Link to home
Start Free TrialLog in
Avatar of Wizkid003
Wizkid003

asked on

Outbound Email

Cannot send outbound email, but can receive inbound email. I have a sbs2003 premium edition with exchange. ISA has been disabled. I have Sonicwall TZ 205 as my router.
Avatar of davemj9876
davemj9876
Flag of New Zealand image

How are you testing the outbound connection. What errors are you seeing?
Avatar of Wizkid003
Wizkid003

ASKER

Not too familiar with exchange. I need some help on how to test
So how do you know that the outbound emails are not getting out? Other than you are not receiving them?

This page might help

http://simultaneouspancakes.com/Lessons/2005/02/16/troubleshooting-101-exchange-outbound-e-mail/
Have you checked tracking, what does it report?

Go to Start / Server Management / To Do List / Connect to the Internet and run the wizard.
Has anything changed with your Default SMTP Virtual Server? May want to restart. Do you have the firewall listed as a relay?
1 - The reason I know outbound is not getting out is because I try sending an email from within the domain to my personal account and I never receive it, but when I send from my personal to the domain account I got it. Attach is the error message.

2 - When I run the wizzard I get a DHCP error message.

3 - I disable ISA firewall and now using Sonicwall TZ 205 and also disable Dhcp on sbs2003 and let the Sonicwall handle DHCP

4 - I had this problem last week even before I replace the ISA with Sonicwall.
email.doc
Dhcp-error.doc
I disable ISA firewall and now using Sonicwall TZ 205 and also disable Dhcp on sbs2003 and let the Sonicwall handle DHCP

SBS2003 should handle DHCP
Basic question: did it ever work?  Or did it stop working at some point?

I am assuming here that your personal email address is external to the domain and this is full outgoing email.
DHCP error is because you're using the Sonic firewall DHCP, I highly recommend turning it off and turning on SBS2003 DHCP, configure the scope options then run the Connect to Internet wizard.
Microsoft Best Practice states DHCP be run on SBS, thought I'd throw this in the mix before you continue to troubleshoot to get it working. DHCP and DNS are intertwined how devices are found and email routed on SBS, it doesn't know to look at the Sonic firewall as well Sonic firewall doesn't know how to incorporate its DHCP into DNS on the SBS.

I'm guess this quit working when DHCP was turned off...around the same time you disabled ISA and installed the Sonic firewall?
It worked just fine. All this happen last thursday, without me even making any changed to the network.
3 - I disable ISA firewall and now using Sonicwall TZ 205 and also disable Dhcp on sbs2003 and let the Sonicwall handle DHCP
when did you install the Sonic firewall?
If it just happened have you actually checked that the ISP has not changed the address of the smart relay host that the exchange server should be connecting to send email.

All the changes you have made to the environment I think have been clouding the issues and may have even may the environment least reliable.

In a command window.

type:  telnet <smarthost name> 25

It should connect. If it doesn't we can diagnose from there.
Telnet came back with the attach message
Telnet.doc
what's the DNS name on your Default SMTP Virtual Server?

Exchange manager / Administrative Group / Servers / Server Name / Protocols / SMTP / right click Default SMTP Virtual Server go to properties /  Delivery / Advanced / what is the name of the "Fully-qualified domain name"

Make sure it's .com and not .local this can cause the 4.4.7 error in your screenshot.
telnet smarthost won't work, you need an ip address.
FQDM is occupational.omca.local
Port 25 is open it has to be open because you're receiving email which means 25 (inbound) is open. Checking outbound you may want to check on the Sonic Firewall and I don't believe telnet will test the outbound portion of port 25. If 25 was not open you would not receive email.
change it to occupational.omca.com
1 - occupational.omca.local - I click check DNS and it comes back with domain name is valid

2 - occupational.omca.com - I cllick check DNS it comes back with domain name is not valid
check the reverse DNS box and "check dns" to make sure the name resolves.
there's your problem

run ipconfig /flushdns on the server and see if it resolves
Yes Successfully flushed the DNS Resolver Cache

So what should my final settings be
SBS loves wizards and when you run the Connect to Internet wizard you put in the full-qualified domain name, because DHCP is turned off you can't enter this info. Doesn't mean we can't resolve this but SBS is known for the wizards and deviating from them is known to cause problems.
Attach is my current setting
Virtual-Settings.doc
this should be how it looks
User generated image
What do I need to do now to fix my problem? Please advise
or you can use omca.com if that's your domain.
Telnet to the fully qualified name of the upstream smart host on port 25 will test that the exchange server can connect and send mail. It also tests that it can resolve the name of the external smart host.

