Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Move Users from Hosted POP email to inhouse SBS 2008 SMTP

Posted on 2011-10-18
22
Medium Priority
?
571 Views
Last Modified: 2012-05-12
Hi all,

I will try to explain the situation we are currently in. The client (duvallhome.org) is using a hosted POP accounts from "spiderhost.com". They decided to move their mail to the onsite SBS 2008. i contacted spider host and had them create MX and A records and they also agreed to allow us to use them as a Smart Host relay (smtp-spiderhost.com):

Record FQDN      Record Type      Record Value      MX Pref

mail.duvallhome.org.      A      71.43.155.42      
duvallhome.org.      MX      mail.duvallhome.org.      10

I have forwarded port 25 in the watchguard to the LAN I of the server and checked with our ISP (Brighthouse networks) that they are not blocking port 25. Which they are not.

Here is where it gets weird. The users pop accounts are still active through spiderhost.com untill all of the users are cut over and working.
If one of the users POP accounts are disabled then that user can send but not receive using SBS 2008. If that users POP account is enabled then they can send and receive through SBS 2008.

Right now it is basically a gigantic mess. I am not sure how to proceed.

Thanks
 Frank




0
Comment
Question by:flteng562
  • 11
  • 6
  • 5
22 Comments
 
LVL 78

Expert Comment

by:Rob Williams
ID: 36989952
If the user can receive through the old POP account then the MX records have not been cut over to point to the SBS, they are still pointing to the hosting service.

Normally you would set up the SBS POP connector to POP the mail from the host, rather than from the desktop. Then change the MX records to pint to the SBS, which will take 2-48 hours to proogate the Internet DNS servers. After which e-mail should be delivered directly to the SBS. You can then start removing the various accounts from the SBS POP connector.
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 36989962
PS I assume you did run the SBS "set up your internet address" wizard and in step #7 select advanced and change from remote to mail
http://blogs.technet.com/b/sbs/archive/2008/10/15/introducing-the-internet-address-management-wizard-part-1-of-3.aspx
0
 

Author Comment

by:flteng562
ID: 36989998
Hi RobWill,

The MX records were setup 6 days ago. The client originally had there individual Outlooks setup with POP accounts not even using Exchange at all. That is the strange thing when i do a check of the MX record from mxtoolbox.com I get the following output:

Command:
mx:duvallhome.org                mx  

Pref      Hostname      IP Address      TTL            
10      mail.duvallhome.org      71.43.155.42      13 min      SMTP Test      Blacklist Check
dns lookup      ns lookup      mx lookup      whois lookup

Reported by ns2.mpinethosting.com on Tuesday, October 18, 2011 at 7:42:57 PM (GMT-5)

And yes I reran the "setup your internet address" wizard and in step 7 clicked advanced and changed from the default "remote" to "mail".

Thanks so far for the help with this.

Frank
0
Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

 
LVL 9

Expert Comment

by:raysonlee
ID: 36990040
First thing first, incoming mail to your SBS server rely on:
1. MX record pointing to your IP address (71.43.155.42)
2. Your watchguard (with WAN interface IP=71.43.155.42) forwarded traffic of port 25 to local IP of your SBS 2008
3. Your SBS 2008 has setup Exchange for the domain duvallhome.org
4. Your mail client (e.g. Outlook) setup incoming mailbox to mail.duvallhome.org
5. If you are accessing SBS 2008 within the same LAN, you may have to setup local DNS entry to revert it's local IP address
6 If you are accessing your mail server over Internet, make sure port 110 traffic forwarded to SBS server as well
 
For outgoing mail
1. You can use your SBS 2008 server to send out message directly by setting Outlook to use mail.duvallhome.org as the SMTP server
2. Again make sure port 25 traffic is forwarded to your SBS 2008 or use local IP in your DNS
3. As your ISP does not block port 25, I don't see any need to use smtp-spiderhome.com
 
P.S. I don't see any other MX record for duvallhome.org, if you want to test your SBS, you probably have to ask spiderhost to make the switch over for you.
0
 

Author Comment

by:flteng562
ID: 36990114
Hi raysonlee,

First thing first, incoming mail to your SBS server rely on:
1. MX record pointing to your IP address (71.43.155.42) - The mx records does point to the public IP

2. Your watchguard (with WAN interface IP=71.43.155.42) forwarded traffic of port 25 to local IP of your SBS 2008 - Port 25 is forwarded to the sbs server LAN ip

3. Your SBS 2008 has setup Exchange for the domain duvallhome.org - Yes

4. Your mail client (e.g. Outlook) setup incoming mailbox to mail.duvallhome.org - Outlook is using Exchange only. The pop account in outlook was removed.

