Solved

New Exchange 2007 won't accept external emails

Posted on 2011-09-21
32
546 Views
Last Modified: 2012-05-12
We just recently migrated our SBS 2003 server to SBS 2008 using the sbsmigration.com as our guide. We had some issues with network card drivers that was causing the DC to go up and down randomly we finally got that issue fixed but now we aren't receiving external emails anymore and senders are receiving the following NDR. I have looked at the receive connectors and added anonymous, no luck. mydomain.org is already added to the accepted domains as well as mail.mydomain.org which has an MX record pointing to our public ip. Mxtoolbox is able to communicate with the server, but when I run testexchangeconnectivity.com tests it gets through everything but the actual sending of the message and I get the relay error. Any help would be appreciated.

Sending messages internally isn't an issue as well as sending messages externally it just is the messages externally trying to hit our server. We are running this with just one SBS 2008 server running exchange and hub transport is what we are looking to use.

Delivery to the following recipient failed permanently:

    user@mydomain.org

Technical details of permanent failure:
Google tried to deliver your message, but it was rejected by the recipient domain. We recommend contacting the other email provider for further information about the cause of this error. The error that the other server returned was: 550 550 5.7.1 Unable to relay for user@mydomain.org (state 14).

----- Original message -----

MIME-Version: 1.0
Received: by 10.204.152.66 with SMTP id f2mr656543bkw.63.1316614137043; Wed,
 21 Sep 2011 07:08:57 -0700 (PDT)
Received: by 10.204.116.74 with HTTP; Wed, 21 Sep 2011 07:08:56 -0700 (PDT)
Date: Wed, 21 Sep 2011 07:08:56 -0700
Message-ID: <CAKyDHmsqG0gK5h4WQ0zi9e2kMbs12sku-9BAC=nuF=C+kfMxkA@mail.gmail.com>
Subject: external to internal testing
From: Joe User <XXXXX@gmail.com>
To: user@mydomain.org
Content-Type: text/plain; charset=ISO-8859-1

Email test.

Open in new window

0
Comment
Question by:nirsait
  • 15
  • 15
  • 2
32 Comments
 
LVL 37

Expert Comment

by:Neil Russell
ID: 36575099
It looks as if your accepted domain does not include mydomain.org
0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 36575101
0
 

Author Comment

by:nirsait
ID: 36575177
I actually have 3 accepted domains:
mail.mydomain.org - Auth. - True
mydomain.org - Auth. - True
server.mydomain.org - Auth. - False

Server is my DC/Exchange server. The mail.mydomain.org is what our MX record points to. The mydomain.org was already in place I didn't add that one.
0
 

Author Comment

by:nirsait
ID: 36575425
At this point I have ruled out an issue with the sonicwall firewall setup since we are getting responses from port 25. Am I correct in thinking this is a exchange server configuration issue or should I still be looking at the firewall for potential solutions?
0
 
LVL 3

Expert Comment

by:chris-burns
ID: 36575747
You have set up your receive connectors for anonymous access, yes?

http://www.networksteve.com/exchange/topic.php/receive_connectors/?TopicId=23198&Posts=10

0
 

Author Comment

by:nirsait
ID: 36575869
I have 2 receive connectors:

Default points to server.mydomain.org (FQDN) and didn't originally have anon. access but I have since checked that box.

SBS Internet points to mail.mydomain.org (FQDN) and just has anon. access checked.

Would I need to add my public ip to either of these in the network tab? Or is that handled completely through my sonicwall?
0
 
LVL 3

Expert Comment

by:chris-burns
ID: 36575916
Is your sonic wall doing any filtering? Or is it just port forwarding port 25.
0
 

Author Comment

by:nirsait
ID: 36575948
I believe it is doing filtering since I had to setup NAT policies and when doing a whatismyip.com from the server I get the same public ip address as the rest of the workstations. I followed sonicwall's setup instructions for passing smtp to a server behind the firewall.

