Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 565
  • Last Modified:

New Exchange 2007 won't accept external emails

We just recently migrated our SBS 2003 server to SBS 2008 using the sbsmigration.com as our guide. We had some issues with network card drivers that was causing the DC to go up and down randomly we finally got that issue fixed but now we aren't receiving external emails anymore and senders are receiving the following NDR. I have looked at the receive connectors and added anonymous, no luck. mydomain.org is already added to the accepted domains as well as mail.mydomain.org which has an MX record pointing to our public ip. Mxtoolbox is able to communicate with the server, but when I run testexchangeconnectivity.com tests it gets through everything but the actual sending of the message and I get the relay error. Any help would be appreciated.

Sending messages internally isn't an issue as well as sending messages externally it just is the messages externally trying to hit our server. We are running this with just one SBS 2008 server running exchange and hub transport is what we are looking to use.

Delivery to the following recipient failed permanently:

    user@mydomain.org

Technical details of permanent failure:
Google tried to deliver your message, but it was rejected by the recipient domain. We recommend contacting the other email provider for further information about the cause of this error. The error that the other server returned was: 550 550 5.7.1 Unable to relay for user@mydomain.org (state 14).

----- Original message -----

MIME-Version: 1.0
Received: by 10.204.152.66 with SMTP id f2mr656543bkw.63.1316614137043; Wed,
 21 Sep 2011 07:08:57 -0700 (PDT)
Received: by 10.204.116.74 with HTTP; Wed, 21 Sep 2011 07:08:56 -0700 (PDT)
Date: Wed, 21 Sep 2011 07:08:56 -0700
Message-ID: <CAKyDHmsqG0gK5h4WQ0zi9e2kMbs12sku-9BAC=nuF=C+kfMxkA@mail.gmail.com>
Subject: external to internal testing
From: Joe User <XXXXX@gmail.com>
To: user@mydomain.org
Content-Type: text/plain; charset=ISO-8859-1

Email test.

Open in new window

0
nirsait
Asked:
nirsait
  • 15
  • 15
  • 2
1 Solution
 
Neil RussellTechnical Development LeadCommented:
It looks as if your accepted domain does not include mydomain.org
0
 
Neil RussellTechnical Development LeadCommented:
0
 
nirsaitAuthor Commented:
I actually have 3 accepted domains:
mail.mydomain.org - Auth. - True
mydomain.org - Auth. - True
server.mydomain.org - Auth. - False

Server is my DC/Exchange server. The mail.mydomain.org is what our MX record points to. The mydomain.org was already in place I didn't add that one.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
nirsaitAuthor Commented:
At this point I have ruled out an issue with the sonicwall firewall setup since we are getting responses from port 25. Am I correct in thinking this is a exchange server configuration issue or should I still be looking at the firewall for potential solutions?
0
 
chris-burnsCommented:
You have set up your receive connectors for anonymous access, yes?

http://www.networksteve.com/exchange/topic.php/receive_connectors/?TopicId=23198&Posts=10

0
 
nirsaitAuthor Commented:
I have 2 receive connectors:

Default points to server.mydomain.org (FQDN) and didn't originally have anon. access but I have since checked that box.

SBS Internet points to mail.mydomain.org (FQDN) and just has anon. access checked.

Would I need to add my public ip to either of these in the network tab? Or is that handled completely through my sonicwall?
0
 
chris-burnsCommented:
Is your sonic wall doing any filtering? Or is it just port forwarding port 25.
0
 
nirsaitAuthor Commented:
I believe it is doing filtering since I had to setup NAT policies and when doing a whatismyip.com from the server I get the same public ip address as the rest of the workstations. I followed sonicwall's setup instructions for passing smtp to a server behind the firewall.

On our old cisco firewall the server used to have the same ip address as the mx record which was different than the rest of the workstations public ip addresses by one digit.

Hopefully that makes sense.
0
 
chris-burnsCommented:
Ok, I doubt it would be email filtering. It sounds like it is just sounds like it is taking the external address and converting it to your internal address. ( You may want to read up on exchange spam filtering after this)

Ok make sure one of your receive connectors is lessening on port 25.

And make sure the network address that can connect to the connector is the internal address of your sonic wall.
0
 
nirsaitAuthor Commented:
Ok, I think that is what I have. In both the default and the internet receive connectors under network tab -> receive mail -> 10.10.80.6 port 25 is listed which is the internal ip address of the sonicwall.
0
 
chris-burnsCommented:
Sorry, my delete key did not remove the second "sounds like".
0
 
chris-burnsCommented:
Hmmm. Ok, try telneting into your external ip address. On port 25.

What does the banner say? Sonic wall or microsoft smtp?
0
 
nirsaitAuthor Commented:
I am able to telnet into the external ip address and I receive the microsoft smtp, although it does list the server.mydomain.org at the top, don't know if this is an issue or not.
0
 
chris-burnsCommented:
That is fine. That means no filtering on the sonic wall. And your exchange server is listening on the right port.

We should try sending an email from telnet through your external ip. Let's see if we get the same issue.