External email works like this

Exchange Server -----connect on port 25 ------> Remote Smart Relay Host (This is at the ISP and I would expect it to be a different domain name than your own).

e.g. telnet smtp.clear.net.nz 25 connects to my smart host relay

As a response I get

220 smptin.clear.net.nz ESMTP

If the FQDN connection does not work and the IP address of the FQDN works then you have a DNS resolution problem. If neither works then you have either a firewall wall or and ISP issue to resolve
well, I already told you about the wizards in SBS, anyone will tell you they should be able to run, because you can't run the internet connection wizard and this is where you put in the info...doesnt' mean we can't resolve it though. Let me ask you this, you're dead set against "not" running DHCP on the SBS? My first advice is turn it back on and off on the Sonic firewall.
Whats your smart host? . Most ISPs do not like you sending external email out without it going through a smart host, and as a result will block outgoing email. Incoming email would not be touched. On Thursday, your ISP might have decided to tighten the email rules.
OK I will try in the morning and get back to you.
davemj9876 you're assuming he's using a smart host, um...why go on about something that's not factual?
Go to Exchange System Manager / Administration Groups / Connectors /  right click SmallBusiness SMTP Connector go to properties / and verify if you're using a smart host or not.
User generated image
Something changed on Thursday which occuring to the above information provided was not related a change on Exchange server, So much has changed since then it would be good just to get back to some network basics and check that basic email connection can actually leave  the server to an external site, outside of of exchange iself. Using the ISP smarthost information would be a good test here.  

If that is confirmed as working, then yes, clean up the SBS environment, if it is not working, then cleaning up the exchange environment does nothing.
exchange is configured wrong and does not comply with Microsoft best practices, you can contribute to this by chasing smart hosts and wherever you wish to go with this, I prefer to stick with Microsofts best practices...after all they created the SBS / exchange server.
I have no problems about following Microsofts best practices and that SBS environment should be cleaned up to reflect the correct use of DHCP and the SBS environment.  

TCP/IP networking through to the ISP  also needs to be correctly setup across the whole environment as after all SBS/exchange server needs use it to function correctly.
I am not using a smarthost
I did what you guys said. I disable the DHCP on the Sonicwall and activate it on sbs2003.
I ran the wizard and everything seems to be working now with the exception of I cannot receive email from the company it get stuck in quere.

I can send just fine from my personal account to the company email, but I cannot receive.
This is just for my personal email address. All users within the company can send and receive e mail just fine now.
So to be clear, all the other users can send to and received emails from external addresses but in your case you can not send to the external address,
Correct. I have a comcast.net personal account. From my comcast account I can send to my company email just fine, but I cannot receive email from the company account which is omcausa.com. When I check the quere in sbs I can see my comcast outboud email just sitting
there. Attach is a screen shot.
Quere.doc
go to http://mxtoolbox.com and check your email server, could be SMTP Reverse Banner Check.
My ISP told me to change the connector from OCCUPATIONAL to mail.omcausa.com
connector.doc
are you talking about the fully qualified domain name in the SMTP virtual server?

FYI Comcast has a history of sending problems with SBS.
YES
a fully qualified name does NOT start with mail...the MX record does. They are wrong with this, the actual best way around sending problems with Comcast is to configure a smarthost. I would not put in mail.omcausa.com I would change it back to the way it was.

What did mxtoolbox tell you?
They are wrong I test but got back the attach error message. I also send you the result from MX Tool
MX-Result.doc
error.doc
How do I configure a smarthost?
Currently My AntiVirus Vendor Trendmicro is filtering inbound email only. This is do to a lot of spam email.
Go to my thread above: ID: 38678079

Ask your ISP for the smarthost information.
SMTP Reverse Banner Check is ok see attach file
Reverse-Banner.doc
ok, good
Ok calling my ISP right now and I did look at ID: 38678079
My ISP said putting a smarthost in place is only a temporary fix, they insist I change the mail connector from OCCUPATIONAL  to mail.omcausa.com.
another reason why Comcast has issues sending email and 99% of other ISP's don't. Did you ask them why any other ISP doesn't have any issues using a smart host.

insist I change the mail connector from OCCUPATIONAL  to mail.omcausa.com.
to clarify again you mean the fully qualified domain name in the Default SMTP Virtual Server. The connector is something entirely different.

