Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Exchange 2010 SP1 - Can receive but cannot send mail

Posted on 2010-09-14
24
Medium Priority
?
1,026 Views
Last Modified: 2012-05-10
Hello there!

I have a fresh build of Server 2008 R2 with Exchange 2010 SP1 loaded. I have checked and re-checked all the prereqs, and have loaded my send connector for the internet (address space = * ). I thought that my ISP might be blocking outgoing mail so I changed the port as well. I see all my messages in the queue, they just won't go. I have no problems logging into OWA and receiving mail from various sources, but cannot send. I don't get any bounce backs or other errors that I can see. I've used the testexchangeconnectity site, and the SMTP tests reveal:

      ExRCA is attempting to find the SPF record using a DNS TEXT record query.
       ExRCA wasn't able to find the SPF record.

Other than that, I'm out of ideas- thanks for your insight!

Dane
0
Comment
Question by:dmsander
  • 10
  • 9
  • 3
  • +1
23 Comments
 
LVL 14

Expert Comment

by:Schnell Solutions
ID: 33674944

Have you created "Send Connectors", what configuration do you have?
You can go to Exchange Management Shell and write
Get-SendConnectors | Format-List

And it can return the information about your configuration

Another thing,
Are you planning to send the emails directly from your IP address or across your ISP?

0
 

Author Comment

by:dmsander
ID: 33675046
I'd like to send the mail directly, as my ISP doesn't let me use their outgoing servers with an address other than their own.


[PS] C:\Windows\system32>Get-SendConnector | Format-List

AddressSpaces                : {SMTP:*;1}
AuthenticationCredential     :
Comment                      :
ConnectedDomains             : {}
ConnectionInactivityTimeOut  : 00:10:00
DNSRoutingEnabled            : True
DomainSecureEnabled          : False
Enabled                      : True
ErrorPolicies                : Default
ForceHELO                    : False
Fqdn                         : mail.sandersen.org
HomeMTA                      : Microsoft MTA
HomeMtaServerId              : WEBBOX2
Identity                     : inet-mail
IgnoreSTARTTLS               : False
IsScopedConnector            : False
IsSmtpConnector              : True
LinkedReceiveConnector       :
MaxMessageSize               : 10 MB (10,485,760 bytes)
Name                         : inet-mail
Port                         : 25
ProtocolLoggingLevel         : None
RequireOorg                  : False
RequireTLS                   : False
SmartHostAuthMechanism       : None
SmartHosts                   : {}
SmartHostsString             :
SmtpMaxMessagesPerConnection : 20
SourceIPAddress              : 0.0.0.0
SourceRoutingGroup           : Exchange Routing Group (DWBGZMFD01QNBJR)
SourceTransportServers       : {WEBBOX2}
TlsAuthLevel                 :
TlsDomain                    :
UseExternalDNSServersEnabled : True

0
 
LVL 14

Expert Comment

by:Schnell Solutions
ID: 33675219


The Send Connector configuration looks "Ok" for been able to send external emails

Can you try to telnet an External email server in order to check the followint things:
- That the O.S. firewall is not blocking port 25
- That the Antivirus or another software is not blocking port 25
- That your external firewall allows you to go to the internet using SMTP (TCP Port 25)

Follow this procedure:

(First install the telnet client, open Power Shell)
Import-Module ServerManager
Add-WindowsFeature Telnet-Client

(In order to try the telnet connection, open the command prompt or use Power Shell and write)

telnet 65.54.188.78 25


(In this example I have written the IP address of hotmail, you can try this one or write any server that you want)

It shall return a welcome message with the following information:

220 BAY0-PAMC1-F6.Bay0.hotmail.com Sending unsolicited commercial or bulk e-mail to Microsoft's computer network is prohibited. Other restrictions are found at http://privacy.msn.com/Anti-spam/. Violations will result in use of equipment located in California and other states. Bla... Bla... Bla...

Let us know the result


0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 

Author Comment

by:dmsander
ID: 33675693
I made sure my firewalls allow 25.

Okay, so I've learned that my ISP completely locks down port 25. Is it possible to run this on another port? In Exchange powershell I ran the command:

Set-SendConnector -Identity inet-mail -port 28

But that didn't seem to work..
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33675927
from your DC can you get me this

dcdiag /v /e /TEST:DNS > c:\dcdiag.txt
Upload it here

Also check the guide here
http://www.exchangelog.info/2007/08/how-to-change-smtp-port-25-in-exchange.html

thanks
0
 

Author Comment

by:dmsander
ID: 33676287
See attached.
dcdiag.txt
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33676395
is exchange 2010 directly connected on a public IP ?

Internet > Exchange ?

