Solved

Can't receive incoming email from external addresses on Exchange 2003

Posted on 2011-09-03
21
538 Views
Last Modified: 2012-05-12
Hey folks,

I'm having issues with our exchange server where we can send emails internally and externally and receive emails internally, but we are not able to receive any emails from external sources. The external sources doesn't seem to be getting any type of bounce back either. I did some searches using message tracking and there is no trace of these emails hitting our server.

What's the first thing that I should look at. Is it safe to rule out DNS if I can send emails out?
0
Comment
Question by:kj_syence
  • 11
  • 5
  • 4
  • +1
21 Comments
 
LVL 1

Author Comment

by:kj_syence
ID: 36477610
My MX records seem to be setup properly as well. Kind of doesn't make sense. This just started happening out the blue a couple days ago.
0
 
LVL 27

Expert Comment

by:davorin
ID: 36477613
Try to use www.mxtoolbox.com.
Firstly do a mx lookup for your domain and then SMTP test.

Look also at SMTP logs at your server
0
 
LVL 1

Author Comment

by:kj_syence
ID: 36477637
I run the mx lookup tool and it doesn't find anything.

When I start the smtp diagnostics I get "A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond"

I took a look at our smtp logs at C:\WINDOWS\System32\LogFiles\SMTPSVC1...

What exactly should I be looking for?
0
 
LVL 32

Expert Comment

by:endital1097
ID: 36477649
if you cannot find your MX record using mxtoolbox, then something has happened to your DNS records
you will need to check you external DNS record with whoever is the current namespace authority
0
 
LVL 27

Expert Comment

by:davorin
ID: 36477656
If you enter in mx lookup let say hp.com domain  (do not use mail.hp.com or www..hp.com format!) you should get this kind of record:

mx:hp.com               mx    
Pref      Hostname      IP Address      TTL            
10      smtp.hp.com      15.216.28.48      30 min      SMTP Test      Blacklist Check

Then if you click at SMTP test you should get something like this:

smtp:15.216.28.48
Monitor This smtp 220-g1t0025.austin.hp.com ESMTP Postfixg1t0025.austin.hp.com ESMTP Postfix

 OK - 15.216.28.48 resolves to smtpin-vip.austin.hp.com
 OK - Reverse DNS matches SMTP Banner
 0 seconds - Good on Connection time
 Not an open relay.
 6.427 seconds - Warning on Transaction time

Session Transcript:HELO please-read-policy.mxtoolbox.com
250 g1t0025.austin.hp.com [16 ms]
MAIL FROM: <supertool@mxtoolbox.com>
250 2.1.0 Ok [16 ms]
RCPT TO: <test@example.com>
550 5.7.1 <test@example.com>: Recipient address rejected: example.com does not accept e-mail [94 ms]
QUIT
221 2.0.0 Bye [16 ms]

Do the same for your domain.
0
 
LVL 1

Author Comment

by:kj_syence
ID: 36479562
I added our domain as you desribed davorin, for mxlookups, but nothing.

I run a nslookup against it and I see both our DC's show up with correct IP's. I then turn around and run a DNS lookup by clicking on one of our DC's, and the test states "no records found"

this was all done on mxtoolbox.com.

Both our DNS servers are external and contain our MX records, listing the name of our Exchange.

I also just received a kick back from an external email address that was used to test and it states that it has communicating with the DNS server. Only problem is, I'm not sure which DNS server is causing this issue. Is there a way to see where communication is having a hang up?
0
 
LVL 1

Author Comment

by:kj_syence
ID: 36479567
*has communication issues.

Sorry, typing fast.

the specefic error I get from google when trying to email one of our email addresses is "DNS Error: Timeout while contacting DNS servers"
0
 
LVL 27

Accepted Solution

by:
davorin earned 250 total points
ID: 36480158
Hi,

try to check DNS records for your domain using http://centralops.net/co/NsLookup.aspx
Select ANY type of records and look if MX record and appropriate A record is set correctly
IP address of server listed under domain box leave as it is.

"no records found" is normal for mxtoolbox.com

You can have here:
- external access problem to your DNS server (you will get no results from centralops.net)
- problem with DNS records at your server (results form centralops will be incorrect)
- external to internal SMTP traffic is not working correctly

Please let me know if centralops results are correct.
"kick back from an external email" - sorry, I don't get what you mean with that.

Have you done any changes to your system (DNS, internet access, mail server) prior the problem arises?
0
 
LVL 2

Expert Comment

by:atea_bjorn
ID: 36480183
Hi,

i would start this troubleshooting with using Nslookup.
1. Start a command prompt
2. type "nslookup" hit enter
3. type "set type=mx" in the nslookup box, hit enter
4. typ "yourdomain.topdomain 208.67.222.222" (hp.com or whatever your domain is, the ip address is for one of the opendns.org dns servers so you can see how it looks on the internet), hit enter.
5. your result should look something like this.
> hp.com 208.67.222.222
Server:  [208.67.222.222]
Address:  208.67.222.222

Non-authoritative answer:
hp.com  MX preference = 10, mail exchanger = smtp.hp.com

If your DNS is setup properly,then you should go on testing your SMTP connector byt using telnet
1. Open a command prompt
2. type telnet your.mx.record smtp
3. helo test.com
4. mail from:youremail@domain.com
5. rcpt to:some.one@thedomainonyourserver.topdomain
6. data
7. test
8. .
9. <enter>

If you cannot telnet on port 25/SMTP from internet, then you have issues either with your firewall or with your SMTP connector.

Try this and get back for more help.

Cheers
Björn
0
 
LVL 1

Author Comment

by:kj_syence
ID: 36480255
I receive no results. It states that it times out. What I meant by "kick back" was a NDR.

We did not make any changes to DNS, internet access, and our mail server. (As far as the equipment that I own)

0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 
LVL 2

Expert Comment

by:atea_bjorn
ID: 36480259
What is the domainname? I can have a look from here.

//Björn
0
 
LVL 1

Author Comment

by:kj_syence
ID: 36480320
isg.mil
0
 
LVL 2

Expert Comment

by:atea_bjorn
ID: 36480395
.mil is not a valid top domain name as far as I know.

So if your E-mail is name@isg.mil then it will not work. Due to .mil is not a valid ICANN aproved topdomain

Cheers
Björn
0
 
LVL 1

Author Comment

by:kj_syence
ID: 36480443
I believe it should. What type of lookup were you attempting to do?
0
 
LVL 2

Assisted Solution

by:atea_bjorn
atea_bjorn earned 250 total points
ID: 36480511
Hi yes you are right. .mil is a US only top domain name. Tough I cannot reach any authorative dns server to lookup any domain names from my Swedish computer.

dig @a.root-servers.net isg.mil

; <<>> DiG 9.7.3 <<>> @a.root-servers.net isg.mil
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47310
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 6, ADDITIONAL: 6
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;isg.mil.                  IN      A

;; AUTHORITY SECTION:
mil.                  172800      IN      NS      con1.nipr.mil.
mil.                  172800      IN      NS      con2.nipr.mil.
mil.                  172800      IN      NS      eur1.nipr.mil.
mil.                  172800      IN      NS      eur2.nipr.mil.
mil.                  172800      IN      NS      pac1.nipr.mil.
mil.                  172800      IN      NS      pac2.nipr.mil.

;; ADDITIONAL SECTION:
con1.nipr.mil.            172800      IN      A      199.252.157.234
con2.nipr.mil.            172800      IN      A      199.252.162.234
eur1.nipr.mil.            172800      IN      A      199.252.154.234
eur2.nipr.mil.            172800      IN      A      199.252.143.234
pac1.nipr.mil.            172800      IN      A      199.252.180.234
pac2.nipr.mil.            172800      IN      A      199.252.155.234

dig @eur1.nipr.mil isg.mil

; <<>> DiG 9.7.3 <<>> @eur1.nipr.mil isg.mil
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached

I get the same answer from all the authorative servers. I guess it's the reason for the other MX checkers wont work either.

So if I would try to send an e-mail to whoever@isg.mil my mailserver will never find your SMTP server by DNS name.

Cheers
Björn
0
 
LVL 27

Expert Comment

by:davorin
ID: 36480949
NDR does not need DNS resolution. It is generated in direct SMTP server to server communication.

Also I can not get any records from your domain. As it is US Military domain, it could be restricted in some parts of the world.
Maybe you should contact the registrar for your domain. I doubt that the problem is at your place.
0
 
LVL 1

Author Comment

by:kj_syence
ID: 36482551
I called my registrar. Waiting on a callback right now. Hopefully I receive some insight on what the heck happened.
0
 
LVL 1

Author Comment

by:kj_syence
ID: 36486515
Turns out the domain we share the backbone with had fiddled with our MX records over the weekend. Issue resolved. Points going out.
0
 
LVL 27

Expert Comment

by:davorin
ID: 36490558
Glad you have solved the problem and thx for points.

I have checked again your domain at www.mxtoolbox.com and I get another error.
It says that RDNS test failed. Maybe it is the problem because you are using capital letter in SMTP banner. Some linux mail servers are sensitive on this and you could have problems sending mails to these servers.

0
 
LVL 1

Author Comment

by:kj_syence
ID: 36492332
Thanks for the followup davorin. I will look into tomorrow. What type of RDNS test you did on mxtoolbox? I can't seem to find the same test.
0
 
LVL 1

Author Comment

by:kj_syence
ID: 36492362
Nevermind, I see it now. It's part of the smtp test.
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

"Migrate" an SMTP relay receive connector to a new server using info from an old server.
Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
This video discusses moving either the default database or any database to a new volume.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now