If we are still getting relay denied error Then the problem now suggests that your exchange server does not like the domain name it is being provided with. Do you operate a split dns?

Your internal dns zone being company.com not company.local and does that match your external domain.
0
 
chris-burnsCommented:
0
 
nirsaitAuthor Commented:
I have tried sending a message through telnet and I get the 550 5.7.1 unable to route.

Our internal domain name is the same as our external. Both are mydomain.org.
0
 
chris-burnsCommented:
Ok, that rules dns out. Subject to your dns not being changed since exchange has been installed.

Ok. I want to confirm how sonic wall is passing traffic . On your receive connector add 0.0.0.0 to 255.255.255.255 for remote ip's
0
 
nirsaitAuthor Commented:
Both the Default and Internet receive connectors have these values for remote ips. The internet one breaks it up slightly differently but they are all covered.
0
 
chris-burnsCommented:
That Sounds Very Strange. Can I confirm all your options as are attached?

If so, Can you try sending an email by telneting to exchange from an internal address
Screen-shot-2011-09-21-at-20.52..png
Screen-shot-2011-09-21-at-20.54..png
Screen-shot-2011-09-21-at-20.55..png
0
 
chris-burnsCommented:
I am assuming this has already been done but check out accepted domains paragraph on this page.

http://blogs.technet.com/b/exchange/archive/2006/11/17/3397307.aspx
0
 
nirsaitAuthor Commented:
Ok looking at those pictures everything looks to be in order I only have 2 addresses listed under network local ip addresses and they are 10.10.80.2 - 25 (which is the internal address of the exchange/sbs server) and 10.10.80.6 - 25 (which is the internal address for the sonicwall). These apply to the default connector only the internet one is a lot more sparse with the permission groups and the authentication.

When trying to send a message through telnet everything I try gives me a 550 5.7.1 unable to relay on the rcpt to: portion. It gives me the same issue if I choose mail from: that is internal as well as external.
0
 
chris-burnsCommented:
Can i just clarify.

(which is the internal address of the exchange/sbs server) and 10.10.80.6 - 25 (which is the internal address for the sonicwall).

The sonicwall address should not be in the local IP address list. When it says local ip, it means ip addresses on the exchange server. So only have 10.10.80.2 in the top box, or "All available IPv4 addresses"
0
 
nirsaitAuthor Commented:
Ok, I removed that the 10.10.80.6 ip address from both of the connectors. I also disabled the SBS Fax sharepoint connector since we aren't using sharepoint yet.
0
 
chris-burnsCommented:
Did you run the accepted domains mmc? as per link above?

Once you do that can you check internal telnet again
0
 
nirsaitAuthor Commented:
Sorry I missed that link the first time but I have read through it and I have 3 accepted domains added to the list:
mydomain.org
mail.mydomain.org
server.mydomain.org

The mydomain.org was already created and the default the other 2 I added trying to get this to work. I am getting the same errors when trying to telnet a message as before.
0
 
chris-burnsCommented:
SO to confirm.

You have the receive connector setup the same as above.
You have all three accepted domains listed.
You have tested, via telnet, to multiple users email addresses.
the end user has their smtp address listed their email addresses tab
The above email is the same as you are trying to send to via telnet.

Out of curiosity. can you add an smtp address of ...@server.company.com to your email addresses on your account.

Then try sending an email to that address via telnet.
0
 
chris-burnsCommented:
If this does not work, i am out of ideas.

If it were me. I would recreate the receive connector. it looks like there may be a problem with it.

I do have a small worry about your NIC dropping out previously. Could be a install problem. But I doubt it if everything else is fine.

I would also have a look in your event viewer, see if there are any weird errors in there. And also check to ensure Exchange is fully patched, SP2 is out which may fix the issue.

I will have a think about it tonight and come back to you tomorrow if i think of anything else. Unfortunately It is getting late in the UK.
0
 
nirsaitAuthor Commented:
Ok, I think we are getting somewhere. I do confirm everything is setup as you listed. I added an smtp address to my account that looks like ...@server.mydomain.org. Tried doing a send mail from telnet and didn't get an error on the rcpt to: part when using the above address. The message isn't showing up in the inbox though. I also still have issues when trying to send from the ...@server.mydomain.org to my gmail account still unable to route no matter if I telnet externally or internally.
0
 
nirsaitAuthor Commented:
Thanks for all the help chris-burns. I will keep plugging away. I feel the same especially since it was working yesterday but we had issues with the NIC drivers once the NIC drivers got fixed now external email is not working. Everyone wants to know when it will be fixed.  =)
0
 
nirsaitAuthor Commented:
Ok, worked with microsoft to get this working the issue was that the SMTP service was installed. As soon as that was uninstalled mail started flowing from external address. Thanks chris-burns for the help.
0
 
nirsaitAuthor Commented:
Worked with microsoft support and removed the SMTP service.
0
 
chris-burnsCommented:
Wow, Would never had thought of that one.

Glad to be of limited help.

Chris
0

Featured Post

Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

  • 15
  • 15
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now