Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 461
  • Last Modified:

SBS 2003 server from one client not receiving mail from SBS 2010 or SBS 2008 servers

I have SBS 2003 server than can receive external emails, except when sent from a SBS 2008 or SBS 2010 server. If I try a smtpdiag from the 2008/2010 servers, it shows as succesful. No information on any of the logs. The 2010/2008 Queue will just show the connection as active. Nothing on the incoming logs on the 2003 server.
I called Microsoft and they said that it was a dns issue with the ISP, but I have other SBS 2003 servers with the same ISP and they have no problems receiving mail from 2010/2008 servers.
0
v-net
Asked:
v-net
  • 4
  • 2
1 Solution
 
Cliff GaliherCommented:
I have seen this when a hardware firewall has been set up with SMTP filtering (not just port forwarding) or where an A/V product has been installed on the server that does SMTP filtering.

The details of the problem is that during the initial SMTP connection, the servers exchange "verbs" that they support. Older SMTP filters will allow a server to *claim* it supports a set of verbs (since the command that lists the supported verbs isn't filtered) but when a server then tries to use one of the listed verbs as a command, the filter kicks in and throws an error or, worse, doesn't respond at all. Then the sending server assumes there is an issue and disconnects to retry again later.

Exchange, in particular, supports a very robust set of commands to streamline bandwidth, allow a great deal of metadata to be transferred, so when two exchange servers are talking to each other, and one *claims* to support a full rich set of commands and then an SMTP filter prevents those commands from actually being used, the other Exchange server realizes there is an issue.

the fault here is not SBS, or even Exchange, but with poorly written SMTP filters that do not filter the list of commands supported but block those same commands later in their actual use.

If you have a hardware firewall that does SMTP filtering, try turning off that filter temporarily (Watchguard is particularly notorious for this issue).

If you have an A/V product that does software SMTP filtering, same thing, try turning it off (some versions of Trend, most versions of McAfee, and a few others have caused this issue as well.)

Once you establish the cause, you can see if the vendor offers updates to fix the issue. Most do, but you have to look for them (and perhaps renew a service agreement...)

-Cliff
0
 
v-netAuthor Commented:
Thanks Sage,

Forgot to mention we did have a Watchguard firewall in place, we removed it and placed a simple router with no filtering for testing and still nothing.  The firwall doesn't show us any attempt of a connection to the server via port 25 when we are sending to it from Exchange 2007/2010.  If we do a telnet to the Exchange 2003 box it does shows the connection.

Regarding Antivirus, we have Symantec Mail Security, it is disabled no services running and still emails do not go through.

Also Microsoft, had us create SmartHosts, with the smarthosts we have no issues e-mailing to the Exchange 2003 box.
0
 
Cliff GaliherCommented:
Makes sense. A smarthost would take the advanced Exchange stuff out of the equation. This actually reinforces that this sounds like a filtering issue to me. If not on the 2003 side, perhaps on the 2007/2010 side (since connections aren't even being opened, but do get opened with a telnet...)

Has your ISP started doing filtering recently? Or are you on an account that perhaps limits port 25 to particular subnets. It is *very* strange that you aren't even seeing incoming connections, which means the 2003 server is likely not the culprit, but is the sending servers having issues even establishing a connection through your ISP.

Additional thoughts are your incoming mail setup. Are you using 3rd-party filtering such as Reflexions or Postini. Are your MX records pointing directly to your 2003 server?

-Cliff
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
v-netAuthor Commented:
Just got off the phone with AT&T (ISP for the server having problems receiving mail) to verify that their account is a business account and there is no filtering on port 25 traffic. MX records point directly to the external IP of the network and we use NAT on the router to send mail the server.
I'm going to try calling Symantec now as we use Mail Security to scan messages for viruses. The Premium antispam feature is disabled and should not be the cause of the problem, but I'm running out of options here.
I'll also try calling the IT department from one of the senders and see if they see something strange on their side.
0
 
v-netAuthor Commented:
The problem was with the domain hosting company. Had to delete and then recreate the MX records and then everything started working again.
1st time I see something like this.
0
 
v-netAuthor Commented:
Expert comments are useful.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now