Exchange 2013 refusing some SMTP connections but allowing others using anonymous receive connector

Hayden Wells
Hayden Wells used Ask the Experts™
on
I have a single Exchange 2013 server, running for 6 months. We have several servers/devices that anonymously relay through it which are working fine. I attach screenshots of the FrontendTransport connector settings showing my PC 192.168.2.44 in the list of allowed IPs.
FrontEnd Receive Connector Properties (FQDN Erased)FrontEnd Receive Connector Properties (FQDN Erased)FrontEnd Receive Connector Properties (FQDN Erased)
I've tried to Telnet to it on port 25 but get refused.
    Microsoft Telnet> open 192.168.1.41 25
    Connecting To 192.168.1.41...Could not open connection to the host, on port 25: Connect failed
    Microsoft Telnet>

I've added two new IP addresses to the list of IPs in the receive connector but these two devices are being denied connection. The others are all still working fine.

    220 mail1.bywaters.co.uk Microsoft ESMTP MAIL Service ready at Tue, 2 Feb 2016 1
    2:03:39 +0000

The Application log doesn't show me anything, the SMTPReceive Protocol logs do not contain the source IP address of the failed connection., Windows firewall is disabled on the Exchange server. I have restarted the Exchange server with no effect.

Can anyone suggest how to proceed with fault finding? Or if you've solved a similar problem?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Gilbert HauserConsultant informatique

Commented:
Hi,
Could you give more informations concerning your network topology?

You are using different network, from the range 192.168.2.0/24 what kind of router are you using to reach the 192.168.1.0/24

Author

Commented:
Thank you for your quick response.

There is no router between the clients and the server, I'm using a 22 bit SM on a single LAN.

My subnet includes 192.168.1.0-192.168.3.254 using SM:255.255.252.0
Consultant informatique
Commented:
I think you have already check if:

your computer is authorized to use the port 25
tracert the server
telnet the server on port 443

I suggest to run wireshark to capture the packet on port 25, the test a new telnet serveur 25

Even if it is not in the scop, it is strange to see your public serveur in your LAN, no DMZ?
I recommend this tool to give you a more specific output than telnet - https://www.microsoft.com/en-gb/download/details.aspx?id=17148

Run it from your PC to Exchange, the command line version is excellent.

Author

Commented:
Solved thanks to Gilbert.

The important part of your post was "your computer is authorized to use the port 25".

This made me look at the client which, although Windows Firewall is disabled, was being prevented from sending SMTP due to McAfee AV. Disabling the "Prevent mass mailing worms from sending mail" solved the issue.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial