New SBS Install - Unable To Send Or Recieve External Email

Did an install over the weekend & currently cannot send or receive any external email. I replaced a sbs 2003 server with a 2008 server. In terms of the old server, they were sending & receiving via exchange without issue.

Regarding the mx records, i thought that as long as i made the new server appear to the outside world using the same external ip then there should be no need for any changes to the mx records as i am simply replacing the box.

I logged into their control panel & i could not actually see any mx records setup apart from mx ip4 that i found strange as the old server was using exchange and worked. I decided to create a new mx & a record that is setup as follows:

Your current raw SPF record is: v=spf1 a mx ip4: a:servers.external.ip ?all

As you can see, i have the server’s external ip for the "a" record and the domain name for "mx".  
There is also an mx ip4 address that i did not set & i am wondering if i need to remove the mx i created & simply insert the server’s external ip there?

Client side i get the following error when trying to send externally:

Diagnostic information for administrators:

Generating server:
rblsmtpd.local #553 Mail blocked. Please see <*> ##

Original message headers:

Received: from l ([fe80::7438:8d24:7de0:607e])
 by  ([fe80::7438:8d24:7de0:607e%10]) with
 mapi; Mon, 2 May 2011 11:51:32 +0100
From: >
To: >
CC: "" <>, "Thomas
 DavidAdmin" <>
Date: Mon, 2 May 2011 11:51:31 +0100
Subject: internal test
Thread-Topic: internal test
Thread-Index: AcwItuVtqG0bq30JQ12pxUKlsIp8mA==
Message-ID: <7c5559b2-7ea8-4d2c-998d-d4d524c7232c@THOMASDAVID-SBS.thomasdavid.local>
Accept-Language: en, en-US
Content-Language: en-US
acceptlanguage: en, en-US
Content-Type: multipart/alternative;
MIME-Version: 1.0

Any help is extermly appreciated guys
Daniel BertoloneAsked:
Who is Participating?
you need to contact tech support at chesternet and request the DNS updates to be made.

That should solve the problem of email going directly to your exchange server.
Also, since your mail server will change to your Exchange server you should delete any SPF record.  I think the screen shot showed disabled status already? has info if you want to try and put it back again.  It is only useful for anti-spam situations - when you send email out.
Daniel BertoloneAuthor Commented:
I can post a screen of the cpanel configuration options if that helps
Daniel BertoloneAuthor Commented:
Emails are now being sent externally ok, it’s just receiving that remains a problem
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

Cliff GaliherCommented:
What you've posted is an SPF record, not an MX record, and configured improperly, can actually make things worse. Since the 2003 server worked, undo what you did and then check your edge router/firewall. Sounds like you didn't update ut to forward SMTP traffic to the new server's internal IP address.

Daniel BertoloneAuthor Commented:
Thanks for the reply cliff.

I have undone the changes & this is what i have:

v=spf1 a mx ip4: ?all

Thing is that ip is not the servers ip, it points to a company that called chesternet who resold the hosting package to the client.

I take it the mail is being delivered to chesternt first & then forwarded onto the mail server?

Just some info.  SPF record is for anti-spam use.  It lists which servers are the valid servers to send mail from your Domain.
With that SPF record is says the the server is a valid server sending mail for your domain.
I recommend you just delete the DNS txt record for the SPF stuff and put it back later. has lots of info for this.

The SPF record is not related to you not being able to receive email.  It may cause a problem for you to send out email if it is not configured properly (other systems with anti-spam using SPF would think your server is sending spam).

If you can access to the internet (from outside your office/location - maybe call a friend) you can try to telnet to your IP address on port 25 and see if you get a response from Exchange.

example DOS/CMD command:  telnet ipaddress 25
If you don't get a response then your firewall/router is not configured for the new value (your old server is offline right?)

also try the website

Cliff GaliherCommented:
You are still posting SPF records, not MX records. In short, if you don't know the difference between SPF, MX, and a records, and don't know the mail flow of the original setup, you aren't prepared to tackle this problem alone (even with EE.) I'd strongly urge you to contact a trusted advisor/consultant and pay for some support. It'll save more than it'll cost.

Daniel BertoloneAuthor Commented:
Thanks again guys.

I do understand the difference between a records and mx records and how they work. I did not know about SPF records until now.

I have attached a screenshot of the domain control panel & it shows that is the main server interface that points to chesternet who resold the domain to the client.

Do you have any idea why it would be setup in this manner as surely it should send the emails directly to the exchange server?

That is SPF related stuff.  Just forget anything related to SPF for now.  

if you provide us your real domain name then we can check for you and probably get to the issue very quickly.

Daniel BertoloneAuthor Commented:

Domain name is

I tried a telnet & that was successful. I also ran test my exchange that passed with the following results:

      Test Steps
      Attempting to retrieve DNS MX records for domain
       One or more MX records were successfully retrieved from DNS.
      Additional Details
       MX Records Host, Preference 0
      Testing Mail Exchanger
       This Mail Exchanger was tested successfully.
      Test Steps
      Attempting to resolve the host name in DNS.
       The host name resolved successfully.
      Additional Details
       IP addresses returned:
      Testing TCP port 25 on host to ensure it's listening and open.
       The port was opened successfully.
      Additional Details
       Banner received: ESMTP Exim 4.69 #1 Mon, 02 May 2011 18:39:27 +0100
      Attempting to send a test e-mail message to using MX
       The test message was delivered successfully.
      Testing the MX for open relay by trying to relay to user
       The Open Relay test passed. This mx isn't an open relay.
      Additional Details
       The open relay test message delivery failed, which is a good thing.
The exception detail:
Exception details:
Message: Mailbox unavailable. The server response was: ( []:55252 is currently not
Type: System.Net.Mail.SmtpFailedRecipientException
Stack trace:
at System.Net.Mail.SmtpTransport.SendMail(MailAddress sender, MailAddressCollection recipients, String deliveryNotify, SmtpFailedRecipientException& exception)
at System.Net.Mail.SmtpClient.Send(MailMessage message)
at Microsoft.Exchange.Tools.ExRca.Tests.SmtpOpenRelayTest.PerformTestReally()

Cliff GaliherCommented:
The screenshot you provided is *STILL* only SPF-related, as indicated by the "SPF" at the very top of the page. Again, from the sound of things, you have several issues at play here, and I think you'll get faster and better resolution with a paid contractor. It is perfectly acceptable to ask them to work remotely or on-site while you watch, so you can see what is happening and can pick up details to fill in the blanks of your network topology, but I think your issues will require digging in-depth enough that forum/EE/newsgroup volunteer help just won't cut it.

ok your mx record is pointing to (basically looks like server).

So your mx record is not correct.  You need to change your MX record to be your internet IP address, then if your router/firewall is setup correctly it will connect to your exchange (Port 25).

In the Chesternet control panel you need to find your MX record and make the change there.

ns1 and are the DNS nameservers for your domain.

I reccomend you make an A record called MAIL
Then edit the existing MX record and the setting should go to   (check if the existing record has the . at the end too - make it the same as the existing MX record entry).

For testing it could take some time before the DNS becomes active.  

If you want, let use know when you fix the MX and A records and I can check if they are correct.
Daniel BertoloneAuthor Commented:
I would usually expect to be able to change the mx record from the domain control panel but i cannot see where. The only place that mentioned anything to do with mx records was the spf screens i posted earlier.

Below is a top-level screenshot of the domain.

can't see the bottom of the page from your picture, but cPanel normally has an icon to edit DNS or MX record.  
Daniel BertoloneAuthor Commented:
I was expecting something along those lines too.

Here is the other half of the screen
Daniel BertoloneAuthor Commented:
I thought it was something along those lines but just could not figure out why the option would not be available in cpanel & why it is going to chesternet?

In addition, how was the other server then configured to receive any emails as i was expecting not to have to touch any mx records as long as i made the new server appear to the outside world on the same external ip

My guess is that the old server has some POP download type of program on it.  It was downloading email from chesternet and feeding it into exchange.
Or the chesternet system has a setup like a store and forward configuration.  It will collect the mail and forward to your exchange server IP.

You need to contact their Tech support to check on that.  And look into the installed programs on the old server.

SBS 2003 has a built-in POP connector feature already.  Look in the Exchange console for it.
Daniel BertoloneAuthor Commented:
Now that you mention it I’m sure i have seen that feature in exchange on the old server.

Why setup the server via a pop connector in the first place if they have the option of exchange?


I think it is still there in 2008 SBS.

Some reasons  (I have done this too in the past but not really much anymore).

Had a dynamic IP address at the office before (maybe a static IP internet package is expensive).  
Don't want to pay for Exchange based anti-virus and anti-spam - use the hosting company for this.
Worried that if Exchange or office internet is down then email will have no place to go and will not be accessible. (they can access the hosting server webmail when outside the office)

Daniel BertoloneAuthor Commented:
Thanks again for all your help!
Daniel BertoloneAuthor Commented:
Will let you know once its sorted!
Daniel BertoloneAuthor Commented:
All sorted now. Spoke with the host & he changed the mx records to point to the new server

Many Thanks
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.