Solved

Question on port forwarding on exchange 2007

Posted on 2011-09-03
13
469 Views
Last Modified: 2012-05-12
I have customer where as of Friday the emails stopped coming in to the SBS 2008 Exchange.

At first I was troubleshooting the server to find nothing wrong with it. Finally I found that for some reason the ISP is blocking port 25. Before I found out I already called them to ask and was told that they are not blocking it.

So what I'm doing now is open port 2525 on the firewall and forward to port 25 on the server. I can telnet on port 2525 I can connect to the server and when I do a packet trace the packet flow to the server.

But the problem is that the emails don't get to the server. I can send emails using a smart host from dnsmadeeasy.com using port 5525 but not able to receive any emails

Should that not work what I'm doing? Or is there a step I'm missing?

Please help...
0
Comment
Question by:Gerhardpet
  • 5
  • 5
  • 3
13 Comments
 
LVL 11

Expert Comment

by:madhatter5501
ID: 36479362
can you telnet on port 25 from outside your organization to your server? do you have port 25 open going outside? try restarting the server too
0
 
LVL 1

Author Comment

by:Gerhardpet
ID: 36479364
No I can't telnet on port 25 from outside the organization to the server. I can on port 2525 which on the firewall I forward to the server on port 25

I have not restarted the server which I will do now
0
 
LVL 11

Expert Comment

by:madhatter5501
ID: 36479375
if that fails after the reboot, you may want to try this - http://www.no-ip.com/support/guides/email/blocked_port_25.html

that works by pointing the mx records to the no-ip and they take port 25 and will send it to your server using the port you choose working the "translation"

may be worth a shot and I believe it is free.
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 
LVL 11

Expert Comment

by:madhatter5501
ID: 36479376
after looking, it is actually $39/year
0
 
LVL 15

Expert Comment

by:It breaks therefore I am
ID: 36479629
Check your firewall rules, check the logs of your router to make su this is not blocking smtp

SBS uses anti spam agents on the HT role out of the box so check to see if this is the cause, use the Get-agent log cmdlet

http://technet.microsoft.com/en-us/library/aa996044(v=exchg.80).aspx

I would fix the issue rather that come up with a workaround and something is obviously not working on your side if the ISP have already said it's not them causing it. Switch your receive connector to verbose logging and look at the logs in transport role.

0
 
LVL 15

Expert Comment

by:It breaks therefore I am
ID: 36479633
Also I was going to ask if you have checked your av? McAfee for example has a feature to prevent mass mailing which is a checkbox.
0
 
LVL 1

Author Comment

by:Gerhardpet
ID: 36480243
I know that at this point the emails never gets to the server because I do a packet test specific on port 25 and I see no activity. I also did one on the external port 2525 and no activity either.
0
 
LVL 15

Expert Comment

by:It breaks therefore I am
ID: 36480347
Have you done the same on your firewall ? Run a syslog to see if packets are reaching it and if they get allowed or denied.
0
 
LVL 1

Author Comment

by:Gerhardpet
ID: 36480501
I have been running the packet test on the firewall all along. No the packets never get to the firewall
0
 
LVL 15

Accepted Solution

by:
It breaks therefore I am earned 500 total points
ID: 36480566
Do you use an external mta like a spam filter? In other words does your mx record resolve to your firewall wan address or does it go via something like messagelabs. Obviously your ip has not changed right ? I am trying to work out why packets don't hit the firewall and usually if the wan ip has not changed it's usually a firewall rule dropping packets but you would see this in the log. If the ip has changed then it's never going to reach the firewall. Thats obvious though. The other thing to consider is any device in front of the firewall, ie dual Nat ... If it's a single device, your ip has not changed and the firewall is not showing packets hitting it on port 25 then I would go back to the ISP . Try restarting your firewall also, I have seen this before with a cisco 1800 caused by a memory leak. Sounds crassly untechnical but a reboot can do a lot.
0
 
LVL 1

Author Comment

by:Gerhardpet
ID: 36488971
It turns out that one of the main routers at the ISP crached over the weekend and had to replace as an emergency

Port 25 was blocked both ways.

Everything is back to normal
0
 
LVL 1

Author Comment

by:Gerhardpet
ID: 36488993
I've requested that this question be closed as follows:

Accepted answer: 0 points for Gerhardpet's comment http:/Q_27290514.html#36488971

for the following reason:

Found problem myself
0
 
LVL 15

Expert Comment

by:It breaks therefore I am
ID: 36488994

This was always going to be a possibility... even after the ISP suggested it was not their issue which is why I advised:

"I would go back to the ISP"
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
Read this checklist to learn more about the 15 things you should never include in an email signature.
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now