Move Users from Hosted POP email to inhouse SBS 2008 SMTP

Hi all,

I will try to explain the situation we are currently in. The client (duvallhome.org) is using a hosted POP accounts from "spiderhost.com". They decided to move their mail to the onsite SBS 2008. i contacted spider host and had them create MX and A records and they also agreed to allow us to use them as a Smart Host relay (smtp-spiderhost.com):

Record FQDN      Record Type      Record Value      MX Pref

mail.duvallhome.org.      A      71.43.155.42      
duvallhome.org.      MX      mail.duvallhome.org.      10

I have forwarded port 25 in the watchguard to the LAN I of the server and checked with our ISP (Brighthouse networks) that they are not blocking port 25. Which they are not.

Here is where it gets weird. The users pop accounts are still active through spiderhost.com untill all of the users are cut over and working.
If one of the users POP accounts are disabled then that user can send but not receive using SBS 2008. If that users POP account is enabled then they can send and receive through SBS 2008.

Right now it is basically a gigantic mess. I am not sure how to proceed.

Thanks
 Frank




flteng562Asked:
Who is Participating?
 
raysonleeConnect With a Mentor Commented:
If you have mail.duvallhome.org in your SBS 2008's DNS Forward Lookup Zone table pointing to 192.168.1.1, you should get this address when you ping mail.duvallhome.org from your workstations. Check your workstation's DNS server address with ipconfig /all and make sure it is using 192.168.1.1.
Your remote.duvallhome.org should points to your public IP - 71.43.155.42.
Refer to http://blogs.technet.com/b/sbs/archive/2008/10/17/introducing-the-internet-address-management-wizard-part-3-of-3.aspx on other entries required.
0
 
Rob WilliamsCommented:
If the user can receive through the old POP account then the MX records have not been cut over to point to the SBS, they are still pointing to the hosting service.

Normally you would set up the SBS POP connector to POP the mail from the host, rather than from the desktop. Then change the MX records to pint to the SBS, which will take 2-48 hours to proogate the Internet DNS servers. After which e-mail should be delivered directly to the SBS. You can then start removing the various accounts from the SBS POP connector.
0
 
Rob WilliamsCommented:
PS I assume you did run the SBS "set up your internet address" wizard and in step #7 select advanced and change from remote to mail
http://blogs.technet.com/b/sbs/archive/2008/10/15/introducing-the-internet-address-management-wizard-part-1-of-3.aspx
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
flteng562Author Commented:
Hi RobWill,

The MX records were setup 6 days ago. The client originally had there individual Outlooks setup with POP accounts not even using Exchange at all. That is the strange thing when i do a check of the MX record from mxtoolbox.com I get the following output:

Command:
mx:duvallhome.org                mx  

Pref      Hostname      IP Address      TTL            
10      mail.duvallhome.org      71.43.155.42      13 min      SMTP Test      Blacklist Check
dns lookup      ns lookup      mx lookup      whois lookup

Reported by ns2.mpinethosting.com on Tuesday, October 18, 2011 at 7:42:57 PM (GMT-5)

And yes I reran the "setup your internet address" wizard and in step 7 clicked advanced and changed from the default "remote" to "mail".

Thanks so far for the help with this.

Frank
0
 
raysonleeCommented:
First thing first, incoming mail to your SBS server rely on:
1. MX record pointing to your IP address (71.43.155.42)
2. Your watchguard (with WAN interface IP=71.43.155.42) forwarded traffic of port 25 to local IP of your SBS 2008
3. Your SBS 2008 has setup Exchange for the domain duvallhome.org
4. Your mail client (e.g. Outlook) setup incoming mailbox to mail.duvallhome.org
5. If you are accessing SBS 2008 within the same LAN, you may have to setup local DNS entry to revert it's local IP address
6 If you are accessing your mail server over Internet, make sure port 110 traffic forwarded to SBS server as well
 
For outgoing mail
1. You can use your SBS 2008 server to send out message directly by setting Outlook to use mail.duvallhome.org as the SMTP server
2. Again make sure port 25 traffic is forwarded to your SBS 2008 or use local IP in your DNS
3. As your ISP does not block port 25, I don't see any need to use smtp-spiderhome.com
 
P.S. I don't see any other MX record for duvallhome.org, if you want to test your SBS, you probably have to ask spiderhost to make the switch over for you.
0
 
flteng562Author Commented:
Hi raysonlee,

First thing first, incoming mail to your SBS server rely on:
1. MX record pointing to your IP address (71.43.155.42) - The mx records does point to the public IP

2. Your watchguard (with WAN interface IP=71.43.155.42) forwarded traffic of port 25 to local IP of your SBS 2008 - Port 25 is forwarded to the sbs server LAN ip

3. Your SBS 2008 has setup Exchange for the domain duvallhome.org - Yes

4. Your mail client (e.g. Outlook) setup incoming mailbox to mail.duvallhome.org - Outlook is using Exchange only. The pop account in outlook was removed.

5. If you are accessing SBS 2008 within the same LAN, you may have to setup local DNS entry to revert it's local IP address - No problems within the LAN accessing SBS

6 If you are accessing your mail server over Internet, make sure port 110 traffic forwarded to SBS server as well - Port 110 is also forwarded thrught the watchguard to the local IP of the SBS
 
For outgoing mail
1. You can use your SBS 2008 server to send out message directly by setting Outlook to use mail.duvallhome.org as the SMTP server - That (mail.duvallhome.org) was setup via the "setup your internet address" wizard

2. Again make sure port 25 traffic is forwarded to your SBS 2008 or use local IP in your DNS - Yes it is forwarded
3. As your ISP does not block port 25, I don't see any need to use smtp-spiderhome.com - ISP is not blocking port 25
 
P.S. I don't see any other MX record for duvallhome.org, if you want to test your SBS, you probably have to ask spiderhost to make the switch over for you.
0
 
Rob WilliamsCommented:
Try testing your SBS site using the Microsoft Exchange Connectivity test tool
https://www.testexchangeconnectivity.com/
0
 
raysonleeCommented:
Can you try ping mail.duvallhome.org from your PC running Outlook? What is the IP address?
Have you setup the MX record in your local DNS?
0
 
flteng562Author Commented:
Hi RobWill,

Using the toll you described provided the following results:

Inbound SMTP mail flow:
      Testing inbound SMTP mail flow for domain keith@duvallhome.org.
       Inbound SMTP mail flow was verified successfully.
       
      Test Steps
       
      Attempting to retrieve DNS MX records for domain duvallhome.org.
       One or more MX records were successfully retrieved from DNS.
       
      Additional Details
       MX Records Host mail.duvallhome.org, Preference 10
      Testing Mail Exchanger mail.duvallhome.org.
       This Mail Exchanger was tested successfully.
       
      Test Steps
       
      Attempting to resolve the host name mail.duvallhome.org in DNS.
       The host name resolved successfully.
       
      Additional Details
      Testing TCP port 25 on host mail.duvallhome.org to ensure it's listening and open.
       The port was opened successfully.
       
      Additional Details
      Attempting to send a test e-mail message to keith@duvallhome.org using MX mail.duvallhome.org.
       The test message was delivered successfully.
      Testing the MX mail.duvallhome.org for open relay by trying to relay to user Admin@TestExchangeConnectivity.com.
       The Open Relay test passed. This mx isn't an open relay.
       
      Additional Details
       The open relay test message delivery failed, which is a good thing.
The exception detail:
Exception details:
Message: Mailbox unavailable. The server response was: 5.7.1 Unable to relay
Type: System.Net.Mail.SmtpFailedRecipientException
Stack trace:
at System.Net.Mail.SmtpTransport.SendMail(MailAddress sender, MailAddressCollection recipients, String deliveryNotify, SmtpFailedRecipientException& exception)
at System.Net.Mail.SmtpClient.Send(MailMessage message)
at Microsoft.Exchange.Tools.ExRca.Tests.SmtpOpenRelayTest.PerformTestReally()

Outbound Mail test:

      Performing Outbound SMTP Test
       The outbound SMTP test was successful.
       
      Test Steps
       
      Attempting reverse DNS lookup for IP address 71.43.155.42.
       ExRCA successfully resolved IP address 71.43.155.42 via reverse DNS lookup.
       
      Additional Details
       ExRCA resolved IP address 71.43.155.42 to host rrcs-71-43-155-42.se.biz.rr.com.
      Performing Real-Time Blackhole List (RBL) Test
       Your IP address wasn't found on any of the block lists selected.
       
      Test Steps
       
      Checking Block List "SpamHaus Block List (SBL)"
       The address isn't on the block list.
       
      Additional Details
       IP address 71.43.155.42 wasn't found on RBL.
      Checking Block List "SpamHaus Exploits Block List (XBL)"
       The address isn't on the block list.
       
      Additional Details
       IP address 71.43.155.42 wasn't found on RBL.
      Checking Block List "SpamHaus Policy Block List (PBL)"
       The address isn't on the block list.
       
      Additional Details
       IP address 71.43.155.42 wasn't found on RBL.
      Checking Block List "SpamCop Block List"
       The address isn't on the block list.
       
      Additional Details
       IP address 71.43.155.42 wasn't found on RBL.
      Checking Block List "NJABL.ORG Block List"
       The address isn't on the block list.
       
      Additional Details
       IP address 71.43.155.42 wasn't found on RBL.
      Checking Block List "SORBS Block List"
       The address isn't on the block list.
       
      Additional Details
       IP address 71.43.155.42 wasn't found on RBL.
      Checking Block List "MSRBL Combined Block List"
       The address isn't on the block list.
       
      Additional Details
       IP address 71.43.155.42 wasn't found on RBL.
      Checking Block List "UCEPROTECT Level 1 Block List"
       The address isn't on the block list.
       
      Additional Details
       IP address 71.43.155.42 wasn't found on RBL.
      Checking Block List "AHBL Block List"
       The address isn't on the block list.
       
      Additional Details
       IP address 71.43.155.42 wasn't found on RBL.
      Performing Sender ID validation.
       Sender ID validation was performed successfully.
       
      Test Steps
       
      Attempting to find the SPF record using a DNS TEXT record query.
       ExRCA wasn't able to find the SPF record.
       
      Additional Details
       No records were found.      
0
 
flteng562Author Commented:
Hi Raysonlee,

When i ping mail.duvallhome.org it returns 4 replies from 71.43.155.42
0
 
flteng562Author Commented:
Update,

I created an account in SBS 2008 without creating the corresponding POP mail box in spiderhost.com. I cannot send email but I can receive it. Here is the message text from the bounce back:

Delivery has failed to these recipients or distribution lists:

frank@eandmcomputers.com
An error occurred while trying to deliver this message to the recipient's e-mail address. Microsoft Exchange will not try to redeliver this message for you. Please try resending this message, or provide the following diagnostic text to your system administrator.

keith@aaccomputers.com
An error occurred while trying to deliver this message to the recipient's e-mail address. Microsoft Exchange will not try to redeliver this message for you. Please try resending this message, or provide the following diagnostic text to your system administrator.

The following organization rejected your message: mx1.spiderhost.com.


--------------------------------------------------------------------------------
Sent by Microsoft Exchange Server 2007






Diagnostic information for administrators:

Generating server: SBS08SERVER.duvallhome.local

frank@eandmcomputers.com
mx1.spiderhost.com #550-Verification failed for <FFarero@duvallhome.org> 550-Unrouteable address 550 Sender verify failed ##

keith@aaccomputers.com
mx1.spiderhost.com #550 Sender verify failed ##

Original message headers:

Received: from SBS08SERVER.duvallhome.local ([fe80::3f72:944b:51aa:94b9]) by
 SBS08SERVER.duvallhome.local ([fe80::3f72:944b:51aa:94b9%10]) with mapi; Wed,
 19 Oct 2011 06:15:19 -0400
From: Frank Farero <FFarero@duvallhome.org>
To: "frank@eandmcomputers.com" <frank@eandmcomputers.com>
CC: "keith@aaccomputers.com" <keith@aaccomputers.com>
Date: Wed, 19 Oct 2011 06:15:18 -0400
Subject: New User Test with no POP account
Thread-Topic: New User Test with no POP account
Thread-Index: AQHMjkgAYZvxyJDRrU+/+sGeJrK+Og==
Message-ID: <89E90F4133A8264FAC6C268E0772D10001BD904AD815@SBS08SERVER.duvallhome.local>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
x-kse-antivirus-interceptor-info: scan successful
x-kse-antivirus-info: Clean
Content-Type: multipart/alternative;
      boundary="_000_89E90F4133A8264FAC6C268E0772D10001BD904AD815SBS08SERVER_"
MIME-Version: 1.0

0
 
raysonleeCommented:
That's the problem! Your Outlook clients cannot reach SBS 2008 with the public IP.
You should have your local DNS setup pointing mail.duvallhome.org to your SBS 2008's LAN IP (e.g. 192.168.1.2).
If the DNS Service is not installed, re-install it.
DNS Service set to Automatic?
DNS Service started?
DNS Service configured correctly?
Do the A records exist for the server, and are they accurate?
0
 
flteng562Author Commented:
Hi raysonlee,

Here is the output form the SBS ipconfig /all

Microsoft Windows [Version 6.0.6001]
Copyright (c) 2006 Microsoft Corporation.  All rights reserved.

