Solved

How to troubleshoot exchange server connectivity issue?

Posted on 2010-11-07
8
800 Views
Last Modified: 2012-05-10
user has exchange server 2003 in domain environment. Setup a user and email. The user can send out email but cannot receive any email. the NDR is
A message that you have sent could not be delivered to one or more recipients.  This is a permanent error.  The following address failed:
 <test@abc.com>: 550 "

I read this article http://support.microsoft.com/kb/153119. My questions:
1. How does each command can help me find out the problems?
2. and to telnet, I need to find out the exchange server fqdn or ip address, but it seems I cannot just telnet abc.com as sometime the exchange server not in the same location as exchange server. How can i find out the location of exchange server?
 
0
Comment
Question by:okamon
  • 4
  • 3
8 Comments
 
LVL 6

Assisted Solution

by:evanmcnally
evanmcnally earned 400 total points
ID: 34081340
To find the actual server address, you want to use nslookup and set type=mx.  Here's an example:
windu:~ evan$ nslookup
> set type=mx
> microsoft.com
Server:            192.168.2.3
Address:      192.168.2.3#53

Non-authoritative answer:
microsoft.com      mail exchanger = 10 mail.messaging.microsoft.com.

Authoritative answers can be found from:
mail.messaging.microsoft.com      internet address = 213.199.180.150
>

So the email server for the domain is mail.messaging.microsoft.com

So next to telnet:
telnet mail.abc.com 25

you should get a welcome banner from the server.

type:  
ehlo domainyouwanttosimulatesendingfrom.com
mail from:  youraddress@whatever.com
rcpt to: test@abc.com
data
<enter some text>
hit enter twice, then .  then enter again
you should see a message about your mail queued for delivery, or else an error.

As you go through steps, failures at a certain step indicate various problems.

Maybe give it a try and post your results?

ALSO, very important--most home internet accounts have port 25 blocked by the ISP.  So if you cannot telnet to abc.com, you should try a couple other domains and very your are not being blocked at the protocol level.  If possible, you could test the telnet from a remote email server, since it directly simulates communication between the two servers.
 
0
 

Author Comment

by:okamon
ID: 34081432
thank you very much! But some of my clients they also use mxlogic, it's kind of email filter service. So email has to be delivered to mxlogic first and then passed to their exchange server. So in this case, I will never be able to find out the real exchanger server fqdn/ip. i always get the fqdn of mxlogic, something like abc.com.inbound15.mxlogic.net. is there a way to find out?


So for the telnet, do you think some firewall able to just block telent but still leave port 25 open?
0
 
LVL 6

Assisted Solution

by:evanmcnally
evanmcnally earned 400 total points
ID: 34081475
From the server console, or possibly from the LAN it is on, you could go to http://whatismyip.com and it will give you the public IP address of your router.

You could check the mxlogic account, since it must know the address of the email server to forward the emails.

Are you sure the NDR is not being generated by mxlogic rather than the server itself?  Some email filtering services require a user to be configured on their side before they will forward to the real server.

An ISP would be blocking port 25 not standard telnet (which is port 23).  This is to stop viruses on home PCs from sending spam via smtp/email.  Around my part of the world, business accounts do not normally have port 25 blocked because the ISP assumes you will block it yourself on your own router.  For example, the only host on my LAN that can send outbound on port 25 is the LAN IP address of the email server.
0
 
LVL 16

Expert Comment

by:Postmaster
ID: 34081481
This is a handy page.
http://network-tools.com/

Select the email verification option and enter a valid SMTP address.
This will show MX record lookups and SMTP conversation - easier than typing all those SMTP commands.
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:okamon
ID: 34081696
>Are you sure the NDR is not being generated by mxlogic rather than the server itself?  Some email filtering services require a user to be configured on their side before they will forward to the real server.

It did sent out NDR report. but in order to use the smtp command, I still need to find out the real exchange server fqdn/ip right?

>An ISP would be blocking port 25 not standard telnet (which is port 23).  This is to stop viruses on home PCs from sending spam via smtp/email.

if they block port 25, how can home user to send out email? if it's a pop account, user use pop3 to download email and use smtp to send out email... not correct?

>business accounts do not normally have port 25 blocked because the ISP assumes you will block it yourself on your own router.

will any company block smtp port if they have mail server? mail server always need incoming and outgoing port 25 open right?

0
 
LVL 6

Accepted Solution

by:
evanmcnally earned 400 total points
ID: 34081964
>It did sent out NDR report. but in order to use the smtp command, I still need to find out the real exchange server fqdn/ip right?

The NDR will identify which server sent it.  That server is where your problem is.  So if the NDR says it is from an mxlogic server, then you should look there first.  If it says your abc.com server, then you can generally forget about mxlogic.

>if they block port 25, how can home user to send out email? if it's a pop account, user use pop3 to download email and use smtp to send out email... not correct?

You are correct--you have to be able to have outbound smtp on port 25 to send out email.  The ISPs block 25 to anything except their own mail servers.  So you can telnet port 25 to your own ISP's server, but not outside servers.  Not all ISPs block port 25, but it is very common.

>will any company block smtp port if they have mail server? mail server always need incoming and outgoing port 25 open right?

Correct, an email server needs port 25 in both directions to/from all other hosts (assuming a single server situation where one server both sends and receives, which is the norm in smaller companies).

Most spam email apparently comes from viruses/bot nets and such, so almost everyone will block port 25 as much as possible.  The idea is to only allow authorized email hosts to do their job, which mainly means limiting hosts that are not actual email servers (meaning corporate PCs, ISP home customers, etc).  Client machines generally only need permission to send to a single host which is their own email server.  So a typical ACL on an internet facing router says "allow SMTP to/from the email server, block all others"
0
 

Author Comment

by:okamon
ID: 34086897
I see... I think it sounds more like a restriction on port 25 rule not blocking the port.
So basically I think you mean is port 25 at client's network not blocked, it's just it can only connect to their ISP mail server not anything else. Is that correct? so in this case, they will not be able to run telnet test to other smtp server from their network??

And in previous reply, you told me that I can find out ip or fqdn from the server itself. I did that, but when I run the telnet in other location, I receive could not open connection to the host, on port 25: connection failed.
I got NDR from mxlogic - 550 5.1.1 User unknown So obviously I need to check mxlogic first. But I also want to try to telnet to the real exchange server, so what is wrong with the connection as I already found out the real exchnage ip??
0
 

Author Comment

by:okamon
ID: 34099142
hi evanmcnally, any idea?
0

Featured Post

Too many email signature updates to deal with?

Do you feel like you are taking up all of your time constantly visiting users’ desks to make changes to email signatures? Wish you could manage all signatures from one central location, easily design them and deploy them quickly to users? Well, there is an easy way!

Join & Write a Comment

Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

26 Experts available now in Live!

Get 1:1 Help Now