Cannot get Telnet to por 25 from the outside after database restore
Dear Experts,
We had a terrible day today in where we had to restore from a backup. Our exchange 2003 system was corrupt. Nothing was working, etc..
Because of this now after we "fix" the email server. We cannot telnet to port 25 from the outside. In another words external email is not coming in. Internally the email server is fine. We can telnet to it using port 25.
I need to know what could be wrong with the filtering systems that we have here. We have first a cisco ASA firewall then a smart host Linux box that run spamassin. Both were fine until the exchange corruption.
There was nothing wrong with the firewall until today. It is extremely bizarre the chain of events.
Any thoughts? I have attached the ASA 5510 configuration for your review.
Again we need to telnet to port 25 our email server from the outside.
asa1220.txt
We had a terrible day today in where we had to restore from a backup. Our exchange 2003 system was corrupt. Nothing was working, etc..
Because of this now after we "fix" the email server. We cannot telnet to port 25 from the outside. In another words external email is not coming in. Internally the email server is fine. We can telnet to it using port 25.
I need to know what could be wrong with the filtering systems that we have here. We have first a cisco ASA firewall then a smart host Linux box that run spamassin. Both were fine until the exchange corruption.
There was nothing wrong with the firewall until today. It is extremely bizarre the chain of events.
Any thoughts? I have attached the ASA 5510 configuration for your review.
Again we need to telnet to port 25 our email server from the outside.
asa1220.txt
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
The IP address of the email server is 172.16.100.12
ASKER
I didn't work on the firewall or any of the servers here. I am new in the company so I am very much like you. trying to figure it out.
ASKER
ExRCA is testing Exchange ActiveSync.
The Exchange ActiveSync test failed.
Test Steps
Attempting the Autodiscover and Exchange ActiveSync test (if requested).
Testing of Autodiscover for Exchange ActiveSync failed.
Test Steps
Attempting each method of contacting the Autodiscover service.
The Autodiscover service couldn't be contacted successfully by any method.
Test Steps
Attempting to test potential Autodiscover URL https://dowley.com/AutoDiscover/AutoDiscover.xml
Testing of this potential Autodiscover URL failed.
Test Steps
Attempting to resolve the host name dowley.com in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 67.192.243.112
Testing TCP port 443 on host dowley.com to ensure it's listening and open.
The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
The SSL certificate failed one or more certificate validation checks.
Test Steps
ExRCA is attempting to obtain the SSL certificate from remote server dowley.com on port 443.
ExRCA successfully obtained the remote SSL certificate.
Additional Details
Remote Certificate Subject: E=info@plesk.com, CN=plesk, OU=Plesk, O=Parallels, L=Herndon, S=Virginia, C=US, Issuer: E=info@plesk.com, CN=plesk, OU=Plesk, O=Parallels, L=Herndon, S=Virginia, C=US.
Validating the certificate name.
Certificate name validation failed.
Tell me more about this issue and how to resolve it
Additional Details
Host name dowley.com doesn't match any name found on the server certificate E=info@plesk.com, CN=plesk, OU=Plesk, O=Parallels, L=Herndon, S=Virginia, C=US.
Attempting to test potential Autodiscover URL https://autodiscover.dowley.com/AutoDiscover/AutoDiscover.xml
Testing of this potential Autodiscover URL failed.
Test Steps
Attempting to resolve the host name autodiscover.dowley.com in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 67.192.243.112
Testing TCP port 443 on host autodiscover.dowley.com to ensure it's listening and open.
The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
The SSL certificate failed one or more certificate validation checks.
Test Steps
ExRCA is attempting to obtain the SSL certificate from remote server autodiscover.dowley.com on port 443.
ExRCA successfully obtained the remote SSL certificate.
Additional Details
Remote Certificate Subject: E=info@plesk.com, CN=plesk, OU=Plesk, O=Parallels, L=Herndon, S=Virginia, C=US, Issuer: E=info@plesk.com, CN=plesk, OU=Plesk, O=Parallels, L=Herndon, S=Virginia, C=US.
Validating the certificate name.
Certificate name validation failed.
Tell me more about this issue and how to resolve it
Additional Details
Host name autodiscover.dowley.com doesn't match any name found on the server certificate E=info@plesk.com, CN=plesk, OU=Plesk, O=Parallels, L=Herndon, S=Virginia, C=US.
Attempting to contact the Autodiscover service using the HTTP redirect method.
The attempt to contact Autodiscover using the HTTP Redirect method failed.
Test Steps
Attempting to resolve the host name autodiscover.dowley.com in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 67.192.243.112
Testing TCP port 80 on host autodiscover.dowley.com to ensure it's listening and open.
The port was opened successfully.
ExRCA is checking the host autodiscover.dowley.com for an HTTP redirect to the Autodiscover service.
