LockDown32
asked on
Remove SmartHost from SBS2008 Server
This particular customer was routing through a smart host for spam protection. They cancelled their spam protection so I went in to the ECM and checked Use domain name system (DNS) "MX" records to route mail automatically instead of "Route mail through the following smart hosts".
Seemed simple enough so I sent myself an email from one of their workstations to test it. It seems to be stuck in the queue with an error 451.4.4.
Any idea what I missed?
Seemed simple enough so I sent myself an email from one of their workstations to test it. It seems to be stuck in the queue with an error 451.4.4.
Any idea what I missed?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
First try to open Internet explorer and check if sites are opening fine.
Do NSLOOKUP in command prompt and type the domain name on which you are sending mail e.g. you are sending mail to amit@abc.com so in after opening NSLOOKUP type abc.com
Once it is resovled
then follow the below one:
Open command prompt --> Type NSLOOKUP and hit Enter
type abc.com
If it gives you result as IP address and domain name then follow:
set q=mx
now type again abc.com
It will show MX records published for abc.com
copy all MX records and IPs now close command prompt
Then try to telnet MX records
open a new Command prompt
Telnet <mx record> 25 and hit enter
then type ehlo, if it is responding then all OK, but if it is not responding then check with Network level.
Do NSLOOKUP in command prompt and type the domain name on which you are sending mail e.g. you are sending mail to amit@abc.com so in after opening NSLOOKUP type abc.com
Once it is resovled
then follow the below one:
Open command prompt --> Type NSLOOKUP and hit Enter
type abc.com
If it gives you result as IP address and domain name then follow:
set q=mx
now type again abc.com
It will show MX records published for abc.com
copy all MX records and IPs now close command prompt
Then try to telnet MX records
open a new Command prompt
Telnet <mx record> 25 and hit enter
then type ehlo, if it is responding then all OK, but if it is not responding then check with Network level.
ASKER
I think we are crossing directions here which might be OK because mail isn't flowing wither way. I started on my computer here in the office and did the above steps to their SBS Server. The NSLookup seemed to go OK except for the very first reply where is said the Address is 64.29.145.9 That is their web page. Results are attached. The MX Record and Internet address looked fine. That is their public IP. I did a Telnet mail.vancontracring.com and 25 and it timed out. So best guess is port 25 isn't forwarded to the SBS 2008 Server? (inbound).
It should telnet to this MX record if it is not then check with other domains.
ASKER
Thanks Amit. I for some reason have never been able to use that Telnet trick. I don't know what I am doing wrong. It is one of the oldest tests in the book but I for some reason can't get it to work and have never been able to.
Anyway... I looked through their firewall and found where they limited inbound port 25 to certain IP addresses and opened it up to where they are now receiving mail (even though the telnet test doesn't work). SO I am down to them not being able to send.
I got on one of their workstations and sent an email to me at my office. It is stuck in the queue. This is the part when I changed them from a smart host for sending to just using MX lookups. I know my email address is good. I have been getting your emails all night. Theirs don't send since I removed their smart host. The type is DNSConnectorDelivery. Any idea what to try on their outbound?
Anyway... I looked through their firewall and found where they limited inbound port 25 to certain IP addresses and opened it up to where they are now receiving mail (even though the telnet test doesn't work). SO I am down to them not being able to send.
I got on one of their workstations and sent an email to me at my office. It is stuck in the queue. This is the part when I changed them from a smart host for sending to just using MX lookups. I know my email address is good. I have been getting your emails all night. Theirs don't send since I removed their smart host. The type is DNSConnectorDelivery. Any idea what to try on their outbound?
also check the permission for the send connector..
ASKER
Well..... if it helps I finally wound up putting the smart host back in. I'd really like to get it to work with MX lookup. Any idea?
Your server must be able to access port 53 and 25 out to the internet, otherwise your DNS lookup will not work along with mx lookup and emails will not be sent out via port 25.
firewall rule should be:
server ip -->> ports 25,465,587,53 --> wan (any)
once you get it done you can start sending emails..
G
firewall rule should be:
server ip -->> ports 25,465,587,53 --> wan (any)
once you get it done you can start sending emails..
G
ASKER
Thanks Giladn. The firewall was a mess but to test that issue last night I made up a rule to allow all outbound and moved it up to the first position. It didn't seem to help but maybe I didn't wait long enough.
If 53 was blocked would it affect where they go on the internet? They don't have any internet issues.....
If 53 was blocked would it affect where they go on the internet? They don't have any internet issues.....
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Everything went fine:
Yahoo.com resolved
Telnet worked as you said it should
MX Toolbox did not report it on a blacklist
I did notice in goggling the error 451.4.4.0 that it is a pretty common problem on E2007......
Yahoo.com resolved
Telnet worked as you said it should
MX Toolbox did not report it on a blacklist
I did notice in goggling the error 451.4.4.0 that it is a pretty common problem on E2007......
next, try this from Exchange management shell:
New-SendConnector -Name "send connector" -Usage Custom -AddressSpace "*;1"," -DnsRoutingEnabled $true -MaxMessageSize 20MB
New-SendConnector -Name "send connector" -Usage Custom -AddressSpace "*;1"," -DnsRoutingEnabled $true -MaxMessageSize 20MB
ASKER