Solved

Can't email to external email addresses

Posted on 2011-02-23
8
854 Views
Last Modified: 2012-05-11
Hello Experts!

Running SBS2003 with Exchange Server 2003.
Up until last week we had T1 voice an data Internet service with Integra Telecom.
Last week we added Comcast Business Class Internet Connection for connection speed.
Last Saturday I asked Integra to modify our MX Record to point to the new IP address given to us by Comcast. 173.8.103.129 mail.zinncorp.com

I changed the settings in my firewall to reflect the new IP address.
I tested incoming mail and it worked but did not make sure emails were reaching external recipients (my bad).
On Tuesday morning I was informed that external recipients were not getting emails.
I looked on the queue and noticed there were a bunch of emails stucked there.
I was informed by Integra that I should ask Comcast to create a PTR to 173.8.103.129 mail.zinncorp.com, this was done on Tuesday at about 11am and the said it will take 24 for the DNS Server to populate.
Today, Wednesday 6:00pm and I still have messages getting stuck in the queque.
I did tests on whatsmydns.net and everything seems to be OK.
Besides messages getting stuck in the queue, one of my users is receiving the following message when sending messages to a particular recipient.
 
The following recipient (s) could not be reached:
 user@domain.com on 2/23/2011 5:01pm
You do not have permission to send to this recipient. For assistance, contact your system administrator.
<mail.zinncorp.com #5.7.1 smtp;550 5.7.1 Unable to relay for user@domain.com>

I have absolutely no more ideas on how to resolve this issue.
Your help will be greatly appreciated.

0
Comment
Question by:ernestop
  • 6
  • 2
8 Comments
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34966180
Your configuration looks very RFC Compliant to me so there may be issues at the receiving end deliberately blocking you or expecting you to come in from your old IP not your new IP.  Some manually record your IP and if you stray from what they expect - they reject you.

As for the 5.7.1 error - that suggests a similar problem - the receiving server doesn't like you and you may need to contact them and get unblocked.
0
 

Author Comment

by:ernestop
ID: 34966253
Alan, thanks for your prompt response!


My Server name is zinnserv01 and I am using a SonicWALL Email Security device, its name zinnserv03. Don't know why it is coming up on this report.
Before the change everything was working fine.
I am calling SonicWALL as we have support agreement with them. Will keep you posted.

Here is the report from mxtoolbox.com

smtp:173.8.103.129     smtp    
220 zinnserv03.zinncorp.local ESMTP SonicWALL (7.2.1.2843)


 OK - 173.8.103.129 resolves to mail.zinncorp.com
 Warning - Reverse DNS does not match SMTP Banner
 0 seconds - Good on Connection time
 Not an open relay.
 0.320 seconds - Good on Transaction time

Session Transcript:
HELO please-read-policy.mxtoolbox.com
250 zinnserv03.zinncorp.local [48 ms]
MAIL FROM: <supertool@mxtoolbox.com>
250 2.1.0 supertool@mxtoolbox.com....Sender OK [48 ms]
RCPT TO: <test@example.com>
550 5.7.1 Unable to relay for <test@example.com> [48 ms]
QUIT
221 2.0.0 Bye [48 ms]
 
reverse lookup smtp diag port scan blacklist

Reported by mxtoolbox.com on Wednesday, February 23, 2011 at 5:35:21 PM (GMT-6)  (History)




mx:zinncorp.com     mx    

Pref Hostname IP Address TTL  
10 mail.zinncorp.com 173.8.103.129 24 hrs SMTP Test Blacklist Check
20 relay2.msp.eschelon.com 209.150.200.7 24 hrs SMTP Test Blacklist Check
dns lookup ns lookup mx lookup whois lookup

Reported by ns.fishnet.com on Wednesday, February 23, 2011 at 5:34:52 PM (GMT-6)

0
 

Author Comment

by:ernestop
ID: 34966625
Spoke with SonicWALL support.
zinnserv03 is a server that is running the email security software. It scans incoming mail before passsing it to the email server zinnserv01.

The line that concerns me from the mxtoolbox report is:
Warning - Reverse DNS does not match SMTP Banner
Don't know how to fix that.
Any suggestions?
thanks again in advance for all your input.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34967993
Okay - the Reverse DNS does not match SMTP Banner can be resolved by changing the FQDN on your server.  (I missed that - Sorry).

Open Up Exchange System Manager and expand Protocols> SMTP> Right-Click on SMTP Virtual Server and choose Properties.

On the Delivery Tab> Advanced Button, change the FQDN fom zinnserv03.zinncorp.local to mail.zinncorp.com

The rest of your configuration looks fine.
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 

Author Comment

by:ernestop
ID: 34970371
Alan,

The FQDN has been there all along. That was one of the first things I double checked as per a post on the mxtoolsbox.com.

So, that looks good. PrintScreen of FQDN
Was on the phone with Integra last night and they said everything looks good on their end (I have only talke to them and Comcast like 10 times!!!)
0
 

Author Comment

by:ernestop
ID: 34970519
One more clarification piece:

zinnserv03 is a server running SonnicWALL mail security software.

Inbound email gets routed from my SonicWALL firewall to server "zinnserv03" where messages are scanned and then junked or sent to my SBS2003 Server "zinnserv01".

Inbound emails are reaching the Outlook clients. It is the outbound emails that are either queued up or rejected.

Thanks.
0
 

Accepted Solution

by:
ernestop earned 0 total points
ID: 34973177
Eureka!

An old DNS entry from our previous provider in the virtual server properties.

Everything is working now!

Thanks Alan. I appreciate your input.
0
 

Author Closing Comment

by:ernestop
ID: 35005298
Digged more into the properties of the virtual server.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Easy CSR creation in Exchange 2007,2010 and 2013
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now