5. If you are accessing SBS 2008 within the same LAN, you may have to setup local DNS entry to revert it's local IP address - No problems within the LAN accessing SBS

6 If you are accessing your mail server over Internet, make sure port 110 traffic forwarded to SBS server as well - Port 110 is also forwarded thrught the watchguard to the local IP of the SBS
 
For outgoing mail
1. You can use your SBS 2008 server to send out message directly by setting Outlook to use mail.duvallhome.org as the SMTP server - That (mail.duvallhome.org) was setup via the "setup your internet address" wizard

2. Again make sure port 25 traffic is forwarded to your SBS 2008 or use local IP in your DNS - Yes it is forwarded
3. As your ISP does not block port 25, I don't see any need to use smtp-spiderhome.com - ISP is not blocking port 25
 
P.S. I don't see any other MX record for duvallhome.org, if you want to test your SBS, you probably have to ask spiderhost to make the switch over for you.
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 36990179
Try testing your SBS site using the Microsoft Exchange Connectivity test tool
https://www.testexchangeconnectivity.com/
0
 
LVL 9

Expert Comment

by:raysonlee
ID: 36990630
Can you try ping mail.duvallhome.org from your PC running Outlook? What is the IP address?
Have you setup the MX record in your local DNS?
0
 

Author Comment

by:flteng562
ID: 36991406
Hi RobWill,

Using the toll you described provided the following results:

Inbound SMTP mail flow:
      Testing inbound SMTP mail flow for domain keith@duvallhome.org.
       Inbound SMTP mail flow was verified successfully.
       
      Test Steps
       
      Attempting to retrieve DNS MX records for domain duvallhome.org.
       One or more MX records were successfully retrieved from DNS.
       
      Additional Details
       MX Records Host mail.duvallhome.org, Preference 10
      Testing Mail Exchanger mail.duvallhome.org.
       This Mail Exchanger was tested successfully.
       
      Test Steps
       
      Attempting to resolve the host name mail.duvallhome.org in DNS.
       The host name resolved successfully.
       
      Additional Details
      Testing TCP port 25 on host mail.duvallhome.org to ensure it's listening and open.
       The port was opened successfully.
       
      Additional Details
      Attempting to send a test e-mail message to keith@duvallhome.org using MX mail.duvallhome.org.
       The test message was delivered successfully.
      Testing the MX mail.duvallhome.org for open relay by trying to relay to user Admin@TestExchangeConnectivity.com.
       The Open Relay test passed. This mx isn't an open relay.
       
      Additional Details
       The open relay test message delivery failed, which is a good thing.
The exception detail:
Exception details:
Message: Mailbox unavailable. The server response was: 5.7.1 Unable to relay
Type: System.Net.Mail.SmtpFailedRecipientException
Stack trace:
at System.Net.Mail.SmtpTransport.SendMail(MailAddress sender, MailAddressCollection recipients, String deliveryNotify, SmtpFailedRecipientException& exception)
at System.Net.Mail.SmtpClient.Send(MailMessage message)
at Microsoft.Exchange.Tools.ExRca.Tests.SmtpOpenRelayTest.PerformTestReally()

Outbound Mail test:

      Performing Outbound SMTP Test
       The outbound SMTP test was successful.
       
      Test Steps
       
      Attempting reverse DNS lookup for IP address 71.43.155.42.
       ExRCA successfully resolved IP address 71.43.155.42 via reverse DNS lookup.
       
      Additional Details
       ExRCA resolved IP address 71.43.155.42 to host rrcs-71-43-155-42.se.biz.rr.com.
      Performing Real-Time Blackhole List (RBL) Test
       Your IP address wasn't found on any of the block lists selected.
       
      Test Steps
       
      Checking Block List "SpamHaus Block List (SBL)"
       The address isn't on the block list.
       
      Additional Details
       IP address 71.43.155.42 wasn't found on RBL.
      Checking Block List "SpamHaus Exploits Block List (XBL)"
       The address isn't on the block list.
       
      Additional Details
       IP address 71.43.155.42 wasn't found on RBL.
      Checking Block List "SpamHaus Policy Block List (PBL)"
       The address isn't on the block list.
       
      Additional Details
       IP address 71.43.155.42 wasn't found on RBL.
      Checking Block List "SpamCop Block List"
       The address isn't on the block list.
       
      Additional Details
       IP address 71.43.155.42 wasn't found on RBL.
      Checking Block List "NJABL.ORG Block List"
       The address isn't on the block list.
       
      Additional Details
       IP address 71.43.155.42 wasn't found on RBL.
      Checking Block List "SORBS Block List"
       The address isn't on the block list.
       
