Solved

Question on port forwarding on exchange 2007

Posted on 2011-09-03
13
462 Views
Last Modified: 2012-05-12
I have customer where as of Friday the emails stopped coming in to the SBS 2008 Exchange.

At first I was troubleshooting the server to find nothing wrong with it. Finally I found that for some reason the ISP is blocking port 25. Before I found out I already called them to ask and was told that they are not blocking it.

So what I'm doing now is open port 2525 on the firewall and forward to port 25 on the server. I can telnet on port 2525 I can connect to the server and when I do a packet trace the packet flow to the server.

But the problem is that the emails don't get to the server. I can send emails using a smart host from dnsmadeeasy.com using port 5525 but not able to receive any emails

Should that not work what I'm doing? Or is there a step I'm missing?

Please help...
0
Comment
Question by:Gerhardpet
  • 5
  • 5
  • 3
13 Comments
 
LVL 11

Expert Comment

by:madhatter5501
Comment Utility
can you telnet on port 25 from outside your organization to your server? do you have port 25 open going outside? try restarting the server too
0
 
LVL 1

Author Comment

by:Gerhardpet
Comment Utility
No I can't telnet on port 25 from outside the organization to the server. I can on port 2525 which on the firewall I forward to the server on port 25

I have not restarted the server which I will do now
0
 
LVL 11

Expert Comment

by:madhatter5501
Comment Utility
if that fails after the reboot, you may want to try this - http://www.no-ip.com/support/guides/email/blocked_port_25.html

that works by pointing the mx records to the no-ip and they take port 25 and will send it to your server using the port you choose working the "translation"

may be worth a shot and I believe it is free.
0
 
LVL 11

Expert Comment

by:madhatter5501
Comment Utility
after looking, it is actually $39/year
0
 
LVL 15

Expert Comment

by:It breaks therefore I am
Comment Utility
Check your firewall rules, check the logs of your router to make su this is not blocking smtp

SBS uses anti spam agents on the HT role out of the box so check to see if this is the cause, use the Get-agent log cmdlet

http://technet.microsoft.com/en-us/library/aa996044(v=exchg.80).aspx

I would fix the issue rather that come up with a workaround and something is obviously not working on your side if the ISP have already said it's not them causing it. Switch your receive connector to verbose logging and look at the logs in transport role.

0
 
LVL 15

Expert Comment

by:It breaks therefore I am
Comment Utility
Also I was going to ask if you have checked your av? McAfee for example has a feature to prevent mass mailing which is a checkbox.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 1

Author Comment

by:Gerhardpet
Comment Utility
I know that at this point the emails never gets to the server because I do a packet test specific on port 25 and I see no activity. I also did one on the external port 2525 and no activity either.
0
 
LVL 15

Expert Comment

by:It breaks therefore I am
Comment Utility
Have you done the same on your firewall ? Run a syslog to see if packets are reaching it and if they get allowed or denied.
0
 
LVL 1

Author Comment

by:Gerhardpet
Comment Utility
I have been running the packet test on the firewall all along. No the packets never get to the firewall
0
 
LVL 15

Accepted Solution

by:
It breaks therefore I am earned 500 total points
Comment Utility
Do you use an external mta like a spam filter? In other words does your mx record resolve to your firewall wan address or does it go via something like messagelabs. Obviously your ip has not changed right ? I am trying to work out why packets don't hit the firewall and usually if the wan ip has not changed it's usually a firewall rule dropping packets but you would see this in the log. If the ip has changed then it's never going to reach the firewall. Thats obvious though. The other thing to consider is any device in front of the firewall, ie dual Nat ... If it's a single device, your ip has not changed and the firewall is not showing packets hitting it on port 25 then I would go back to the ISP . Try restarting your firewall also, I have seen this before with a cisco 1800 caused by a memory leak. Sounds crassly untechnical but a reboot can do a lot.
0
 
LVL 1

Author Comment

by:Gerhardpet
Comment Utility
It turns out that one of the main routers at the ISP crached over the weekend and had to replace as an emergency

Port 25 was blocked both ways.

Everything is back to normal
0
 
LVL 1

Author Comment

by:Gerhardpet
Comment Utility
I've requested that this question be closed as follows:

Accepted answer: 0 points for Gerhardpet's comment http:/Q_27290514.html#36488971

for the following reason:

Found problem myself
0
 
LVL 15

Expert Comment

by:It breaks therefore I am
Comment Utility

This was always going to be a possibility... even after the ISP suggested it was not their issue which is why I advised:

"I would go back to the ISP"
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Resolve Outlook connectivity issues after moving mailbox to new Exchange 2016 server
Local Continuous Replication is a cost effective and quick way of backing up Exchange server data. The following article describes the steps required to configure Local Continuous Replication. Also, the article tells you how to restore from a backup…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now