Solved

How do I fix not being able to receive emails from addresses that are outside company domain?

Posted on 2011-09-23
35
1,323 Views
Last Modified: 2012-05-12
I've restarted my servers a few times and everything was fine, but yesterday I restarted them again, and since 1pm yesterday, nobody has been able to receive emails from addresses that are outside of the company domain.  E.g. "@hotmail.com" "@gmail.com" etc.. We can send to outside emails perfectly fine and internal sending and receiving works fine, but we cannot receive from external emails.  I've already tried telnetting and I've gotten all the right responses and IP addresses.  I have no clue what to do and this is affecting 350+ company clients which is causing major problems.  Please help!!!

One server is the Domain Controller with Active Directory and the other is running exchange, files, and apps.  We only have 2 servers here.
0
Comment
Question by:Brent Johnson
  • 16
  • 5
  • 5
  • +3
35 Comments
 

Author Comment

by:Brent Johnson
ID: 36587144
Please help me!!  This is mission critical!!
0
 
LVL 16

Expert Comment

by:Viral Rathod
ID: 36587235
1) Go to https://www.testexchangeconnectivity.com and Run Inbound E-mail flow TEst and post the results

2) Go to http://mxtoolbox.com/blacklists.aspx and make sure your domain is not blacklsited
0
 

Author Comment

by:Brent Johnson
ID: 36587272
viralrathod -
The results to the exchange test:  
"The test result has expired and cannot be retrieved. Please run the test again."
That is the message that it keeps giving me when I test it.

I also want to add that when I tried telnetting to port 25, it tells me, "connect failed".  Does this have something to do with it?

0
 

Author Comment

by:Brent Johnson
ID: 36587298
"Cyberlogic" and "spamrbl" for blacklist gives a yellow mark and says both timed out, but all others show green and ok.
0
 
LVL 16

Expert Comment

by:Viral Rathod
ID: 36587326
Go to http://www.mxtoolbox.com/portscan.aspx and run port scan and make sure port 25 is open

OR you can go to "canyouseeme.org" and make sure port 25 is open

Also you need to remove your domain from above blacklist servers ,else your inbound mail flow will not work.
0
 

Author Comment

by:Brent Johnson
ID: 36587348
Also, "emailbasura" has a yellow mark with timed out error on blacklist check.
0
 
LVL 16

Expert Comment

by:Viral Rathod
ID: 36587369
A timeout on the Blacklist Tool just means that at the time of the query that Blacklist did not answer. It does not necessarily mean you are listed on that Blacklist.
0
 

Author Comment

by:Brent Johnson
ID: 36587404
This is what shows up when I do a port scan using portscan on mxtoolbox and blacklist checker
port25.jpg
blacklist.jpg
Untitled.jpg
0
 

Author Comment

by:Brent Johnson
ID: 36587500
I also just tried to run a test on inbound mail using the first link you provided and it came back as "connectivity test successful" with all green checks on each item.
0
 
LVL 16

Expert Comment

by:Viral Rathod
ID: 36587658
Did you receive the e-mail which you have sent using above testexchnageconnectivity tool ?

I guess the port 25 is blocked from your server or firewall

Can you go to http://canyouseeme.org and make sure port 25 is open

letus know the results.
0
 

Author Comment

by:Brent Johnson
ID: 36587719
I did not receive any emails using the testexchangeconnectivity too.  "Error: I could not see your service on 12.111.39.131 on port (25)
Reason: Connection timed out"  That is the message that comes up on canyouseeme.org when I check port: 25 from the exchange server.
0
 

Author Comment

by:Brent Johnson
ID: 36587728
Could it be possible that port 25 could be blocked from the server or firewall from simply restarting the servers after updating them?  I did not do anything else, but restart them.
0
 

Author Comment

by:Brent Johnson
ID: 36587887
Another thing to note is that the firewalls on all computers and servers are off.
0
 
LVL 16

Expert Comment

by:Viral Rathod
ID: 36588183
Can you post me the results of testexchnageconnectivity tool ?
0
 
LVL 21

Expert Comment

by:Papertrip
ID: 36588502
In that portscan pic you only put in "25" instead of your IP, so it ran checks against 0.0.0.25

Using the IP you put into the other search tools, I can connect to port 25... but it's Postini...

Are you sure 65.18.6.10 is the correct IP?

[root@broken ~]# telnet 64.18.6.10 25
Trying 64.18.6.10...
Connected to 64.18.6.10.
Escape character is '^]'.
220 Postini ESMTP 249 y6_43_0c9 ready.  CA Business and Professions Code Section 17538.45 forbids use of this system for unsolicited electronic mail advertisements.