      Additional Details
       IP address 71.43.155.42 wasn't found on RBL.
      Checking Block List "MSRBL Combined Block List"
       The address isn't on the block list.
       
      Additional Details
       IP address 71.43.155.42 wasn't found on RBL.
      Checking Block List "UCEPROTECT Level 1 Block List"
       The address isn't on the block list.
       
      Additional Details
       IP address 71.43.155.42 wasn't found on RBL.
      Checking Block List "AHBL Block List"
       The address isn't on the block list.
       
      Additional Details
       IP address 71.43.155.42 wasn't found on RBL.
      Performing Sender ID validation.
       Sender ID validation was performed successfully.
       
      Test Steps
       
      Attempting to find the SPF record using a DNS TEXT record query.
       ExRCA wasn't able to find the SPF record.
       
      Additional Details
       No records were found.      
0
 

Author Comment

by:flteng562
ID: 36991425
Hi Raysonlee,

When i ping mail.duvallhome.org it returns 4 replies from 71.43.155.42
0
 

Author Comment

by:flteng562
ID: 36991812
Update,

I created an account in SBS 2008 without creating the corresponding POP mail box in spiderhost.com. I cannot send email but I can receive it. Here is the message text from the bounce back:

Delivery has failed to these recipients or distribution lists:

frank@eandmcomputers.com
An error occurred while trying to deliver this message to the recipient's e-mail address. Microsoft Exchange will not try to redeliver this message for you. Please try resending this message, or provide the following diagnostic text to your system administrator.

keith@aaccomputers.com
An error occurred while trying to deliver this message to the recipient's e-mail address. Microsoft Exchange will not try to redeliver this message for you. Please try resending this message, or provide the following diagnostic text to your system administrator.

The following organization rejected your message: mx1.spiderhost.com.


--------------------------------------------------------------------------------
Sent by Microsoft Exchange Server 2007






Diagnostic information for administrators:

Generating server: SBS08SERVER.duvallhome.local

frank@eandmcomputers.com
mx1.spiderhost.com #550-Verification failed for <FFarero@duvallhome.org> 550-Unrouteable address 550 Sender verify failed ##

keith@aaccomputers.com
mx1.spiderhost.com #550 Sender verify failed ##

Original message headers:

Received: from SBS08SERVER.duvallhome.local ([fe80::3f72:944b:51aa:94b9]) by
 SBS08SERVER.duvallhome.local ([fe80::3f72:944b:51aa:94b9%10]) with mapi; Wed,
 19 Oct 2011 06:15:19 -0400
From: Frank Farero <FFarero@duvallhome.org>
To: "frank@eandmcomputers.com" <frank@eandmcomputers.com>
CC: "keith@aaccomputers.com" <keith@aaccomputers.com>
Date: Wed, 19 Oct 2011 06:15:18 -0400
Subject: New User Test with no POP account
Thread-Topic: New User Test with no POP account
Thread-Index: AQHMjkgAYZvxyJDRrU+/+sGeJrK+Og==
Message-ID: <89E90F4133A8264FAC6C268E0772D10001BD904AD815@SBS08SERVER.duvallhome.local>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
x-kse-antivirus-interceptor-info: scan successful
x-kse-antivirus-info: Clean
Content-Type: multipart/alternative;
      boundary="_000_89E90F4133A8264FAC6C268E0772D10001BD904AD815SBS08SERVER_"
MIME-Version: 1.0

0
 
LVL 9

Expert Comment

by:raysonlee
ID: 36993854
That's the problem! Your Outlook clients cannot reach SBS 2008 with the public IP.
You should have your local DNS setup pointing mail.duvallhome.org to your SBS 2008's LAN IP (e.g. 192.168.1.2).
If the DNS Service is not installed, re-install it.
DNS Service set to Automatic?
DNS Service started?
DNS Service configured correctly?
Do the A records exist for the server, and are they accurate?
0
 

Author Comment

by:flteng562
ID: 36993995
Hi raysonlee,

Here is the output form the SBS ipconfig /all

Microsoft Windows [Version 6.0.6001]
Copyright (c) 2006 Microsoft Corporation.  All rights reserved.

