Solved

Exchange 2010 SP1 - Can receive but cannot send mail

Posted on 2010-09-14
24
972 Views
Last Modified: 2012-05-10
Hello there!

I have a fresh build of Server 2008 R2 with Exchange 2010 SP1 loaded. I have checked and re-checked all the prereqs, and have loaded my send connector for the internet (address space = * ). I thought that my ISP might be blocking outgoing mail so I changed the port as well. I see all my messages in the queue, they just won't go. I have no problems logging into OWA and receiving mail from various sources, but cannot send. I don't get any bounce backs or other errors that I can see. I've used the testexchangeconnectity site, and the SMTP tests reveal:

      ExRCA is attempting to find the SPF record using a DNS TEXT record query.
       ExRCA wasn't able to find the SPF record.

Other than that, I'm out of ideas- thanks for your insight!

Dane
0
Comment
Question by:dmsander
  • 10
  • 9
  • 3
  • +1
24 Comments
 
LVL 14

Expert Comment

by:Schnell Solutions
Comment Utility

Have you created "Send Connectors", what configuration do you have?
You can go to Exchange Management Shell and write
Get-SendConnectors | Format-List

And it can return the information about your configuration

Another thing,
Are you planning to send the emails directly from your IP address or across your ISP?

0
 

Author Comment

by:dmsander
Comment Utility
I'd like to send the mail directly, as my ISP doesn't let me use their outgoing servers with an address other than their own.


[PS] C:\Windows\system32>Get-SendConnector | Format-List

AddressSpaces                : {SMTP:*;1}
AuthenticationCredential     :
Comment                      :
ConnectedDomains             : {}
ConnectionInactivityTimeOut  : 00:10:00
DNSRoutingEnabled            : True
DomainSecureEnabled          : False
Enabled                      : True
ErrorPolicies                : Default
ForceHELO                    : False
Fqdn                         : mail.sandersen.org
HomeMTA                      : Microsoft MTA
HomeMtaServerId              : WEBBOX2
Identity                     : inet-mail
IgnoreSTARTTLS               : False
IsScopedConnector            : False
IsSmtpConnector              : True
LinkedReceiveConnector       :
MaxMessageSize               : 10 MB (10,485,760 bytes)
Name                         : inet-mail
Port                         : 25
ProtocolLoggingLevel         : None
RequireOorg                  : False
RequireTLS                   : False
SmartHostAuthMechanism       : None
SmartHosts                   : {}
SmartHostsString             :
SmtpMaxMessagesPerConnection : 20
SourceIPAddress              : 0.0.0.0
SourceRoutingGroup           : Exchange Routing Group (DWBGZMFD01QNBJR)
SourceTransportServers       : {WEBBOX2}
TlsAuthLevel                 :
TlsDomain                    :
UseExternalDNSServersEnabled : True

0
 
LVL 14

Expert Comment

by:Schnell Solutions
Comment Utility


The Send Connector configuration looks "Ok" for been able to send external emails

Can you try to telnet an External email server in order to check the followint things:
- That the O.S. firewall is not blocking port 25
- That the Antivirus or another software is not blocking port 25
- That your external firewall allows you to go to the internet using SMTP (TCP Port 25)

Follow this procedure:

(First install the telnet client, open Power Shell)
Import-Module ServerManager
Add-WindowsFeature Telnet-Client

(In order to try the telnet connection, open the command prompt or use Power Shell and write)

telnet 65.54.188.78 25


(In this example I have written the IP address of hotmail, you can try this one or write any server that you want)

It shall return a welcome message with the following information:

220 BAY0-PAMC1-F6.Bay0.hotmail.com Sending unsolicited commercial or bulk e-mail to Microsoft's computer network is prohibited. Other restrictions are found at http://privacy.msn.com/Anti-spam/. Violations will result in use of equipment located in California and other states. Bla... Bla... Bla...

Let us know the result


0
 

Author Comment

by:dmsander
Comment Utility
I made sure my firewalls allow 25.

Okay, so I've learned that my ISP completely locks down port 25. Is it possible to run this on another port? In Exchange powershell I ran the command:

Set-SendConnector -Identity inet-mail -port 28

But that didn't seem to work..
0
 
LVL 28

Expert Comment

by:sunnyc7
Comment Utility
from your DC can you get me this

dcdiag /v /e /TEST:DNS > c:\dcdiag.txt
Upload it here

Also check the guide here
http://www.exchangelog.info/2007/08/how-to-change-smtp-port-25-in-exchange.html

thanks
0
 

Author Comment

by:dmsander
Comment Utility
See attached.
dcdiag.txt
0
 
LVL 28

Expert Comment

by:sunnyc7
Comment Utility
is exchange 2010 directly connected on a public IP ?

Internet > Exchange ?

Usual configuration is
Internet > firewall > switch > exchange

Also exchange needs to be behind the firewall so that it can communicate with the DC
---
Your IP address shows that it's a public IP
Also it's a dynamic IP -probably through a ADSL/SDSL

You need to ask your ISP and get a public static IP
--
  IP address: 69.131.30.251, fe80::fcf3:a0c2:46eb:8feb
                     DNS servers:

                        127.0.0.1 (webbox2.sandersen.org.) [Valid]
                  The A host record(s) for this DC was found
                  The SOA record for the Active Directory zone was found
                  The Active Directory zone on this DC/DNS server was found primary
                  Root zone on this DC/DNS server was not found
                 
               TEST: Forwarders/Root hints (Forw)
                  Recursion is enabled
                  Forwarders Information:
                     216.165.129.158 (<name unavailable>) [Valid]
                     216.170.153.146 (<name unavailable>) [Valid]
                 
               TEST: Delegations (Del)
                  Delegation information for the zone: sandersen.org.
                     Delegated domain name: _msdcs.sandersen.org.
                        Warning: Delegation of DNS server webbox2.sandersen.org. is broken on IP:2002:4583:1efb::4583:1efb
                        DNS server: webbox2.sandersen.org. IP:69.131.30.251 [Valid]
                   
0
 

Author Comment

by:dmsander
Comment Utility
This "server" is directly connected to the Internet, with a public IP. While it's set to dynamic, the lease really doesn't expire (the IP is essentially static). Exchange is running on the DC- this is a small family implementation.

Can I use another port of outgoing messages?

---
Your IP address shows that it's a public IP
Also it's a dynamic IP -probably through a ADSL/SDSL

You need to ask your ISP and get a public static IP
0
 
LVL 28

Expert Comment

by:sunnyc7
Comment Utility
This setup is really not advisable.
where is your domain controller ? your exchange server needs to talk to the DC/GC to do ad-lookups.
0
 
LVL 28

Expert Comment

by:sunnyc7
Comment Utility
It leaves you open to so many things:
You will probably get attacked 30 times in a day through multiple spam / trojans bots

Usual configuration is
Internet > firewall > switch > exchange

Exchange is on a LAN IP of 192.168.1.10 etc
AD is on a LAN IP - 192.168.1.20

Port-forwarding is set in firewall for 25 80 443 to lan ip of exchange server.
0
 

Author Comment

by:dmsander
Comment Utility
Exchange is running on the DC. I know this is all not advisable. This is a very, very small implementation- I think it will be okay.
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 28

Expert Comment

by:sunnyc7
Comment Utility
It wont be.
You will get hacked before you know it - they will drop some really small mail relays and use your exchange server to spam. Your IP will get blacklisted and your ISP will call you and ask if you are spamming.

this setup is very very risky.
You need a firewall
Sonicwall TZ - early series / anything will do.

Even if it is for 3 users.
0
 

Author Comment

by:dmsander
Comment Utility
I have a hardware firewall that passes the real IP, and symantec endpoint protection running on the server. Thanks for the insight on the security- Do you have any advice on why my mail won't send?
0
 
LVL 28

Expert Comment

by:sunnyc7
Comment Utility
Go here
www.testexchangeconnectivity.com/

Test for outbound SMTP
Please post back the errors from there.

thanks
0
 
LVL 14

Expert Comment

by:Schnell Solutions
Comment Utility
you need to have outgoing access by port 25. And you shall not change it because the standard port is 25, so this is the port that the other servers have configured

You shall ask to your ISP to open the TCP port 25 in order to be able to outgoing emails


0
 
LVL 28

Expert Comment

by:sunnyc7
Comment Utility
ISP's usually wont open port 25.

So you will have to ask your ISP for the smarthost config - so that you can relay off their SMTP server.

Also you need a PTR record for reverse DNS setup and I am wondering how you will do that without a fixed IP.
0
 

Author Comment

by:dmsander
Comment Utility
I've used the testexchangeconnectity site, and the SMTP tests reveal:

      ExRCA is attempting to find the SPF record using a DNS TEXT record query.
       ExRCA wasn't able to find the SPF record.

If I can't open port 25, does anyone know of other smart hosts that are available?
0
 
LVL 28

Expert Comment

by:sunnyc7
Comment Utility
Your ISP should be able to provide you one

Mxtoolbox also has a smarthost solution.
http://community.mxtoolbox.com/blog/2009/03/04/what-blacklists-are-and-how-mxtoolbox-helps/
0
 

Author Comment

by:dmsander
Comment Utility
Update: I spoke with my ISP- It is confirmed that port 25 is completely blocked. However, the technician suggested that I not send from port 25, but using SSL and TLS on their ports. Does anyone know how to set those up?
0
 
LVL 28

Expert Comment

by:sunnyc7
Comment Utility
Can you check with them about a smarthost to relay emails.
If they dont have one - ask them if you can relay off other smarthosts ?
0
 

Author Comment

by:dmsander
Comment Utility
It is possible if I get upgraded service or purchase a host somewhere. I would like to configure outgoing mail to process over tls and ssl ports instead of 25. Any ideas?
0
 
LVL 28

Accepted Solution

by:
sunnyc7 earned 500 total points
Comment Utility
Check with your ISP if they have a smarthost service
or you can use one form www.mxtoolbox.com

I will see if there are other options available and post back later.
0
 
LVL 74

Expert Comment

by:Glen Knight
Comment Utility
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now