Usual configuration is
Internet > firewall > switch > exchange

Also exchange needs to be behind the firewall so that it can communicate with the DC
---
Your IP address shows that it's a public IP
Also it's a dynamic IP -probably through a ADSL/SDSL

You need to ask your ISP and get a public static IP
--
  IP address: 69.131.30.251, fe80::fcf3:a0c2:46eb:8feb
                     DNS servers:

                        127.0.0.1 (webbox2.sandersen.org.) [Valid]
                  The A host record(s) for this DC was found
                  The SOA record for the Active Directory zone was found
                  The Active Directory zone on this DC/DNS server was found primary
                  Root zone on this DC/DNS server was not found
                 
               TEST: Forwarders/Root hints (Forw)
                  Recursion is enabled
                  Forwarders Information:
                     216.165.129.158 (<name unavailable>) [Valid]
                     216.170.153.146 (<name unavailable>) [Valid]
                 
               TEST: Delegations (Del)
                  Delegation information for the zone: sandersen.org.
                     Delegated domain name: _msdcs.sandersen.org.
                        Warning: Delegation of DNS server webbox2.sandersen.org. is broken on IP:2002:4583:1efb::4583:1efb
                        DNS server: webbox2.sandersen.org. IP:69.131.30.251 [Valid]
                   
0
 

Author Comment

by:dmsander
ID: 33676558
This "server" is directly connected to the Internet, with a public IP. While it's set to dynamic, the lease really doesn't expire (the IP is essentially static). Exchange is running on the DC- this is a small family implementation.

Can I use another port of outgoing messages?

---
Your IP address shows that it's a public IP
Also it's a dynamic IP -probably through a ADSL/SDSL

You need to ask your ISP and get a public static IP
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33676574
This setup is really not advisable.
where is your domain controller ? your exchange server needs to talk to the DC/GC to do ad-lookups.
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33676588
It leaves you open to so many things:
You will probably get attacked 30 times in a day through multiple spam / trojans bots

Usual configuration is
Internet > firewall > switch > exchange

Exchange is on a LAN IP of 192.168.1.10 etc
AD is on a LAN IP - 192.168.1.20

Port-forwarding is set in firewall for 25 80 443 to lan ip of exchange server.
0
 

Author Comment

by:dmsander
ID: 33676597
Exchange is running on the DC. I know this is all not advisable. This is a very, very small implementation- I think it will be okay.
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33676620
It wont be.
You will get hacked before you know it - they will drop some really small mail relays and use your exchange server to spam. Your IP will get blacklisted and your ISP will call you and ask if you are spamming.

this setup is very very risky.
You need a firewall
Sonicwall TZ - early series / anything will do.

Even if it is for 3 users.
0
 

Author Comment

by:dmsander
ID: 33676664
I have a hardware firewall that passes the real IP, and symantec endpoint protection running on the server. Thanks for the insight on the security- Do you have any advice on why my mail won't send?
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33676677
Go here
www.testexchangeconnectivity.com/

Test for outbound SMTP
Please post back the errors from there.

thanks
0
 
LVL 14

Expert Comment

by:Schnell Solutions
ID: 33676712
you need to have outgoing access by port 25. And you shall not change it because the standard port is 25, so this is the port that the other servers have configured

You shall ask to your ISP to open the TCP port 25 in order to be able to outgoing emails


0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33676732
ISP's usually wont open port 25.

So you will have to ask your ISP for the smarthost config - so that you can relay off their SMTP server.

Also you need a PTR record for reverse DNS setup and I am wondering how you will do that without a fixed IP.
0
 

Author Comment

by:dmsander
ID: 33676787
I've used the testexchangeconnectity site, and the SMTP tests reveal:

      ExRCA is attempting to find the SPF record using a DNS TEXT record query.
       ExRCA wasn't able to find the SPF record.

If I can't open port 25, does anyone know of other smart hosts that are available?
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33676824
Your ISP should be able to provide you one

Mxtoolbox also has a smarthost solution.
http://community.mxtoolbox.com/blog/2009/03/04/what-blacklists-are-and-how-mxtoolbox-helps/
0
 

Author Comment

by:dmsander
ID: 33678635
Update: I spoke with my ISP- It is confirmed that port 25 is completely blocked. However, the technician suggested that I not send from port 25, but using SSL and TLS on their ports. Does anyone know how to set those up?
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33678653
Can you check with them about a smarthost to relay emails.
If they dont have one - ask them if you can relay off other smarthosts ?
0
 

Author Comment

by:dmsander
ID: 33678709
It is possible if I get upgraded service or purchase a host somewhere. I would like to configure outgoing mail to process over tls and ssl ports instead of 25. Any ideas?
0
 
LVL 28

Accepted Solution

by:
sunnyc7 earned 2000 total points
ID: 33678722
Check with your ISP if they have a smarthost service
or you can use one form www.mxtoolbox.com

I will see if there are other options available and post back later.
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 34740746
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The main intent of this article is to make you aware of ‘Exchange fail to mount’ error, its effects, causes, and solution.
Mailbox Corruption is a nightmare every Exchange DBA wishes he never has. Recovering from it can be super-hectic if not entirely futile. And though techniques like the New-MailboxRepairRequest cmdlet have been designed to help with fixing minor corr…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
Whether it be Exchange Server Crash Issues, Dirty Shutdown Errors or Failed to mount error, Stellar Phoenix Mailbox Exchange Recovery has always got your back. With the help of its easy to understand user interface and 3 simple steps recovery proced…
Suggested Courses

879 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question