Unable to receive e-mails in Exchange 2010

Hi!!

I have a fresh installed SBS2011 machine. I'm trying to get all mailflow to work. I am able to send mail internally and from inside the company to the internet.

Receiving e-mail is not working. I try from my hotmail account, and after about 12 hours I get a delay message. Below is what I tried so far to get it to work.

- I forwarded port 25 on my firewall to the only NIC in the SBS2011.

- I have 2 receive connectors. The first one is the default connector. The pics show the config.

Default1default2default3
I created the second receive connector myself. Chose internet and configured it as follows,

custom1custom2custom3
I hope someone can give me some advice to get email to work!
LVL 7
SvenIAAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Felix LevenSenior System and DatabaseadministratorCommented:
If you send an Email from your hotmail Account, the sending hotmail Mailserver looks for a MX Dns entry on public dns servers to find you Email server.

Test MX:
http://www.mxtoolbox.com/Public/Tools/MxLookup.aspx
0
SvenIAAuthor Commented:
Thanks for the reply!

A little more explination of the situation here....

I recently migrated from a SBS2003 to this SBS2011. I always had two domains,

1. ingburoarnhem.com
2. iagroep.com

These are both added to the accepted domains now in Exchange 2010.

When I run the MX Tool you mentioned I get the ouput below,

MX check iagroep.com
So it points to mail.ingburoarnhem.com. When I click DNS lookup, i get the following output,

DNS lookup iagroep.com
It worked with these settings before in the old domain. So I don't know what to configure now....
0
Alan HardistyCo-OwnerCommented:
How many Receive connectors do you have?  After a successful migration, you should have 3:

Default Servername
Windows SBS Fax Sharepoint Receive Servername
Windows SBS Internet Receive Servername

The connector that should be setup to receive (by default) is the last one.  Do you not have these?

What is your servername and internal IP Range?
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

SvenIAAuthor Commented:
I got 3 receive connectors. The second one in the pic I created myself.

My servername is IASRV05.IAG.LOCAL. The internal IP Range is 10.0.0.1 - 10.0.0.255.

receive connectors
0
Alan HardistyCo-OwnerCommented:
Thanks - also what is your internal SBS 2011 server IP Address?
0
Alan HardistyCo-OwnerCommented:
Please remove your manually created Receive Connector and run the following in the Exchange Management Shell:

New-receiveconnector –Name ‘Windows SBS Internet Receive IASRV05' –Usage ‘Custom’ –AuthMechanism ‘TLS’ –Bindings ‘0.0.0.0:25’ –fqdn ‘mail.yourdomain.com’ –RemoteIPRanges ‘0.0.0.0-9.255.255.255,10.0.0.1-10.0.0.1,10.0.1.0-255.255.255.255’ –PermissionGroups ‘AnonymousUsers’ -MaxMessageSize '20mb' –Server ‘IASRV05’

Change the mail.yourdomain.com part to reflect your external FQDN
Also - if your router IP Address isn't 10.0.0.1, change the 10.0.0.1-10.0.0.1 to your router's IP Address.
0
SvenIAAuthor Commented:
The internal address of the SBS2011 is 10.0.0.11. The Firewall ip address is 10.0.0.1.

When I type the exact command you gave me, I get this....

exch2010
0
Alan HardistyCo-OwnerCommented:
Whoops - it doesn't like the ' ' marks for the IPs.  Sorry.

Try this instead:

New-receiveconnector –Name ‘Windows SBS Internet Receive IASRV05' –Usage ‘Custom’ –AuthMechanism ‘TLS’ –Bindings ‘10.0.0.11:25’ –fqdn ‘mail.yourdomain.com’ –RemoteIPRanges 0.0.0.0-9.255.255.255,10.0.0.1-10.0.0.1,10.0.1.0-255.255.255.255 –PermissionGroups ‘AnonymousUsers’ -MaxMessageSize '20mb' –Server ‘IASRV05’

Don't forget to change the mail.yourdomain.com part.
0
SvenIAAuthor Commented:
Ok this worked, but still no e-mail comming in.

Should I use mail.iagroep.com, or mail.ingburoarnhem.com?

How should I configure DNS? At the moment there is an MX record in the iag.local zone. Should I configure mail.iagroep.com A-record?

Are you sure that these are the right IP ranges??

IP Ranges
0
Alan HardistyCo-OwnerCommented:
You seem to have Anti-Spam software installed.  Is that correct?

The Receive Connector settings are correct - the mail.domain.com name isn't desperately relevant as it is your receive connector, so either will be fine.

Running a domain report on your domain shows the following:

ERROR: mail.ingburoarnhem.com HELO response: 421 4.4.1 Connection timed out .

mail.ingburoarnhem.com: The mailserver terminated the connection before the transaction was complete (state 3). This is not RFC compliant, and therefore either due to an error, or it may be the result of a non-RFC-compliant mailserver or non-RFC-compliant anti-spam program.

SBS install it's own Anti-Spam software - so that may be active.

Can you run the 'Fix my network' Wizard from the SBS Console> Network> Connectivity Tab please.

Have you also run the Connect to the Internet Wizard?  If not - please do and if you have - please run it again.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
SvenIAAuthor Commented:
There were some anti-spam features enabled. I disabled them all.

When I run the 'Fix my network Wizard', it shows some errors....

1. Could not configure the router. Then it tells me to open some ports, wich are allready open.

2. Self-issued certificate is invalid. The self-issued certificate is invalid or unavaillable.

3. Exchange SMTP connectors are invalid. Exchange is not configured to communicate over your local network.

Then after the wizard tries to fix the problems it shows as the pic below. It changes the FQDN of the receive connector we created before to remote.iagroep.com.

Fix problems
The 'connect to the internet wizard' detects the existing network. When it finishes, I get an error as shown below,

mail error
0
Alan HardistyCo-OwnerCommented:
The Router error can be ignored as it always fails unless you have uPnP enabled.

The rest seems to have been fixed.

Can you re-run the Connect to the Internet Wizard please.
0
SvenIAAuthor Commented:
Same error again.

error
Can I find somewhere what the cause of this error is? In the logfiles or something?
0
SvenIAAuthor Commented:
I see now that the Default Receive Connector is gone. Can I just recreate it?
0
Alan HardistyCo-OwnerCommented:
Please check your Group Memberships as per the following MS article:

http://support.microsoft.com/kb/2501155

If you change any group memberships, please re-run the wizard.
0
SvenIAAuthor Commented:
I got it to work!!

Somehow the default receive connector was shown in the list, but when i clicked i got the message that it was not there.

I recreated it, after that the wizards ran succesfully and all my 100.000 test email came right into my internal mailbox.

Thank you so much for all the help! To bad I can only give you 500 points
0
Alan HardistyCo-OwnerCommented:
Great news - glad I was able to help you sort it out.  Hope it behaves happily for you from now on and thanks for the points.

Alan
0
Alan HardistyCo-OwnerCommented:
If you send mail out the same IP address as you receive, you will need to configure Reverse DNS on your IP address by calling your ISP and asking them to set it up for you.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.