Solved

Can send e-mails but can't receive Exchange 2010, DNS MX record issue?

Posted on 2013-06-05
32
413 Views
Last Modified: 2013-06-05
Running into an issue where I can send e-mail to other outside e-mails but won't receive any incoming mail.

Running Exchange 2010 on Windows Server 2008 R2 (Child).  Parent is Windows Server 2012 Data center.  

 I just put this exchange server up last week and am still learning the ropes.   I had it working at one point (In, out and OWA working, with not ActiveSync) But then my website (Hosted through godaddy) was running into issues and wouldn't load.  I had both A records hosst as @ with 1 IP being my website and one being my public IP from my house . (DNS-Before.PNG)

After my website stopped working I figured out you can't have two @ records so I changed a few things.  (DNS-Now.PNG)

I was pointed in the direction of https://www.testexchangeconnectivity.com/  (TestExchange.PNG) are the results. DNS is not finding my MX record.

I don't know if its a bad idea to be post those screenshots any information would be appreciated and I can elaborate if needed.  Thanks ahead of time.

Currently up are OWA from the web, sending to any mail domain.  Can't receive from any domain.
DNS-Before.PNG
DNS-Now.PNG
TestExchange.PNG
0
Comment
Question by:OHarrisNetworks
  • 12
  • 9
  • 7
  • +1
32 Comments
 
LVL 10

Expert Comment

by:bigbigpig
Comment Utility
Looks OK... you have your only MX record going to 99.48.173.184.

When I telnet on 25 to 'mail.oharrisnetworks.com' I get this response, presumably from your Exchange server.

220 OHarris-Exch.OHARRIS.LOCAL Microsoft ESMTP MAIL Service ready at Wed, 5 Jun
2013 16:47:42 -0400

How long ago did you update the DNS records?
0
 

Author Comment

by:OHarrisNetworks
Comment Utility
An hour now maybe?
0
 
LVL 10

Expert Comment

by:bigbigpig
Comment Utility
Give it time.  Public DNS could take a day or more to propagate to all the DNS servers.  In my experience it's usually within 4 hours.  So just hang on a little longer.
0
 
LVL 38

Accepted Solution

by:
Adam Brown earned 500 total points
Comment Utility
Your MX record is set up wrong on the Now. Set your MX Host to be @ and the Points to as mail.oharrisnetworks.com.

The MX record has to be set up so that the host name on it is the TLD that you're receiving mail for, which is what the @ sign represents in DNS setup there. The Points To is the mail server you're using and must use the FQDN to work properly. So @ pointing to mail.oharrisnetworks.com should work for you. It also takes a good bit of time for changes to DNS to apply, so once you change it, wait a while and try again.

You can also check your MX records on Public DNS by opening the command prompt, then typing NSLookup and hitting enter, then run these commands:
server = 8.8.8.8
set type=mx
oharrisnetworks.com

(Funny side note, if you sent email to kah@mail.oharrisnetworks.com it would probably come closer to working)
0
 
LVL 16

Expert Comment

by:uescomp
Comment Utility
Is your recieve connector setup properly?  Looks like the hello request got rejected.  Also your reverse dns is not matching, most likely you have to contact your ISP and have them create the reverse dns record for you.

Recieve Connector:

      1. Open Exchange Management Console
        
      2. Server Configuration
      
      3. Hub Transport
      
      4. Right click on Default connector and select Properties.
      
      5. Select Permissions Groups tab and check Anonymous users permissions group
0
 

Author Comment

by:OHarrisNetworks
Comment Utility
Ok, thanks, will do.  Is it a good idea to post SS of my DNS records?
0
 
LVL 38

Expert Comment

by:Adam Brown
Comment Utility
Here's your current setup DNS in the public space as reported from NS lookup:


mail.oharrisnetworks.com
Server:  b.resolvers.Level3.net
Address:  4.2.2.2

Non-authoritative answer:
mail.oharrisnetworks.com        MX preference = 10, mail exchanger = mail.oharri
snetworks.com
> oharrisnetworks.com
Server:  b.resolvers.Level3.net
Address:  4.2.2.2

oharrisnetworks.com
        primary name server = ns45.domaincontrol.com
        responsible mail addr = dns.jomax.net
        serial  = 2013060508
        refresh = 28800 (8 hours)
        retry   = 7200 (2 hours)
        expire  = 604800 (7 days)
        default TTL = 600 (10 mins)
>



Basically what this tells us is that you have no MX record set for oharrisnetworks.com, but you do have one set for mail.oharrisnetworks.com. This means you could receive email sent to user@mail.oharrisnetworks.com but not user@oharrisnetworks.com
0
 

Author Comment

by:OHarrisNetworks
Comment Utility
Yes that has been checked.  Its is also checked in my client connector.
ReceiveConnector.PNG
0
 
LVL 38

Expert Comment

by:Adam Brown
Comment Utility
As to whether you should post your exact DNS, probably not the best idea. It's recommended that you black out any identifying information in those (like your domain name). For future Info :D
0
 