C:\Users\network admin>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : SBS08SERVER
   Primary Dns Suffix  . . . . . . . : duvallhome.local
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : duvallhome.local

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE (NDIS
 VBD Client)
   Physical Address. . . . . . . . . : 00-22-19-AA-6C-07
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::3f72:944b:51aa:94b9%10(Preferred)
   Link-local IPv6 Address . . . . . : fe80::e996:51aa:7517:ad29%10(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.1(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.254
   DNS Servers . . . . . . . . . . . : fe80::3f72:944b:51aa:94b9%10
                                       192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 8:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : isatap.{6EC361D2-F41A-46CB-9B44-404A6EEA2
5F2}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

C:\Users\network admin>
0
 
flteng562Author Commented:
Hi raysonlee,

The DNS service is running and on auto.  I went into the DNS console Forward Lookup Zones and saw the following:

mail.duvallhome.org  Host (A) pointing to 192.168.1.1

remote.duvallhome.org Host (A) pointing to 192.168.255.2

remote.theduvallhome.org Host (A) pointing to 192.168.1.1

"mail.duvallhome.org is the correct entry
0
 
flteng562Author Commented:
raysonlee:

When i ping mail.duvallhome.org from a workstation within the domain it comes back with 192.168.1.1

Since we are using mail.duvallhome.org can i remove remote.duvallhome.org?
0
 
Rob WilliamsCommented:
>>"Since we are using mail.duvallhome.org can i remove remote.duvallhome.org? "
Yes. It looks like the "set up your Internet address wizard was run with the default remote.xxx.xxx and then re-run with mail.xxx.xxx

To verify: at this point the test user can receive mail but not send?
It sounds like spiderhost.com is not acepting the mail. Do they require authntication?
0
 
raysonleeCommented:
Workstation gets 192.168.1.1 for mail.duvallhome.org is correct. Please check other settings in the External DNS (managed by spider host?) and Internal DNS (SBS's DNS) section in the above link.

For naming convention, it's better to stick with the standard. It wouldn't hurt to have an extra name for your server pointing to the same IP. Otherwise you may have trouble in using various SBS services in future.

Extracted from the above link:
SBS 2008 prefixes “remote” to the .domain.com as its standard naming configuration. Examples of this can be seen through the records created for applications like Remote Web Workplace and Outlook Web Access. The Self-Signed Certificate is also stamped using this naming convention as well.

remote.domain.com - By default, SBS 2008 configures its remote applications (OWA, RWW, VPN, Active Sync) to use this address.
SBS Certificate name – By default, the self signed certificate is created by the IAMW with the remote.domain.com naming convention.

For the problem on sending messages, you don't need to configure SBS to use Smart Host relay (smtp-spiderhost.com). Exchange in SBS can send messages to other mail servers directly.
0
 
Rob WilliamsConnect With a Mentor Commented:
There should be no problem at all using mail.xxx.xxx  so long as you use the wizard to configure. It is part of the wizard that allows you to change it when doing so it will update the self-signed cert, DNS, IIS, and Exchange.
0
 
flteng562Author Commented:
Hi RobWill:

An Interesting development has occurred. We got Exchange to send and receive mail just fine now. Here is the kicker.

We at first used "smtp.spiderhost.com" for our smart host without authentication (As per Spiderhost) which to me was a little strange. Still could not send from Exchange. I called them again yesterday afternoon and they stated that Authentication is required!. So I enter the correct username and password complete the wizard and still the same problem. Cannot send from Exchange.

I removed the smtp.spiderhost.com Smart Host via the wizard and guess what? Exchange started to work. Sending and receiving with no problems. Must be some strange configuration on their end
0
 
flteng562Author Commented:
Thanks to robwill and raysonlee for your quick responses to this crazy situation. i greatly appreciate your keen insights.

Regards,

Frank
0
 
Rob WilliamsCommented:
>>"I removed the smtp.spiderhost.com Smart Host via the wizard "
If you did so you are sending e-mail via DNS and not using a smart host at all. That is fine and typical, but if doing so you should get your ISP to set up a reverse DNS record.
0
 
flteng562Author Commented:
Hi RobWill,

I did just that about an hour ago.

Thanks again,

Frank
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.