• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2189
  • Last Modified:

Exchange 2010 is unable to receive emails but is able to send them.

I'm having issues with our exchange 2010 server not being able to receive emails. Sending emails works without any issues. Here is the breakdown.

-A fresh install of Exchange 2010 running on server 2008 R2 on a stand alone box.
-We do not run Edge in our environment
-Domain is a fresh build, standalone, does not have any trusts configured.
-Event logs for DC's and Exchange server is clean. No warnings or errors whatsoever.
-DNS is resolving everything without any issues
-BPA comes back clean
-Transport Connectors are configured correctly (as far as I know).
-All external mail comes through our fortimail, and is being handed off to the exchange server via port 25.
-I've verified that our spamfilter (IE fortimail) is getting the emails, allowing them and is forwarding them to the exchange server.
-Sending emails internally and externally all work without a problem. It's only when receiving from outside of the organization.

- I get the following error kicked back to me:
----- Transcript of session follows -----
<xyz@company.com>... Deferred: Connection timed out with company.com.
Warning: message still undelivered after 4 hours
Will keep trying until message is 5 days old

Final-Recipient: RFC822; xyz@company.com
Action: delayed
Status: 4.4.1
Remote-MTA: DNS; company.com

Let me know if you need any more information.
0
asuring
Asked:
asuring
  • 7
  • 4
  • 2
  • +1
1 Solution
 
James HaywoodCommented:
Have you set up and configured a receive connector?
0
 
linrafCommented:
Have you checked your port forwarding in your router?
Is fortimail sending on port 25 , or an alternate port?
have you tried a manual telnet to the server from inside and outside the network? If so, does it answer?
from a command line,
telnet "ipaddress" 25

0
 
James HaywoodCommented:
Also do you have a firewall on the server and if so is port 25 open?
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
sabkCommented:
are you certain it's your exchange server that's the problem, and not the outside service provider that does the scanning
0
 
asuringAuthor Commented:
It's definitely not the firewall, Telneting to port 25 on the server works, and the receive connector is configured correctly (as far as I can tell). Port forwarding is working fine as well. I can trace the email to the internal IP of the exchange server. The issue is with the exchange server and not the ISP, Firewall, spamfilter or internal routing.

0
 
linrafCommented:
Do you have your dns setup correctly?
When you do a manual telnet on port 25 from outside are you using the name or ip address.
4.4.1 says that the server is not responding, so this would point to either getting to the wrong address, or the server is not answering. Since you say telnet answers from outside, look at dns settings.
0
 
asuringAuthor Commented:
Yes DNS is configured correctly, internally and externally. Our spamfilter and exchange server respond when  telneting to port 25.  Like I mentioned before, I can trace emails coming in to our spamfilter, being accepted and then being forwarded to the internal IP of the exchange server. Whatever the issue is, it seems to point to the exchange server. I'm starting to believe that it's some configuration issue with the receive connector but from what I've read it should be configured correctly.
0
 
linrafCommented:
What settings do you have for the recieve connector?
0
 
linrafCommented:
Is fortimail inside or outside of your network?
0
 
linrafCommented:
Specifically the receive connector should have:
the server's ip address and port for receiving mail on the network tab
the fortimail's ip address for receive from (internal address if internal to the network)
permissions tab should have anonymous

This is assuiming that the fortimail is not authenticating to the the exchange server.

Make sure fortimail is sending to an ip address and not having to resolve names.
0
 
asuringAuthor Commented:
Fortimail is inside our network. It's sitting on a different subnet than the exchange server but all routing and firewall configs are fine.

Internal ip of the Fortimail is sending to the internal ip address and not a dns name of the exchange server.

I ran through the receive connector and verified everything. It all matches up to what you suggested. Fortimail isn't authenticating and permission's tab on the receive connector is set to anonymous. I can see SMTP packets getting to the exchange server from fortimail as well.
0
 
linrafCommented:
So when you complete a manual telnet to send an email from the fortimail subnet, does the email deliver, or do you still get the same errors?

0
 
linrafCommented:
If a manual telnet is able to send the email from your fortimail's subnet, perhaps autotuning is causing an issue. I have only seen it cause an issue on outgoing connections from server2008, but it is worth a try.

Disable TCP auto-tuning in Windows Server 2008 ¨C Auto-tuning is a feature that was introduced with Windows Vista and Windows Server 2008 in order to optimize TCP throughput. The problem is that some network devices do not support these features (most Cisco Firewall devices, Sonicwall Firewall, Check Point Firewall, some NG R55 routers, some Netgear routers), which can make things slower. To disable auto-tuning, run the following command from command line:

netsh interface tcp set global autotuninglevel=disabled
0
 
asuringAuthor Commented:
Hi Linaf-

Success finally. After taking the results of the manual SMTP test to the security group they rechecked the firewall rules and discovered that an ip was misconfigured. I appreciate your help and will assign points appropriately.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

  • 7
  • 4
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now