Open in new window

0
 
LVL 12

Expert Comment

by:Deepu Chowdary
ID: 36588653
Once check this at Postini end.,,
 As the test exchange connectivity is sucesfull
0
 

Author Comment

by:Brent Johnson
ID: 36588919
viralrathod:  See pic that I attached for results of test.
Untitled.jpg
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 12

Expert Comment

by:Deepu Chowdary
ID: 36588955
This attachment says that the inbound mailflow is fine, so once check wether it is reaching our exchange server or not.
If not check with the third party(Postini in this case).
0
 

Author Comment

by:Brent Johnson
ID: 36588975
The exchange server's external ip address is:  12.111.39.131.  I used the mxtool to test that ip address and it comes back with "Timeout occurred due to inactivity."  I ran it a few times and everytime it was the same thing with the timeouts.
0
 

Author Comment

by:Brent Johnson
ID: 36588991
exchange9, how do I do those two things that you said?
0
 

Author Comment

by:Brent Johnson
ID: 36589001
I ran the test on the server again and this time I got a response instead of a timeout.  See pic for that.  It shows that the smtp and other ports are off.
server.jpg
0
 
LVL 21

Accepted Solution

by:
Papertrip earned 500 total points
ID: 36589002
[root@broken ~]# dig mx meadowridge.com +short
10 MEADOWRIDGE.COM.S7A1.PSMTP.com.
20 MEADOWRIDGE.COM.S7A2.PSMTP.com.
30 MEADOWRIDGE.COM.S7B1.PSMTP.com.
40 MEADOWRIDGE.COM.S7B2.PSMTP.com.

Open in new window


Check Postini logs to see if the mails are even getting that far, and any logs from Postini relaying to your Exchange server.
0
 
LVL 21

Expert Comment

by:Papertrip
ID: 36589007
Stop testing with 12.111.39.131, that is not where the mail going to for your domain from the internet, it is going to Postini.
0
 
LVL 12

Expert Comment

by:Deepu Chowdary
ID: 36589014
Is that IP pingable..? Make sure once.. check the server is online or not..
0
 

Author Comment

by:Brent Johnson
ID: 36589021
where do I go to check the postini logs?
0
 
LVL 21

Expert Comment

by:Papertrip
ID: 36589024
0
 

Author Comment

by:Brent Johnson
ID: 36589036
I can access the internet and everything else on the servers and I can ping both servers.  I can't ping the "12.111.39.131" ip though because its the server's outside ip address.
0
 
LVL 21

Expert Comment

by:Papertrip
ID: 36589050
[root@broken ~]# telnet 12.111.39.131 25
Trying 12.111.39.131...
telnet: connect to address 12.111.39.131: Connection timed out

Open in new window


12.111.39.131 is not listening on port 25.  You need to start the search at Postini and forget about 12.111.39.131 for now.
0
 
LVL 12

Expert Comment

by:Deepu Chowdary
ID: 36589179
Check wether you have any incoming mails in queues.

Also you have message tracking center node in tools :
Check this once
http://www.msexchange.org/tutorials/Exchange-2003-Message-Tracking-Logging.html
0
 
LVL 12

Expert Comment

by:Deepu Chowdary
ID: 36589188
That link is for 2003 and for advanced versions check message tracking center under tool box.
0
 
LVL 7

Expert Comment

by:Jarred Power
ID: 36590128
Who is your ISP? - My ISP (comcast business) blocked Port 25 on their router without notice.  Switch exchange to a different port to test.  
0
 
LVL 7

Expert Comment

by:Jarred Power
ID: 36590149
Or open port 26 on your firewall and forward to port 25 on your exchange server. (what we ended up doing)
0
 
LVL 7

Expert Comment

by:Jarred Power
ID: 36590210
Sorry I just read thought the other posts, since you have your mail going though Postini, it's probable set to connect with your exchange server on port 25. So you need to change this to another port so it can connect to exchange (i.e. 26).

It should look something like this:

=>Postini =>Firewall yourIP:26 = (Portforward)>exchange:25  (or you could switch this too)


0
 
LVL 5

Expert Comment

by:nashim khan
ID: 36592068
Hi,
Please use the below given link and analyze the issue.

1) Go to https://www.testexchangeconnectivity.com and Run Inbound E-mail flow TEst and post the results

2) Go to http://mxtoolbox.com/blacklists.aspx and make sure your domain is not blacklsited

3) Go to  http://www.t1shopper.com/tools/port-scan/ and make sure the port is not blocked.
0
 

Author Closing Comment

by:Brent Johnson
ID: 36593512
The problem has been fixed!  Thank you to everyone who was helping me through this.  What ended up happening was that the vendor that we use for our big jobs like Postini troubleshooting and stuff logged into our Postini account and saw that the email spooler was stopped and needed to be restarted.  It stopped when I rebooted the exchange server, so the reboot actually did cause this error technically.  The guy from the vendor just rebooted the email spooler in Postini and all the external emails started flowing in like crazy.  Once again thank you all for your help!!!
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Junk folder 23 108
outlook, calendar, exchange 10 25
Intunes without company portal 3 35
Exchange move and fail over 17 60
Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
how to add IIS SMTP to handle application/Scanner relays into office 365.

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now