ExRCA failed to get an HTTP redirect response for Autodiscover.
Additional Details
A Web exception occurred because an HTTP 404 - NotFound response was received from Unknown.
Attempting to contact the Autodiscover service using the DNS SRV redirect method.
ExRCA failed to contact the Autodiscover service using the DNS SRV redirect method.
Test Steps
Attempting to locate SRV record _autodiscover._tcp.dowley.
The Autodiscover SRV record wasn't found in DNS.
Tell me more about this issue and how to resolve i
The Exchange ActiveSync test failed.
Test Steps
Attempting the Autodiscover and Exchange ActiveSync test (if requested).
Testing of Autodiscover for Exchange ActiveSync failed.
Test Steps
Attempting each method of contacting the Autodiscover service.
The Autodiscover service couldn't be contacted successfully by any method.
Test Steps
Attempting to test potential Autodiscover URL https://dowley.com/AutoDiscover/AutoDiscover.xml
Testing of this potential Autodiscover URL failed.
Test Steps
Attempting to resolve the host name dowley.com in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 67.192.243.112
Testing TCP port 443 on host dowley.com to ensure it's listening and open.
The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
The SSL certificate failed one or more certificate validation checks.
Test Steps
ExRCA is attempting to obtain the SSL certificate from remote server dowley.com on port 443.
ExRCA successfully obtained the remote SSL certificate.
Additional Details
Remote Certificate Subject: E=info@plesk.com, CN=plesk, OU=Plesk, O=Parallels, L=Herndon, S=Virginia, C=US, Issuer: E=info@plesk.com, CN=plesk, OU=Plesk, O=Parallels, L=Herndon, S=Virginia, C=US.
Validating the certificate name.
Certificate name validation failed.
Tell me more about this issue and how to resolve it
Additional Details
Host name dowley.com doesn't match any name found on the server certificate E=info@plesk.com, CN=plesk, OU=Plesk, O=Parallels, L=Herndon, S=Virginia, C=US.
Attempting to test potential Autodiscover URL https://autodiscover.dowley.com/AutoDiscover/AutoDiscover.xml
Testing of this potential Autodiscover URL failed.
Test Steps
Attempting to resolve the host name autodiscover.dowley.com in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 67.192.243.112
Testing TCP port 443 on host autodiscover.dowley.com to ensure it's listening and open.
The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
The SSL certificate failed one or more certificate validation checks.
Test Steps
ExRCA is attempting to obtain the SSL certificate from remote server autodiscover.dowley.com on port 443.
ExRCA successfully obtained the remote SSL certificate.
Additional Details
Remote Certificate Subject: E=info@plesk.com, CN=plesk, OU=Plesk, O=Parallels, L=Herndon, S=Virginia, C=US, Issuer: E=info@plesk.com, CN=plesk, OU=Plesk, O=Parallels, L=Herndon, S=Virginia, C=US.
Validating the certificate name.
Certificate name validation failed.
Tell me more about this issue and how to resolve it
Additional Details
Host name autodiscover.dowley.com doesn't match any name found on the server certificate E=info@plesk.com, CN=plesk, OU=Plesk, O=Parallels, L=Herndon, S=Virginia, C=US.
Attempting to contact the Autodiscover service using the HTTP redirect method.
The attempt to contact Autodiscover using the HTTP Redirect method failed.
Test Steps
Attempting to resolve the host name autodiscover.dowley.com in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 67.192.243.112
Testing TCP port 80 on host autodiscover.dowley.com to ensure it's listening and open.
The port was opened successfully.
ExRCA is checking the host autodiscover.dowley.com for an HTTP redirect to the Autodiscover service.
ExRCA failed to get an HTTP redirect response for Autodiscover.
Additional Details
A Web exception occurred because an HTTP 404 - NotFound response was received from Unknown.
Attempting to contact the Autodiscover service using the DNS SRV redirect method.
ExRCA failed to contact the Autodiscover service using the DNS SRV redirect method.
Test Steps
Attempting to locate SRV record _autodiscover._tcp.dowley.
The Autodiscover SRV record wasn't found in DNS.
Tell me more about this issue and how to resolve i
ASKER
I took that line out and still nothing...
access-list outside_access_in extended permit tcp any object-group Mail-Inside eq smtp inactive
access-list outside_access_in extended permit tcp any object-group Mail-Inside eq smtp inactive
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Yes! 172.16.100.23 is the internal IP address of the Linux Spam box
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
No I can't telnet to it. I can telnet internally to the actual exchange servers no problem and even send me emails. I need help figuring out a way to bypass the linux box so is just the firewall and the exchange servers.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Yes I can ping from the ASA the Linux box.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
We ended up changing the MX record IP address. That did it. We have two offices instead of coming the email from office A now the email is coming from office B. I am going to ask for us to get MX logic....
ASKER
Thank you for your help guys
ASKER