-helps/
0
 

Author Comment

by:dmsander
ID: 33678635
Update: I spoke with my ISP- It is confirmed that port 25 is completely blocked. However, the technician suggested that I not send from port 25, but using SSL and TLS on their ports. Does anyone know how to set those up?
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33678653
Can you check with them about a smarthost to relay emails.
If they dont have one - ask them if you can relay off other smarthosts ?
0
 

Author Comment

by:dmsander
ID: 33678709
It is possible if I get upgraded service or purchase a host somewhere. I would like to configure outgoing mail to process over tls and ssl ports instead of 25. Any ideas?
0
 
LVL 28

Accepted Solution

by:
sunnyc7 earned 500 total points
ID: 33678722
Check with your ISP if they have a smarthost service
or you can use one form www.mxtoolbox.com

I will see if there are other options available and post back later.
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 34740746
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.
0

Featured Post

Why won’t your email signature format correctly?

Struggling to get your corporate email signatures to format correctly? Does the logo keep resizing? Is the text appearing too big? What can you do to prevent this? Find out how you can save your signatures today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now