LVL 38

Expert Comment

by:Adam Brown
Comment Utility
Please also go through my earlier posts if you didn't see them. Your MX records are not set up properly.
0
 

Author Comment

by:OHarrisNetworks
Comment Utility
So my MX should be changed from points to:Mail.oharrisnetworks.com to:oharrisnetworks.com acbrown2010?
0
 
LVL 10

Expert Comment

by:bigbigpig
Comment Utility
Oh my... my mistake.  I got confused looking at your screenshots and didn't notice your "after" MX record was for host 'mail' and not '@'.  acbrown2010 is totally correct, you need to change that, or you'll only get emails at whoever@mail.oharrisnetworks.com.
0
 
LVL 16

Expert Comment

by:uescomp
Comment Utility
You can test and check on MX Toolbox.  Here is the report.

The MX record is not actually wrong for @ & mail are pointing to the same IP.  I just think he does not have anonymous selected on his recieve connector which would deny everyone in the world (excluding internal users using OWA or Outlook Anywhere for they are authenticated).
MXToolbox.jpg
0
 
LVL 38

Expert Comment

by:Adam Brown
Comment Utility
Keep the points to: as mail.oharrisnetworks.com, change the host to @
0
 

Author Comment

by:OHarrisNetworks
Comment Utility
I will need to change my A record IP then as well correct?
0
 
LVL 16

Expert Comment

by:uescomp
Comment Utility
And port 25 and 443 on the router are pointing to youer exchange server?
0
Are your corporate email signatures appalling?

Is it scary how unprofessional your email signatures look? Do users create their own terrible designs and give themselves stupid job titles? You can make this a lot easier for yourself by choosing an email signature management solution from Exclaimer today.

 

Author Comment

by:OHarrisNetworks
Comment Utility
0
 
LVL 38

Expert Comment

by:Adam Brown
Comment Utility
@uescomp: The host name in an MX record assigns what comes after the @ sign. If he sets that to be the TLD, he will receive mail at user@domain.com. If he sets it to mail he will receive mail at user@mail.domain.com.
0
 
LVL 16

Expert Comment

by:uescomp
Comment Utility
haha, oops, that one slipped my mind
0
 
LVL 38

Expert Comment

by:Adam Brown
Comment Utility
The MX record in your most recent screenshot is fine now. However, you did not need to change the IP address that the @ entry at the top points to.
0
 

Author Comment

by:OHarrisNetworks
Comment Utility
This is a SS of my router port forwarding.  Also last week I called ISP and had outbound SMTP block turned off.
port-forwarding-in-router.PNG
0
 

Author Comment

by:OHarrisNetworks
Comment Utility
OK acbrown2010 thanks.  I guess I don't have a grasp on what the @ record does?  I thought it was a variable and any time a host in a record below called to (had @ in that spot) it would point to the IP on the A record.  Me typing that out already sounds wrong.
0
 
LVL 16

Expert Comment

by:uescomp
Comment Utility
DNS is fun.  Just make sure you contact your ISP and make sure they setup the reverse DNS record so the IP address is mail.yourdomain.com and not the ISP.smtp.com garbage.  Otherwise you will get listed on a couple blacklists eventually.  Blacklists are not severe just annoying.
0
 

Author Comment

by:OHarrisNetworks
Comment Utility
Looks like Gmail is getting through!
Sucess-from-gmail.PNG
0
 

Author Comment

by:OHarrisNetworks
Comment Utility
To get a reverse DNS record do you need a Static IP?
0
 

Author Comment

by:OHarrisNetworks
Comment Utility
How to I check my reverse DNS record?
0
 
LVL 38

Expert Comment

by:Adam Brown
Comment Utility
Yep. The changes are starting to replicate out to public DNS. Here's what NSLookup is showing now for Google's DNS:
> set type=mx
> oharrisnetworks.com
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Non-authoritative answer:
oharrisnetworks.com     MX preference = 10, mail exchanger = mail.oharrisnetwork
s.com
>


Note that some of the other public DNS servers I checked don't have this yet, so keep waiting a while.
0
 
LVL 10

Expert Comment

by:bigbigpig
Comment Utility
nslookup 99.48.173.184
0
 
LVL 38

Expert Comment

by:Adam Brown
Comment Utility
Oh, also, the @ in most DNS managers represents the Top Level Domain name. In your case, oharrisnetworks.com. So when you create Aliases or records that point to @, you're basically saying, "It's the same IP address as my TLD".
0
 
LVL 16

Expert Comment

by:uescomp
Comment Utility
As a standard its stated up to 24hrs to complete the dns record updates.  I have seen them usually in less than an hour, sometimes a few minutes.
0
 
LVL 16

Expert Comment

by:uescomp
Comment Utility
to check your reverse dns records you can go out to www.mxtoolbox.com

Select More on the upper tab > should see ptr (DNS reverse lookup) middle box 2nd row.  Type in your ip address and it will show you what it resolves to.
0
 

Author Closing Comment

by:OHarrisNetworks
Comment Utility
Great examples!
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now