Telnet problem on Exchange 2016 server
Dear Experts, we cannot telnet to Exchange 2016 servers on port 25 but 110, 143, 587. We can still send/receive emails. All firewalls and AV were turned off for testing but no luck. We got this error when telnet to them:
Can you please suggest? Many thanks.
Can you please suggest? Many thanks.
Are you using a third-party transport agent ? See if disabling resolves the issue.
try the following :
Are you trying to telnet to port 25 using the IP or FQDN? try both ways:
Run Netstat -a and check to see if 25 is in a listening state.
Refer to the Exchange Testing section of the following document :
http://www.windowsecurity.com/articles-tutorials/misc_network_security/Mastering-PortQryexe-Part2.html
Are you trying to telnet to port 25 using the IP or FQDN? try both ways:
Run Netstat -a and check to see if 25 is in a listening state.
Refer to the Exchange Testing section of the following document :
Use PortQry to check email servers
http://www.windowsecurity.com/articles-tutorials/misc_network_security/Mastering-PortQryexe-Part2.html
How many exchange servers you have?
Does all servers have this problem ?
If you telnet on TCP 25 to server from itself, what is happening?
When u r saying that mail flow is working, it means your server is behind firewall somewhere and then only from inbound smtp gateway you have enabled TCP 25, for rest of the clients u don't need TCP 25 because they use mapi or even IMAP / pop
One more thing check if you are able to telnet exchange server public interface from internet
Does all servers have this problem ?
If you telnet on TCP 25 to server from itself, what is happening?
When u r saying that mail flow is working, it means your server is behind firewall somewhere and then only from inbound smtp gateway you have enabled TCP 25, for rest of the clients u don't need TCP 25 because they use mapi or even IMAP / pop
One more thing check if you are able to telnet exchange server public interface from internet
ASKER
Hi,
@ferrarista: Our mail servers are behind Sonicwall ESA7000, does it considered third-party transport agent?
@ITguy565: Yes I tried both ways but still could not connect to port 25 but others (110, 143, 587). The port 25 is on listening state, I also noticed that the port 5060 (aka SIP port) was opened on our Exchange servers and established to some strange public IPs. Is it ok? should I block this port?
@Mahesh: I have 6 Exchange servers, 5 of them were behind Firewall Sonicwall and were built 6 months ago, all of them have this telnet problem. The new one was built 2 weeks ago, stand alone and does not this telnet issue. But I do not think the problem is Sonicwall since we tested to put the new one behind sonicwall and we still could telnet to it. Also in reversed way, when take out 1 of 5 other servers from behind sonicwall. We tested with public IP addresses as well but no difference.
@ferrarista: Our mail servers are behind Sonicwall ESA7000, does it considered third-party transport agent?
@ITguy565: Yes I tried both ways but still could not connect to port 25 but others (110, 143, 587). The port 25 is on listening state, I also noticed that the port 5060 (aka SIP port) was opened on our Exchange servers and established to some strange public IPs. Is it ok? should I block this port?
@Mahesh: I have 6 Exchange servers, 5 of them were behind Firewall Sonicwall and were built 6 months ago, all of them have this telnet problem. The new one was built 2 weeks ago, stand alone and does not this telnet issue. But I do not think the problem is Sonicwall since we tested to put the new one behind sonicwall and we still could telnet to it. Also in reversed way, when take out 1 of 5 other servers from behind sonicwall. We tested with public IP addresses as well but no difference.
Your screenshot shows, that port 25 is open and telnet connects but then drops the connection.
Did you use the command
telnet server.domain 25
or
telnet server 25
?
The first is the FQDN, which should be used according to Microsoft. See https://technet.microsoft.com/en-us/library/bb123686(v=exchg.160).aspx
Did you use the command
telnet server.domain 25
or
telnet server 25
?
The first is the FQDN, which should be used according to Microsoft. See https://technet.microsoft.com/en-us/library/bb123686(v=exchg.160).aspx
Check if your ISP is blocking that port on public ip basis
https://googleweblight.com/i?u=https://www.hostdime.com/resources/telnet-check-port-25-26-blocked/&hl=en-IN
https://googleweblight.com/i?u=https://www.hostdime.com/resources/telnet-check-port-25-26-blocked/&hl=en-IN
Does telnet localhost 25 on that server works ??
In netstat -ano do you see for 25 connection is established?
In netstat -ano do you see for 25 connection is established?
The port is open and he can reach it - that's what his screenshot proves. Else, there would never be any feedback.
ASKER
Hi,
@McKnife: I used both of them, but still could not telnet to port 25
@Mahesh: I don't think our ISP block it since one server still can be telnet to
It was strange because I still got the correct information when test port 25 from Sonicwall:
@McKnife: I used both of them, but still could not telnet to port 25
@Mahesh: I don't think our ISP block it since one server still can be telnet to
It was strange because I still got the correct information when test port 25 from Sonicwall:
"but still could not telnet to port 25" please understand: you can. If you get that message, it shows that telnet has connected to that port, but that the connection broke. Let's hope you finally believe me. Google that error message, please, and see what you can make of it - there are several links with people suffering from the same.
Again: If that port was closed, you would get
Could not open connection to the host, on port 25: Connect failed
Again: If that port was closed, you would get
Could not open connection to the host, on port 25: Connect failed
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Problem in configurations.