Solved

Exchange 2010 is unable to receive emails but is able to send them.

Posted on 2010-11-11
14
2,101 Views
Last Modified: 2012-05-10
I'm having issues with our exchange 2010 server not being able to receive emails. Sending emails works without any issues. Here is the breakdown.

-A fresh install of Exchange 2010 running on server 2008 R2 on a stand alone box.
-We do not run Edge in our environment
-Domain is a fresh build, standalone, does not have any trusts configured.
-Event logs for DC's and Exchange server is clean. No warnings or errors whatsoever.
-DNS is resolving everything without any issues
-BPA comes back clean
-Transport Connectors are configured correctly (as far as I know).
-All external mail comes through our fortimail, and is being handed off to the exchange server via port 25.
-I've verified that our spamfilter (IE fortimail) is getting the emails, allowing them and is forwarding them to the exchange server.
-Sending emails internally and externally all work without a problem. It's only when receiving from outside of the organization.

- I get the following error kicked back to me:
----- Transcript of session follows -----
<xyz@company.com>... Deferred: Connection timed out with company.com.
Warning: message still undelivered after 4 hours
Will keep trying until message is 5 days old

Final-Recipient: RFC822; xyz@company.com
Action: delayed
Status: 4.4.1
Remote-MTA: DNS; company.com

Let me know if you need any more information.
0
Comment
Question by:asuring
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 4
  • 2
  • +1
14 Comments
 
LVL 17

Expert Comment

by:James Haywood
ID: 34115551
Have you set up and configured a receive connector?
0
 
LVL 6

Expert Comment

by:linraf
ID: 34115977
Have you checked your port forwarding in your router?
Is fortimail sending on port 25 , or an alternate port?
have you tried a manual telnet to the server from inside and outside the network? If so, does it answer?
from a command line,
telnet "ipaddress" 25

0
 
LVL 17

Expert Comment

by:James Haywood
ID: 34119186
Also do you have a firewall on the server and if so is port 25 open?
0
Instantly Create Instructional Tutorials

Contextual Guidance at the moment of need helps your employees adopt to new software or processes instantly. Boost knowledge retention and employee engagement step-by-step with one easy solution.

 
LVL 5

Expert Comment

by:sabk
ID: 34119222
are you certain it's your exchange server that's the problem, and not the outside service provider that does the scanning
0
 

Author Comment

by:asuring
ID: 34121005
It's definitely not the firewall, Telneting to port 25 on the server works, and the receive connector is configured correctly (as far as I can tell). Port forwarding is working fine as well. I can trace the email to the internal IP of the exchange server. The issue is with the exchange server and not the ISP, Firewall, spamfilter or internal routing.

0
 
LVL 6

Expert Comment

by:linraf
ID: 34123811
Do you have your dns setup correctly?
When you do a manual telnet on port 25 from outside are you using the name or ip address.
4.4.1 says that the server is not responding, so this would point to either getting to the wrong address, or the server is not answering. Since you say telnet answers from outside, look at dns settings.
0
 

Author Comment

by:asuring
ID: 34139087
Yes DNS is configured correctly, internally and externally. Our spamfilter and exchange server respond when  telneting to port 25.  Like I mentioned before, I can trace emails coming in to our spamfilter, being accepted and then being forwarded to the internal IP of the exchange server. Whatever the issue is, it seems to point to the exchange server. I'm starting to believe that it's some configuration issue with the receive connector but from what I've read it should be configured correctly.
0
 
LVL 6

Expert Comment

by:linraf
ID: 34139335
What settings do you have for the recieve connector?
0
 
LVL 6

Expert Comment

by:linraf
ID: 34139373
Is fortimail inside or outside of your network?
0
 
LVL 6

Expert Comment

by:linraf
ID: 34139458
Specifically the receive connector should have:
the server's ip address and port for receiving mail on the network tab
the fortimail's ip address for receive from (internal address if internal to the network)
permissions tab should have anonymous

This is assuiming that the fortimail is not authenticating to the the exchange server.

Make sure fortimail is sending to an ip address and not having to resolve names.
0
 

Author Comment

by:asuring
ID: 34146625
Fortimail is inside our network. It's sitting on a different subnet than the exchange server but all routing and firewall configs are fine.

Internal ip of the Fortimail is sending to the internal ip address and not a dns name of the exchange server.

I ran through the receive connector and verified everything. It all matches up to what you suggested. Fortimail isn't authenticating and permission's tab on the receive connector is set to anonymous. I can see SMTP packets getting to the exchange server from fortimail as well.
0
 
LVL 6

Accepted Solution

by:
linraf earned 500 total points
ID: 34147029
So when you complete a manual telnet to send an email from the fortimail subnet, does the email deliver, or do you still get the same errors?

0
 
LVL 6

Expert Comment

by:linraf
ID: 34147324
If a manual telnet is able to send the email from your fortimail's subnet, perhaps autotuning is causing an issue. I have only seen it cause an issue on outgoing connections from server2008, but it is worth a try.

Disable TCP auto-tuning in Windows Server 2008 ¨C Auto-tuning is a feature that was introduced with Windows Vista and Windows Server 2008 in order to optimize TCP throughput. The problem is that some network devices do not support these features (most Cisco Firewall devices, Sonicwall Firewall, Check Point Firewall, some NG R55 routers, some Netgear routers), which can make things slower. To disable auto-tuning, run the following command from command line:

netsh interface tcp set global autotuninglevel=disabled
0
 

Author Comment

by:asuring
ID: 34150550
Hi Linaf-

Success finally. After taking the results of the manual SMTP test to the security group they rechecked the firewall rules and discovered that an ip was misconfigured. I appreciate your help and will assign points appropriately.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
A couple of months ago we ran into an issue that necessitated re-creating our Edge Subscriptions. However, when we attempted to execute the command: New-EdgeSubscription -filename C:\NewEdgeSub_01.xml we received an error indicating that the LDAP se…
how to add IIS SMTP to handle application/Scanner relays into office 365.
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
Suggested Courses

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question