External mail issues on Exchange Server 2016 SU8
I have two issues on my Exchange Server 2016 wuth SU8
1. I do not receive email from external (from Internet) resources. while I can send out to external (internet).
2. StartTLS only seen in internal network.
Below the result of telnet to mail server:
Internal:
220 mail.duifkruid.nl Microsoft ESMTP MAIL Service, Version: 6.0.3790.4675 ready at Sat, 3 Mar 2018 00:55:17 +0100
ehlo
250-mail.xxxxxxx.nl Hello [192.168.0.22]
250-TURN
250-SIZE
250-ETRN
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-8bitmime
250-BINARYMIME
250-CHUNKING
250-VRFY
250-TLS
250-STARTTLS
250-X-EXPS GSSAPI NTLM
250-AUTH GSSAPI NTLM
250-X-LINK2STATE
250-XEXCH50
250 OK
External:
[000.097] Connected to server
[000.187] <-- 220 xxxxxxxx.nl
[000.187] We are allowed to connect
[000.187] --> EHLO checktls.com
[000.279] <-- 250-xxxxxxxx.nl Hello [159.89.187.50]
250-SIZE 37748736
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-BINARYMIME
250 XKWFCHUNKING-DENIED
[000.282] We can use this server
[000.282] TLS is not an option on this server
[000.282] --> MAIL FROM:<test@checktls.com>
[000.376] <-- 250 2.1.0 Sender OK
[000.377] Sender is OK
[000.377] --> QUIT
[000.464] <-- 221 2.0.0 Service closing transmission channel
Certificate is assigned to smtp.
How can I resolve these issues?
1. I do not receive email from external (from Internet) resources. while I can send out to external (internet).
2. StartTLS only seen in internal network.
Below the result of telnet to mail server:
Internal:
220 mail.duifkruid.nl Microsoft ESMTP MAIL Service, Version: 6.0.3790.4675 ready at Sat, 3 Mar 2018 00:55:17 +0100
ehlo
250-mail.xxxxxxx.nl Hello [192.168.0.22]
250-TURN
250-SIZE
250-ETRN
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-8bitmime
250-BINARYMIME
250-CHUNKING
250-VRFY
250-TLS
250-STARTTLS
250-X-EXPS GSSAPI NTLM
250-AUTH GSSAPI NTLM
250-X-LINK2STATE
250-XEXCH50
250 OK
External:
[000.097] Connected to server
[000.187] <-- 220 xxxxxxxx.nl
[000.187] We are allowed to connect
[000.187] --> EHLO checktls.com
[000.279] <-- 250-xxxxxxxx.nl Hello [159.89.187.50]
250-SIZE 37748736
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-BINARYMIME
250 XKWFCHUNKING-DENIED
[000.282] We can use this server
[000.282] TLS is not an option on this server
[000.282] --> MAIL FROM:<test@checktls.com>
[000.376] <-- 250 2.1.0 Sender OK
[000.377] Sender is OK
[000.377] --> QUIT
[000.464] <-- 221 2.0.0 Service closing transmission channel
Certificate is assigned to smtp.
How can I resolve these issues?
ASKER
I have a new build server (Windows Server 2016 with Exchange server 2016) which will replace my old one running on Windows Server 2003 with Exchange Server 2003.
Port 25 was redirected at first to the exchange 2003 server and I was able to send mail from exchange server 2016 to external email addresses.
I wanted to test prior the replacement if I could receive emails, so I redirected port 25 to my new exchange server.
So, at that point I noticed that I was not able to get new emails and tests also shows that StartTLS was not seen for the external mails (from the internet) while it was seen on the internal network.
I have only one Exchange Server ( I don't use a backend exchange server). Traffic goes from firewall to specified IP/port.
Saying this, all traffic which are coming in on port 25 will be redirected to the internal exchange server.
As antivirus software, I uses Eset for Exchange Mail server.
Does has anyone an idee how I can resolve this?
