IIS SMTP Relay fails to deliver LOCAL user email. External emails works

I have an on-premise software and on-premise exchange 2013 server.  The software requires IIS SMTP to handle the email from/for clients (Helpdesk software).  I have the proper Relay established on the exchange server.  Anything sent to domains OUTSIDE the local domain works fine.  However, when the iis smtp sends an internal email to one of us, it goes into delay and dies after a day.  In the relay security settings, I have TLS, Externally Secured on authentication and on Permissions, I have Exchange servers and anonymous selected.  
The helpdesk software is using IMAP. I have successfully tested on port 143 and 993 for SSL.  
On my DNS, I have the MX set to my mail.domain.com and a valid Reverse defined.  
Everything works EXCEPT local email delivery.  From testing, I'm certain it is something I've misconfigured on the IIS SMTP side.  Exchange is good.  OWA is good, everything.

Kinda at a loss.  

thanx
daver
David BirdPartnerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

arnoldCommented:
the common cause is that the local smtp is defined with the local domain as local to it.  checking the log should confirm that the locally addressed emails are rejected because the IIS smtp does not have info where these emails should be delivered, the IIS smtp should use FQDN of the machine rather than the domain..

nslookup -q=mx domain_name on the IIS, it queries the local DNS, what is the answer it gets? That is where it will try to deliver the locally addressed email.
0
David BirdPartnerAuthor Commented:
Local DNS has the records that resolve as mail.domain.com as an internal IP.
nslookup resolves properly.  My external address would cause a loop, so I have a DNS entry to that the external address resolves to the internal IP address inside the LAN.
0
Dan McFaddenSystems EngineerCommented:
Also, I would verify that the IIS SMTP server is allowed to relay emails to the Exchange server(s).

I would look into the IIS SMTP logs for traffic heading to your Exchange server and I would look into the message logs on the Exchange server(s).  In the Exchange logs, look for the IP of the IIS server and check the SMTP response code.

SMTP error codes:
- 2xx errors are typically successful transactions
- 4xx errors are remote server errors, the xx portion of the 4xx indicates the issue
- 5xx errors are access and commend errors as well as recipient mailbox issues, i.e. mailbox full

reference link:  http://www.greenend.org.uk/rjk/tech/smtpreplies.html

Dan
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

arnoldCommented:
What about the first part whether IIS SMTP configuration dealing with the domain.com seen as local.
look at c:\inetpub\smtproot\ to see whether the messages are bad, queued?

telnet mail.domain.com 25 from the IIS sMTP.
you do not need relay rights, you do need connection rights.
Check the smtpsvc log to see what is happening with domain.com addressed emails.

The entries in the log can be matched, there will be from <sender>, to <recipient> and what happened. i.e. it will indicate that a connection is made to a server, and response/what occurred in the transaction.
if it is successfully delivered to the internal, then you  need to check the exchange/internal server log to see what happened to the message there.

In your generated email, what is the sender's email address? is it using a valid domain?

You may have a setup that the internal smtp only allows connections from the router or from/through a mail filtering device.
0
Dan McFaddenSystems EngineerCommented:
Another way to look at this is to just use IIS SMTP as a direct relay service.  Meaning, local applications can send out email to the local SMTP service.  Then IIS SMTP is configured to relay everything thru the Exchange Server(s).  Since Exchange is functioning correctly, is can handle the routing to internal and external destinations.

Makes for a much easier configuration.

So in your Domains section, you should only have the default entry, typically the server name or the Type Local(Default)

Then do the following:
1. in IIS Manager, properties on the SMTP virtual server
2. click the "Delivery"  tab
3. click the "Advanced" button
4. in the "Smart host:" field, entry the FQDN of your Exchange server

Ok you way out and test.

How does this simplifies the config?
1. There is no need to define any remote domains in IIS SMTP
2. There is no longer a need to allow the IIS SMTP Server's IP out to the Internet thru the firewall
3. Exchange is already setup and functioning
3a. firewall rules are already in place to allow email flow
3b. it provides a direct connection between a trusted relay (IIS SMTP Server) and Exchange
3c. allows you to use Exchange's Message Tracking functionality to troubleshoot & report on email flow (the powershell interface to Message Tracking is much easier than IIS SMTP log analysis!)
3d. the only conversations in the IIS SMTP logs will be between the local hosted apps & IIS as well as IIS & Exchange (if you must look at IIS SMTP logs, the fewer devices involved, the easy to analyze)

Dan
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
arnoldCommented:
While Dan's example is an approach, often, people try to minimize the load they put on exchange.
It would help as relaying through exchange will make message tracing of web server/application genreated emails possible.
0
Dan McFaddenSystems EngineerCommented:
Here's another thought...

If your app can talk IMAP, you can create an account in Exchange and enable this account to utilize IMAP for connectivity.

Now, no troublesome IIS SMTP service to play with, just the configuration of the on-premise software.

Dan
0
David BirdPartnerAuthor Commented:
The smarthost line was not fully qualified.  Reset IIS (just to be safe) and local mail started delivering.  
thank you!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Email Servers

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.