On our old cisco firewall the server used to have the same ip address as the mx record which was different than the rest of the workstations public ip addresses by one digit.

Hopefully that makes sense.
0
 
LVL 3

Expert Comment

by:chris-burns
ID: 36576000
Ok, I doubt it would be email filtering. It sounds like it is just sounds like it is taking the external address and converting it to your internal address. ( You may want to read up on exchange spam filtering after this)

Ok make sure one of your receive connectors is lessening on port 25.

And make sure the network address that can connect to the connector is the internal address of your sonic wall.
0
 

Author Comment

by:nirsait
ID: 36576046
Ok, I think that is what I have. In both the default and the internet receive connectors under network tab -> receive mail -> 10.10.80.6 port 25 is listed which is the internal ip address of the sonicwall.
0
 
LVL 3

Expert Comment

by:chris-burns
ID: 36576047
Sorry, my delete key did not remove the second "sounds like".
0
 
LVL 3

Expert Comment

by:chris-burns
ID: 36576070
Hmmm. Ok, try telneting into your external ip address. On port 25.

What does the banner say? Sonic wall or microsoft smtp?
0
 

Author Comment

by:nirsait
ID: 36576113
I am able to telnet into the external ip address and I receive the microsoft smtp, although it does list the server.mydomain.org at the top, don't know if this is an issue or not.
0
 
LVL 3

Expert Comment

by:chris-burns
ID: 36576163
That is fine. That means no filtering on the sonic wall. And your exchange server is listening on the right port.

We should try sending an email from telnet through your external ip. Let's see if we get the same issue.

If we are still getting relay denied error Then the problem now suggests that your exchange server does not like the domain name it is being provided with. Do you operate a split dns?

Your internal dns zone being company.com not company.local and does that match your external domain.
0
 
LVL 3

Expert Comment

by:chris-burns
ID: 36576178
0
 

Author Comment

by:nirsait
ID: 36576188
I have tried sending a message through telnet and I get the 550 5.7.1 unable to route.

Our internal domain name is the same as our external. Both are mydomain.org.
0
Free Gift Card with Acronis Backup Purchase!

Backup any data in any location: local and remote systems, physical and virtual servers, private and public clouds, Macs and PCs, tablets and mobile devices, & more! For limited time only, buy any Acronis backup products and get a FREE Amazon/Best Buy gift card worth up to $200!

 
LVL 3

Expert Comment

by:chris-burns
ID: 36576283
Ok, that rules dns out. Subject to your dns not being changed since exchange has been installed.

Ok. I want to confirm how sonic wall is passing traffic . On your receive connector add 0.0.0.0 to 255.255.255.255 for remote ip's
0
 

Author Comment

by:nirsait
ID: 36576342
Both the Default and Internet receive connectors have these values for remote ips. The internet one breaks it up slightly differently but they are all covered.
0
 
LVL 3

Expert Comment

by:chris-burns
ID: 36576422
That Sounds Very Strange. Can I confirm all your options as are attached?

If so, Can you try sending an email by telneting to exchange from an internal address
Screen-shot-2011-09-21-at-20.52..png
Screen-shot-2011-09-21-at-20.54..png
Screen-shot-2011-09-21-at-20.55..png
0
 
LVL 3

Expert Comment

by:chris-burns
ID: 36576500
I am assuming this has already been done but check out accepted domains paragraph on this page.

http://blogs.technet.com/b/exchange/archive/2006/11/17/3397307.aspx
0
 

Author Comment

by:nirsait
ID: 36576525
Ok looking at those pictures everything looks to be in order I only have 2 addresses listed under network local ip addresses and they are 10.10.80.2 - 25 (which is the internal address of the exchange/sbs server) and 10.10.80.6 - 25 (which is the internal address for the sonicwall). These apply to the default connector only the internet one is a lot more sparse with the permission groups and the authentication.