Thanks in advance.
Johan
Port 25 was redirected at first to the exchange 2003 server and I was able to send mail from exchange server 2016 to external email addresses.
I wanted to test prior the replacement if I could receive emails, so I redirected port 25 to my new exchange server.
So, at that point I noticed that I was not able to get new emails and tests also shows that StartTLS was not seen for the external mails (from the internet) while it was seen on the internal network.
I have only one Exchange Server ( I don't use a backend exchange server). Traffic goes from firewall to specified IP/port.
Saying this, all traffic which are coming in on port 25 will be redirected to the internal exchange server.
As antivirus software, I uses Eset for Exchange Mail server.
Does has anyone an idee how I can resolve this?
Thanks in advance.
Johan
View below link and see if it helps with correctly configuring your routing groups
https://social.technet.microsoft.com/Forums/en-US/61521f42-d031-475d-abe1-35350dd01e23/mail-flow-between-exchange-2010-and-2003-routing-group-issue?forum=exchangesvrsecuremessaginglegacy
https://social.technet.microsoft.com/Forums/en-US/61521f42-d031-475d-abe1-35350dd01e23/mail-flow-between-exchange-2010-and-2003-routing-group-issue?forum=exchangesvrsecuremessaginglegacy
ASKER
The issue is not present on the 2k3 server. The exchange server 2003 will be replaced by the exchange server 2016.
On the firewall I change the redirection to the new server and then I'm not able to receive.
So, the issue is in the exchange server 2016.
On the firewall I change the redirection to the new server and then I'm not able to receive.
So, the issue is in the exchange server 2016.
do you have mailboxes on the 2016 exchange server
ASKER
Yes, I used Lepide Migrator. All users and mailboxes (and emails) are already on the new one.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
also make sure the windows firewall in control panel isn't interfering.
ASKER
No, not at first. A few minutes ago I change from <machine.domain> to <domain> but results are the same.
But when doing a telnet from external network I see:
SERVER -> CLIENT: 250-DUIFSRV01.emea.duifkru
250-SIZE 37748736
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-BINARYMIME
250 XKWFCHUNKING-DENIED <======= What does this mean????
And at the end I see:
SERVER -> CLIENT: 250 Message accepted for delivery
CLIENT -> SERVER: QUIT
But don't see anything iin the queue!!
But when doing a telnet from external network I see:
SERVER -> CLIENT: 250-DUIFSRV01.emea.duifkru
250-SIZE 37748736
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-BINARYMIME
250 XKWFCHUNKING-DENIED <======= What does this mean????
And at the end I see:
SERVER -> CLIENT: 250 Message accepted for delivery
CLIENT -> SERVER: QUIT
But don't see anything iin the queue!!
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Also I'm assuming that you're MX record it's pointing to the fire wall which forwards the mail to 2016 or something of that nature.
ASKER
By add the host of the email server to the host file I was able to receive emails from external.
I added for example:
192.168.1.23 MAILSRV01
192.168.1.23 MAILSRV01.DOMAIN.LOCAL
But SMTP TLS still fails.
I added for example:
192.168.1.23 MAILSRV01
192.168.1.23 MAILSRV01.DOMAIN.LOCAL
But SMTP TLS still fails.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I used for the internal e-mail an ip address instead of DNS. I have changed it to external dns.
I check the mail server at mxtoolbox.com and there it said:
SMTP TLS Warning - Does not support TLS.
While internal you see 250 StartTLS, why also not for external?
I check the mail server at mxtoolbox.com and there it said:
SMTP TLS Warning - Does not support TLS.
While internal you see 250 StartTLS, why also not for external?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Gave user possible solutions and no longer received additional responses. closing ticket and assigning points.
When did it start happening?
how does emails route into your org? Do you have a 3rd party hosted service that filters your spam and then sends email to you or what?
Do you have a firewall blocking or not forwarding mail to your exchange server via port 25?