Telnet problem on Exchange 2016 server

Dear Experts, we cannot telnet to Exchange 2016 servers on port 25 but 110, 143, 587. We can still send/receive emails. All firewalls and AV were turned off for testing but no luck. We got this error when telnet to them:

Can you please suggest? Many thanks.
DP230Network AdministratorAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Are you using a third-party transport agent ? See if disabling resolves the issue.
try the following :

Are you trying to telnet to port 25 using the IP or FQDN?  try both ways:

Run Netstat -a and check to see if 25 is in a listening state.

Refer to the Exchange Testing section of the following document :
Use PortQry to check email servers
How many exchange servers you have?
Does all servers have this problem ?

If you telnet on TCP 25 to server from itself, what is happening?

When u r saying that mail flow is working, it means your server is behind firewall somewhere and then only from inbound smtp gateway you have enabled TCP 25, for rest of the clients u don't need TCP 25 because they use mapi or even IMAP / pop

One more thing check if you are able to telnet exchange server public interface from internet
Discover the Answer to Productive IT

Discover app within WatchGuard's Wi-Fi Cloud helps you optimize W-Fi user experience with the most complete set of visibility, troubleshooting, and network health features. Quickly pinpointing network problems will lead to more happy users and most importantly, productive IT.

DP230Network AdministratorAuthor Commented:

@ferrarista: Our mail servers are behind Sonicwall ESA7000, does it considered third-party transport agent?

@ITguy565: Yes I tried both ways but still could not connect to port 25 but others (110, 143, 587). The port 25 is on listening state, I also noticed that the port 5060 (aka SIP port) was opened on our Exchange servers and established to some strange public IPs. Is it ok? should I block this port?

@Mahesh: I have 6 Exchange servers, 5 of them were behind Firewall Sonicwall and were built 6 months ago, all of them have this telnet problem. The new one was built 2 weeks ago, stand alone and does not this telnet issue. But I do not think the problem is Sonicwall since we tested to put the new one behind sonicwall and we still could telnet to it. Also in reversed way, when take out 1 of 5 other servers from behind sonicwall. We tested with public IP addresses as well but no difference.
Your screenshot shows, that port 25 is open and telnet connects but then drops the connection.
Did you use the command
telnet server.domain 25
telnet server 25
The first is the FQDN, which should be used according to Microsoft. See
Vidit BhardwajAdminCommented:
Does telnet localhost 25 on that server works ??
In netstat -ano do you see for 25 connection is established?
The port is open and he can reach it - that's what his screenshot proves. Else, there would never be any feedback.
DP230Network AdministratorAuthor Commented:

@McKnife: I used both of them, but still could not telnet to port 25

@Mahesh: I don't think our ISP block it since one server still can be telnet to

It was strange because I still got the correct information when test port 25 from Sonicwall:

"but still could not telnet to port 25" please understand: you can. If you get that message, it shows that telnet has connected to that port, but that the connection broke. Let's hope you finally believe me. Google that error message, please, and see what you can make of it - there are several links with people suffering from the same.
Again: If that port was closed, you would get
Could not open connection to the host, on port 25: Connect failed
DP230Network AdministratorAuthor Commented:
Hi, I found the answer. In Default front end setting of the problematic mail server, it has Firewall's IP address on Remote network setting.

That's why we got the error. After we tested to replace it with default address, we could telnet port 25 normally.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
DP230Network AdministratorAuthor Commented:
Problem in configurations.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.