When trying to send a message through telnet everything I try gives me a 550 5.7.1 unable to relay on the rcpt to: portion. It gives me the same issue if I choose mail from: that is internal as well as external.
0
 
LVL 3

Expert Comment

by:chris-burns
ID: 36576551
Can i just clarify.

(which is the internal address of the exchange/sbs server) and 10.10.80.6 - 25 (which is the internal address for the sonicwall).

The sonicwall address should not be in the local IP address list. When it says local ip, it means ip addresses on the exchange server. So only have 10.10.80.2 in the top box, or "All available IPv4 addresses"
0
 

Author Comment

by:nirsait
ID: 36576895
Ok, I removed that the 10.10.80.6 ip address from both of the connectors. I also disabled the SBS Fax sharepoint connector since we aren't using sharepoint yet.
0
 
LVL 3

Expert Comment

by:chris-burns
ID: 36576919
Did you run the accepted domains mmc? as per link above?

Once you do that can you check internal telnet again
0
 

Author Comment

by:nirsait
ID: 36577011
Sorry I missed that link the first time but I have read through it and I have 3 accepted domains added to the list:
mydomain.org
mail.mydomain.org
server.mydomain.org

The mydomain.org was already created and the default the other 2 I added trying to get this to work. I am getting the same errors when trying to telnet a message as before.
0
 
LVL 3

Expert Comment

by:chris-burns
ID: 36577057
SO to confirm.

You have the receive connector setup the same as above.
You have all three accepted domains listed.
You have tested, via telnet, to multiple users email addresses.
the end user has their smtp address listed their email addresses tab
The above email is the same as you are trying to send to via telnet.

Out of curiosity. can you add an smtp address of ...@server.company.com to your email addresses on your account.

Then try sending an email to that address via telnet.
0
 
LVL 3

Expert Comment

by:chris-burns
ID: 36577108
If this does not work, i am out of ideas.

If it were me. I would recreate the receive connector. it looks like there may be a problem with it.

I do have a small worry about your NIC dropping out previously. Could be a install problem. But I doubt it if everything else is fine.

I would also have a look in your event viewer, see if there are any weird errors in there. And also check to ensure Exchange is fully patched, SP2 is out which may fix the issue.

I will have a think about it tonight and come back to you tomorrow if i think of anything else. Unfortunately It is getting late in the UK.
0
 

Author Comment

by:nirsait
ID: 36577137
Ok, I think we are getting somewhere. I do confirm everything is setup as you listed. I added an smtp address to my account that looks like ...@server.mydomain.org. Tried doing a send mail from telnet and didn't get an error on the rcpt to: part when using the above address. The message isn't showing up in the inbox though. I also still have issues when trying to send from the ...@server.mydomain.org to my gmail account still unable to route no matter if I telnet externally or internally.
0
 

Author Comment

by:nirsait
ID: 36577145
Thanks for all the help chris-burns. I will keep plugging away. I feel the same especially since it was working yesterday but we had issues with the NIC drivers once the NIC drivers got fixed now external email is not working. Everyone wants to know when it will be fixed.  =)
0
 

Accepted Solution

by:
nirsait earned 0 total points
ID: 36584137
Ok, worked with microsoft to get this working the issue was that the SMTP service was installed. As soon as that was uninstalled mail started flowing from external address. Thanks chris-burns for the help.
0
 

Author Closing Comment

by:nirsait
ID: 36708146
Worked with microsoft support and removed the SMTP service.
0
 
LVL 3

Expert Comment

by:chris-burns
ID: 36585496
Wow, Would never had thought of that one.

Glad to be of limited help.

Chris
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Local Continuous Replication is a cost effective and quick way of backing up Exchange server data. The following article describes the steps required to configure Local Continuous Replication. Also, the article tells you how to restore from a backup…
A procedure for exporting installed hotfix details of remote computers using powershell
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now