Remove SmartHost from SBS2008 Server

This particular customer was routing through a smart host for spam protection. They cancelled their spam protection so I went in to the ECM and  checked Use domain name system (DNS) "MX" records to route mail automatically instead of "Route mail through the following smart hosts".

   Seemed simple enough so I sent myself an email from one of their workstations to test it. It seems to be stuck in the queue with an error 451.4.4.

Any idea what I missed?
LVL 15
LockDown32OwnerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Amit KumarCommented:
Please check if source server has Internet access and can resolve DNS to destination mail server.

Also try telnet to MX record of destination domain with 25 port.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
LockDown32OwnerAuthor Commented:
Can to give me a little more info on how to do each?
0
Amit KumarCommented:
First try to open Internet explorer and check if sites are opening fine.

Do NSLOOKUP in command prompt and type the domain name on which you are sending mail e.g. you are sending mail to amit@abc.com so in after opening NSLOOKUP type abc.com

Once it is resovled
then follow the below one:

Open command prompt --> Type NSLOOKUP and hit Enter

type abc.com

If it gives you result as IP address and domain name then follow:

set q=mx

now type again abc.com

It will show MX records published for abc.com

copy all MX records and IPs now close command prompt

Then try to telnet MX records

open a new Command prompt

Telnet <mx record> 25 and hit enter
then type ehlo, if it is responding then all OK, but if it is not responding then check with Network level.
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

LockDown32OwnerAuthor Commented:
I think we are crossing directions here which might be OK because mail isn't flowing wither way. I started on my computer here in the office and did the above steps to their SBS Server. The NSLookup seemed to go OK except for the very first reply where is said the Address is 64.29.145.9 That is their web page. Results are attached. The MX Record and Internet address looked fine. That is their public IP. I did a Telnet mail.vancontracring.com and 25 and it timed out. So best guess is port 25 isn't forwarded to the SBS 2008 Server? (inbound).
0
Amit KumarCommented:
It should telnet to this MX record if it is not then check with other domains.
0
LockDown32OwnerAuthor Commented:
Thanks Amit. I for some reason have never been able to use that Telnet trick. I don't know what I am doing wrong. It is one of the oldest tests in the book but I for some reason can't get it to work and have never been able to.

   Anyway... I looked through their firewall and found where they limited inbound port 25 to certain IP addresses and opened it up to where they are now receiving mail (even though the telnet test doesn't work). SO I am down to them not being able to send.

   I got on one of their workstations and sent an email to me at my office. It is stuck in the queue. This is the part when I changed them from a smart host for sending to just using MX lookups. I know my email address is good. I have been getting your emails all night. Theirs don't send since I removed their smart host. The type is DNSConnectorDelivery. Any idea what to try on their outbound?
0
GiladnCommented:
also check the permission for the send connector..
0
LockDown32OwnerAuthor Commented:
Well..... if it helps I finally wound up putting the smart host back in. I'd really like to get it to work with MX lookup. Any idea?
0
GiladnCommented:
Your server must be able to access port 53 and 25 out to the internet, otherwise your DNS lookup will not work along with mx lookup and emails will not be sent out via port 25.

firewall rule should be:

server ip -->> ports 25,465,587,53   --> wan (any)

once you get it done you can start sending emails..

G
0
LockDown32OwnerAuthor Commented:
Thanks Giladn. The firewall was a mess but to test that issue last night I made up a rule to allow all outbound and moved it up to the first position. It didn't seem to help but maybe I didn't wait long enough.

   If 53 was blocked would it affect where they go on the internet? They don't have any internet issues.....
0
GiladnCommented:
ok' from the server open  a command prompt (start-->run -->"cmd" --> press enter)
on command prompt type:
1.nslookup (press enter)  when you get the nslookup prompt type "server 4.2.2.2" and press enter again.
 now type any url (i.e www.yahoo.com )  see if it resolves. if so go on to next step..

2. if you have telnet client installed on the server we'll use it, if not please install it
(http://www.elmajdal.net/win2k8/how_to_enable_telnet_in_windows_server_2008.aspx)
on command prompt type   :
telnet 192.115.106.15 25  
press enter, you should get a black screen, typing enter will get you back to prompt. that means that port 25 is open for the outside, if the command hangs then turn off firewall from the server and re-check external firewall appliance rules again.

now that you know that dns and telnet are working try to remove the smart host and use MX lookup
and try the telnet test again, this time type :
telnet localhost 25
see if you get a prompt and post back results  for all the above..

in addition, verify your IP is not blacklisted otherwise emails will bounce back.. see MX toolbox -
http://mxtoolbox.com/blacklists.aspx

G
0
LockDown32OwnerAuthor Commented:
Everything went fine:

Yahoo.com resolved

Telnet worked as you said it should

MX Toolbox did not report it on a blacklist

I did notice in goggling the error 451.4.4.0 that it is a pretty common problem on E2007......
0
GiladnCommented:
next, try this from Exchange management shell:

New-SendConnector -Name "send connector" -Usage Custom  -AddressSpace "*;1"," -DnsRoutingEnabled $true   -MaxMessageSize 20MB
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.