May consider getting a better ISP but that is only my opinion.
They could be saying that because, when the exchange server makes the connection to the comcast SMTP server, and states that it is occupational.omcausa.com, the comcast server may be configured to do a reverse check against the name and the IP address you have connected from and it will complain as it can not resolve occupational.omcausa.com from DNS.  It can however resolve mail.omcausa.com which is the FQDN for the system on IP address 72.17.148.218 according to your DNS servers.

(Not sure way they say putting in a smarthost is only a temporary fix, as most ISPs I deal with require the smarthost to be configured regardless)
davemj9876 read post ID: 38681627 it's not complaining what so ever.

This is a Comcast problem that's been well documented through SBS2003 and SBS2008. They don't like playing by the same rules everyone else does. Simply put, mail.omcausa.com is not the fully qualified domain name. Try it and if it works great, but it's Comcast changing the rules and paying customers should go with another provider or insist they make the necessary changes.

Remind you too it works for every other domain sending but Comcast...you recommend making changes on their behalf that could affect all others?
(Not sure way they say putting in a smarthost is only a temporary fix, as most ISPs I deal with require the smarthost to be configured regardless)
agree 100% which leads me to believe this is a Comcast "bad service" issue...probably better wording for it...LOL.
To clarify it is not the Default SMTP Virtual Server. It is the Internet Mail SMTP Connector.  See
ID: 38681494
No, I always recommended using the ISP smarthost as then the ISP can deal with sending issues to various domains rather than the customer.  

The problem I see that it is the ISP recommending it rather than comcast which is a problem, and I was just pointing out why the ISP might be suggesting it. I would stick with configuring the smarthost and if sending external mails works (and remains working for everyone) then, leave it at that.

From a DNS point of view, mail.omcausa.com is a fully qualifed domain name of the server.

It is nothing to do with the MX record of omcausa.com as that is configured to be
the trendmicro server and that is to do with incoming email, which is working.
My question is should I try to remove the occupational and add mail.omcausa.com to see what happens and if it dosen't work, put it back to the way it was.

Also, how do you add another SMTP connector? Do you have to delete the current one first, because I try to add one and the only option I have to choose from is occupational.
My question is should I try to remove the occupational and add mail.omcausa.com to see what happens and if it dosen't work, put it back to the way it was.
yes, its not going to hurt anything it just won't work if it doesn't like it. Remember to stop and start the Default SMTP server after making the changes.
Do you have to delete the current one first,
stop the default connect first then create a new one.
1 - I stop the virtual server
2 - I delete the connector
3 - try to add a new connector from the connector folder, but the only option is occupational, how can I add mail.omcausa.com
Exchange System Manager / Administrative Groups / Servers / Server Name / Protocols / right click on SMTP, New, SMTP Virtual Server / Name it occupational / Select server IP

Highlight and right click Occupational SMTP virtual server go to properties / delivery / advanced / put in mail.omcause.com in Fully-qualified domain name. Stop the Default SMTP Virtual Server and start the Occupation SMTP server.

Go to Exchange System Manager / Administrative Groups / Connector / right click SmallBusiness SMTP connector on the General tab select "Add" and choose the Occupational virtual server.
I tried all that but it did not work.

So I left everything the way it is, the only thing that work is the smarthost from my ISP like you guys said, but they said it's only temporary and will only last for 30 days. So I will use that for now until I find a permanent fix.

Below is what I left the at:

Default SMTP Virtual Server is configure with the following:
1 - sbs(domain) ip address
2 - Fully-qualified domain name

Connector is as follows:

1 - Default smtp virtual server
2 - smart hosts from ISP

Like I said everything is currently working, please don't hesitate to email with a permanent fix.

Thanks Guys
ASKER CERTIFIED SOLUTION
Avatar of WORKS2011
WORKS2011
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Thanks I will check on that.
Still having problems sending outbound email to comcast.net from my domain. I can send and receive email from anyone else. Any advise will help.

Thank you.
You did find a permanent solution, switch to an ISP that allows a smart host for more than 30 days. Comcast is known for having issues like this. I know it's not the answer you would like to hear but the problem lies with Comcast.