Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Exchange 2010 is unable to receive emails but is able to send them.

Posted on 2010-11-11
14
Medium Priority
?
2,150 Views
Last Modified: 2012-05-10
I'm having issues with our exchange 2010 server not being able to receive emails. Sending emails works without any issues. Here is the breakdown.

-A fresh install of Exchange 2010 running on server 2008 R2 on a stand alone box.
-We do not run Edge in our environment
-Domain is a fresh build, standalone, does not have any trusts configured.
-Event logs for DC's and Exchange server is clean. No warnings or errors whatsoever.
-DNS is resolving everything without any issues
-BPA comes back clean
-Transport Connectors are configured correctly (as far as I know).
-All external mail comes through our fortimail, and is being handed off to the exchange server via port 25.
-I've verified that our spamfilter (IE fortimail) is getting the emails, allowing them and is forwarding them to the exchange server.
-Sending emails internally and externally all work without a problem. It's only when receiving from outside of the organization.

- I get the following error kicked back to me:
----- Transcript of session follows -----
<xyz@company.com>... Deferred: Connection timed out with company.com.
Warning: message still undelivered after 4 hours
Will keep trying until message is 5 days old

Final-Recipient: RFC822; xyz@company.com
Action: delayed
Status: 4.4.1
Remote-MTA: DNS; company.com

Let me know if you need any more information.
0
Comment
Question by:asuring
  • 7
  • 4
  • 2
  • +1
14 Comments
 
LVL 17

Expert Comment

by:James Haywood
ID: 34115551
Have you set up and configured a receive connector?
0
 
LVL 6

Expert Comment

by:linraf
ID: 34115977
Have you checked your port forwarding in your router?
Is fortimail sending on port 25 , or an alternate port?
have you tried a manual telnet to the server from inside and outside the network? If so, does it answer?
from a command line,
telnet "ipaddress" 25

0
 
LVL 17

Expert Comment

by:James Haywood
ID: 34119186
Also do you have a firewall on the server and if so is port 25 open?
0
Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

 
LVL 5

Expert Comment

by:sabk
ID: 34119222
are you certain it's your exchange server that's the problem, and not the outside service provider that does the scanning
0
 

Author Comment

by:asuring
ID: 34121005
It's definitely not the firewall, Telneting to port 25 on the server works, and the receive connector is configured correctly (as far as I can tell). Port forwarding is working fine as well. I can trace the email to the internal IP of the exchange server. The issue is with the exchange server and not the ISP, Firewall, spamfilter or internal routing.

0
 
LVL 6

Expert Comment

by:linraf
ID: 34123811
Do you have your dns setup correctly?
When you do a manual telnet on port 25 from outside are you using the name or ip address.
4.4.1 says that the server is not responding, so this would point to either getting to the wrong address, or the server is not answering. Since you say telnet answers from outside, look at dns settings.
0
 

Author Comment

by:asuring
ID: 34139087
Yes DNS is configured correctly, internally and externally. Our spamfilter and exchange server respond when  telneting to port 25.  Like I mentioned before, I can trace emails coming in to our spamfilter, being accepted and then being forwarded to the internal IP of the exchange server. Whatever the issue is, it seems to point to the exchange server. I'm starting to believe that it's some configuration issue with the receive connector but from what I've read it should be configured correctly.
0
 
LVL 6

Expert Comment

by:linraf
ID: 34139335
What settings do you have for the recieve connector?
0
 
LVL 6

Expert Comment

by:linraf
ID: 34139373
Is fortimail inside or outside of your network?
0
 
LVL 6

Expert Comment

by:linraf
ID: 34139458
Specifically the receive connector should have:
the server's ip address and port for receiving mail on the network tab
the fortimail's ip address for receive from (internal address if internal to the network)
permissions tab should have anonymous

This is assuiming that the fortimail is not authenticating to the the exchange server.

Make sure fortimail is sending to an ip address and not having to resolve names.
0
 

Author Comment

by:asuring
ID: 34146625
Fortimail is inside our network. It's sitting on a different subnet than the exchange server but all routing and firewall configs are fine.

Internal ip of the Fortimail is sending to the internal ip address and not a dns name of the exchange server.

I ran through the receive connector and verified everything. It all matches up to what you suggested. Fortimail isn't authenticating and permission's tab on the receive connector is set to anonymous. I can see SMTP packets getting to the exchange server from fortimail as well.
0
 
LVL 6

Accepted Solution

by:
linraf earned 2000 total points
ID: 34147029
So when you complete a manual telnet to send an email from the fortimail subnet, does the email deliver, or do you still get the same errors?

0
 
LVL 6

Expert Comment

by:linraf
ID: 34147324
If a manual telnet is able to send the email from your fortimail's subnet, perhaps autotuning is causing an issue. I have only seen it cause an issue on outgoing connections from server2008, but it is worth a try.

Disable TCP auto-tuning in Windows Server 2008 ¨C Auto-tuning is a feature that was introduced with Windows Vista and Windows Server 2008 in order to optimize TCP throughput. The problem is that some network devices do not support these features (most Cisco Firewall devices, Sonicwall Firewall, Check Point Firewall, some NG R55 routers, some Netgear routers), which can make things slower. To disable auto-tuning, run the following command from command line:

netsh interface tcp set global autotuninglevel=disabled
0
 

Author Comment

by:asuring
ID: 34150550
Hi Linaf-

Success finally. After taking the results of the manual SMTP test to the security group they rechecked the firewall rules and discovered that an ip was misconfigured. I appreciate your help and will assign points appropriately.
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Are you an Exchange administrator employed with an organization? And, have you encountered a corrupt Exchange database due to which you are not able to open its EDB file. This article will explain all the steps to repair corrupt Exchange database.
Eseutil Hard Recovery is part of exchange tool and ensures Exchange mailbox data recovery when mailbox gets corrupt due to some problem on Exchange server.
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Whether it be Exchange Server Crash Issues, Dirty Shutdown Errors or Failed to mount error, Stellar Phoenix Mailbox Exchange Recovery has always got your back. With the help of its easy to understand user interface and 3 simple steps recovery proced…
Suggested Courses

824 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question