C:\Users\network admin>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : SBS08SERVER
   Primary Dns Suffix  . . . . . . . : duvallhome.local
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : duvallhome.local

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE (NDIS
 VBD Client)
   Physical Address. . . . . . . . . : 00-22-19-AA-6C-07
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::3f72:944b:51aa:94b9%10(Preferred)
   Link-local IPv6 Address . . . . . : fe80::e996:51aa:7517:ad29%10(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.1(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.254
   DNS Servers . . . . . . . . . . . : fe80::3f72:944b:51aa:94b9%10
                                       192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 8:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : isatap.{6EC361D2-F41A-46CB-9B44-404A6EEA2
5F2}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

C:\Users\network admin>
0
 

Author Comment

by:flteng562
ID: 36994279
Hi raysonlee,

The DNS service is running and on auto.  I went into the DNS console Forward Lookup Zones and saw the following:

mail.duvallhome.org  Host (A) pointing to 192.168.1.1

remote.duvallhome.org Host (A) pointing to 192.168.255.2

remote.theduvallhome.org Host (A) pointing to 192.168.1.1

"mail.duvallhome.org is the correct entry
0
 
LVL 9

Accepted Solution

by:
raysonlee earned 1000 total points
ID: 36994860
If you have mail.duvallhome.org in your SBS 2008's DNS Forward Lookup Zone table pointing to 192.168.1.1, you should get this address when you ping mail.duvallhome.org from your workstations. Check your workstation's DNS server address with ipconfig /all and make sure it is using 192.168.1.1.
Your remote.duvallhome.org should points to your public IP - 71.43.155.42.
Refer to http://blogs.technet.com/b/sbs/archive/2008/10/17/introducing-the-internet-address-management-wizard-part-3-of-3.aspx on other entries required.
0
 

Author Comment

by:flteng562
ID: 36995397
raysonlee:

When i ping mail.duvallhome.org from a workstation within the domain it comes back with 192.168.1.1

Since we are using mail.duvallhome.org can i remove remote.duvallhome.org?
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 36997004
>>"Since we are using mail.duvallhome.org can i remove remote.duvallhome.org? "
Yes. It looks like the "set up your Internet address wizard was run with the default remote.xxx.xxx and then re-run with mail.xxx.xxx

To verify: at this point the test user can receive mail but not send?
It sounds like spiderhost.com is not acepting the mail. Do they require authntication?
0
 
LVL 9

Expert Comment

by:raysonlee
ID: 36997163
Workstation gets 192.168.1.1 for mail.duvallhome.org is correct. Please check other settings in the External DNS (managed by spider host?) and Internal DNS (SBS's DNS) section in the above link.

For naming convention, it's better to stick with the standard. It wouldn't hurt to have an extra name for your server pointing to the same IP. Otherwise you may have trouble in using various SBS services in future.

Extracted from the above link:
SBS 2008 prefixes “remote” to the .domain.com as its standard naming configuration. Examples of this can be seen through the records created for applications like Remote Web Workplace and Outlook Web Access. The Self-Signed Certificate is also stamped using this naming convention as well.

remote.domain.com - By default, SBS 2008 configures its remote applications (OWA, RWW, VPN, Active Sync) to use this address.
SBS Certificate name – By default, the self signed certificate is created by the IAMW with the remote.domain.com naming convention.

For the problem on sending messages, you don't need to configure SBS to use Smart Host relay (smtp-spiderhost.com). Exchange in SBS can send messages to other mail servers directly.
0
 
LVL 78

Assisted Solution

by:Rob Williams
Rob Williams earned 1000 total points
ID: 36997233
There should be no problem at all using mail.xxx.xxx  so long as you use the wizard to configure. It is part of the wizard that allows you to change it when doing so it will update the self-signed cert, DNS, IIS, and Exchange.
0
 

Author Comment

by:flteng562
ID: 36998820
Hi RobWill:

An Interesting development has occurred. We got Exchange to send and receive mail just fine now. Here is the kicker.

We at first used "smtp.spiderhost.com" for our smart host without authentication (As per Spiderhost) which to me was a little strange. Still could not send from Exchange. I called them again yesterday afternoon and they stated that Authentication is required!. So I enter the correct username and password complete the wizard and still the same problem. Cannot send from Exchange.

I removed the smtp.spiderhost.com Smart Host via the wizard and guess what? Exchange started to work. Sending and receiving with no problems. Must be some strange configuration on their end
0
 

Author Closing Comment

by:flteng562
ID: 36998835
Thanks to robwill and raysonlee for your quick responses to this crazy situation. i greatly appreciate your keen insights.

Regards,

Frank
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 37000938
>>"I removed the smtp.spiderhost.com Smart Host via the wizard "
If you did so you are sending e-mail via DNS and not using a smart host at all. That is fine and typical, but if doing so you should get your ISP to set up a reverse DNS record.
0
 

Author Comment

by:flteng562
ID: 37002282
Hi RobWill,

I did just that about an hour ago.

Thanks again,

Frank
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

With so many activities to perform, Exchange administrators are always busy in organizations. If everything, including Exchange Servers, Outlook clients, and Office 365 accounts work without any issues, they can sit and relax. But unfortunately, it…
How to effectively resolve the number one email related issue received by helpdesks.
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
Suggested Courses

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question