Solved

Exchange 2010 is unable to receive emails but is able to send them.

Posted on 2010-11-11
14
2,080 Views
Last Modified: 2012-05-10
I'm having issues with our exchange 2010 server not being able to receive emails. Sending emails works without any issues. Here is the breakdown.

-A fresh install of Exchange 2010 running on server 2008 R2 on a stand alone box.
-We do not run Edge in our environment
-Domain is a fresh build, standalone, does not have any trusts configured.
-Event logs for DC's and Exchange server is clean. No warnings or errors whatsoever.
-DNS is resolving everything without any issues
-BPA comes back clean
-Transport Connectors are configured correctly (as far as I know).
-All external mail comes through our fortimail, and is being handed off to the exchange server via port 25.
-I've verified that our spamfilter (IE fortimail) is getting the emails, allowing them and is forwarding them to the exchange server.
-Sending emails internally and externally all work without a problem. It's only when receiving from outside of the organization.

- I get the following error kicked back to me:
----- Transcript of session follows -----
<xyz@company.com>... Deferred: Connection timed out with company.com.
Warning: message still undelivered after 4 hours
Will keep trying until message is 5 days old

Final-Recipient: RFC822; xyz@company.com
Action: delayed
Status: 4.4.1
Remote-MTA: DNS; company.com

Let me know if you need any more information.
0
Comment
Question by:asuring
  • 7
  • 4
  • 2
  • +1
14 Comments
 
LVL 17

Expert Comment

by:James Haywood
ID: 34115551
Have you set up and configured a receive connector?
0
 
LVL 6

Expert Comment

by:linraf
ID: 34115977
Have you checked your port forwarding in your router?
Is fortimail sending on port 25 , or an alternate port?
have you tried a manual telnet to the server from inside and outside the network? If so, does it answer?
from a command line,
telnet "ipaddress" 25

0
 
LVL 17

Expert Comment

by:James Haywood
ID: 34119186
Also do you have a firewall on the server and if so is port 25 open?
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 5

Expert Comment

by:sabk
ID: 34119222
are you certain it's your exchange server that's the problem, and not the outside service provider that does the scanning
0
 

Author Comment

by:asuring
ID: 34121005
It's definitely not the firewall, Telneting to port 25 on the server works, and the receive connector is configured correctly (as far as I can tell). Port forwarding is working fine as well. I can trace the email to the internal IP of the exchange server. The issue is with the exchange server and not the ISP, Firewall, spamfilter or internal routing.

0
 
LVL 6

Expert Comment

by:linraf
ID: 34123811
Do you have your dns setup correctly?
When you do a manual telnet on port 25 from outside are you using the name or ip address.
4.4.1 says that the server is not responding, so this would point to either getting to the wrong address, or the server is not answering. Since you say telnet answers from outside, look at dns settings.
0
 

Author Comment

by:asuring
ID: 34139087
Yes DNS is configured correctly, internally and externally. Our spamfilter and exchange server respond when  telneting to port 25.  Like I mentioned before, I can trace emails coming in to our spamfilter, being accepted and then being forwarded to the internal IP of the exchange server. Whatever the issue is, it seems to point to the exchange server. I'm starting to believe that it's some configuration issue with the receive connector but from what I've read it should be configured correctly.
0
 
LVL 6

Expert Comment

by:linraf
ID: 34139335
What settings do you have for the recieve connector?
0
 
LVL 6

Expert Comment

by:linraf
ID: 34139373
Is fortimail inside or outside of your network?
0
 
LVL 6

Expert Comment

by:linraf
ID: 34139458
Specifically the receive connector should have:
the server's ip address and port for receiving mail on the network tab
the fortimail's ip address for receive from (internal address if internal to the network)
permissions tab should have anonymous

This is assuiming that the fortimail is not authenticating to the the exchange server.

Make sure fortimail is sending to an ip address and not having to resolve names.
0
 

Author Comment

by:asuring
ID: 34146625
Fortimail is inside our network. It's sitting on a different subnet than the exchange server but all routing and firewall configs are fine.

Internal ip of the Fortimail is sending to the internal ip address and not a dns name of the exchange server.

I ran through the receive connector and verified everything. It all matches up to what you suggested. Fortimail isn't authenticating and permission's tab on the receive connector is set to anonymous. I can see SMTP packets getting to the exchange server from fortimail as well.
0
 
LVL 6

Accepted Solution

by:
linraf earned 500 total points
ID: 34147029
So when you complete a manual telnet to send an email from the fortimail subnet, does the email deliver, or do you still get the same errors?

0
 
LVL 6

Expert Comment

by:linraf
ID: 34147324
If a manual telnet is able to send the email from your fortimail's subnet, perhaps autotuning is causing an issue. I have only seen it cause an issue on outgoing connections from server2008, but it is worth a try.

Disable TCP auto-tuning in Windows Server 2008 ¨C Auto-tuning is a feature that was introduced with Windows Vista and Windows Server 2008 in order to optimize TCP throughput. The problem is that some network devices do not support these features (most Cisco Firewall devices, Sonicwall Firewall, Check Point Firewall, some NG R55 routers, some Netgear routers), which can make things slower. To disable auto-tuning, run the following command from command line:

netsh interface tcp set global autotuninglevel=disabled
0
 

Author Comment

by:asuring
ID: 34150550
Hi Linaf-

Success finally. After taking the results of the manual SMTP test to the security group they rechecked the firewall rules and discovered that an ip was misconfigured. I appreciate your help and will assign points appropriately.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A procedure for exporting installed hotfix details of remote computers using powershell
This article explains how to install and use the NTBackup utility that comes with Windows Server.
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question