why are external emails being blocked?

We have a client who use exchange 2010 on an SBS2011 box.  they cant receive any external emails, internally its fine, and they can send externally.  they use Trend Worry Free Business for spam filtering which sits on the SBS server.  i have disabled Trend this and still the same result.  when i perform a message trace, it shows no external emails even hitting the server.

i have attached a bounce back for you to see.

any help will be appreciated.
Undeliverable-RE-test.msg
LVL 1
CRL ltdAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

David FavorLinux/LXD/WordPress/Hosting SavantCommented:
This is near impossible to debug in theory.

Sounds like there's a DNS problem.

Post the recipient domain for testing, so for a user foo@voodoo.com, then voodoo.com is the recipient domain.

Also the attachment you posted is some sort of binary. If this is meant to be a full message, with all headers, then post it as pure text.
MASEE Solution Guide - Technical Dept HeadCommented:
Test your domain using mxtoolbox and post the result.
https://mxtoolbox.com/diagnostic.aspx
Check blacklist as well.
https://mxtoolbox.com/blacklists.aspx
Sam Simon NasserIT Support ProfessionalCommented:
check your domain if it's blocked or not. this happens when a user is infected and sends a lot of spam messages, the domain becomes blocked.
https://mxtoolbox.com/blacklists.aspx
https://whatismyipaddress.com/blacklist-check
https://www.ultratools.com/tools/spamDBLookup
Get a highly available system for cyber protection

The Acronis SDI Appliance is a new plug-n-play solution with pre-configured Acronis Software-Defined Infrastructure software that gives service providers and enterprises ready access to a fault-tolerant system, which combines universal storage and high-performance virtualization.

David FavorLinux/LXD/WordPress/Hosting SavantCommented:
If you're going to debug this yourself, start by auditing your entire DNS setup.

This means stress testing that each NS record is actually returning the correct MX/SPF/DKIM records for every request.

Can't tell you how many mail problems I've tracked down to faulting DNS.

Always start with a DNS audit, then go through using other tools suggested above.
JohnBusiness Consultant (Owner)Commented:
it shows no external emails even hitting the server

I agree with the above points. There is a record you need ( your ISP may need to put the record in) that tells outside senders you are a valid recipient (SPF record).   Make sure this is in place and correct.  Get assistance from your ISP.
David FavorLinux/LXD/WordPress/Hosting SavantCommented:
Good to follow Jon's suggestion.

If you haven't already opened a ticket with your hosting company, this should be your first step.
Tom CieslikIT EngineerCommented:
If you can try telnet your server from outside.
Maybe this is simple firewall issue
CRL ltdAuthor Commented:
MAS: this is the result from MXTOOLBOX

Connecting to 145.239.6.121

220 host.wearesupport.co.uk ESMTP [689 ms]
EHLO EC2AMAZ-CT1LM3F.mxtoolbox.com
250-host.wearesupport.co.uk
250-AUTH=LOGIN CRAM-MD5 PLAIN
250-AUTH LOGIN CRAM-MD5 PLAIN
250-STARTTLS
250-PIPELINING
250 8BITMIME [673 ms]
MAIL FROM:<supertool@mxtoolbox.com>
250 ok [687 ms]
RCPT TO:<test@mxtoolboxsmtpdiag.com>
553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1) [687 ms]

LookupServer 3769ms
David FavorLinux/LXD/WordPress/Hosting SavantCommented:
This type of test is great, only after you audit your DNS.

If you'd like someone to audit your DNS for you, post the actual recipient domain your using, per my comment above.
Ibrahim BennaTechnology LeadCommented:
Looks like you are using Google for your MX record, correct? How do they fit into the mail flow picture?

You may want to give them a call as well and see whats going on as some of their IPs appear to be blacklisted.

https://mxtoolbox.com/domain/wearesupport.co.uk/
David FavorLinux/LXD/WordPress/Hosting SavantCommented:
If wearesupport.co.uk is your actual recipient domain, meaning you're sending from foo@wearesupport.co.uk then this property has some significant  DNS + blacklisting problems.

Likely best if you publish the From: + To: address of your message, just so people are clear about what to test.

Tip: Debugging this sort of issue can take substantial time. If you're new to this sort of debugging, might be good for you to hire someone to assist you.
CRL ltdAuthor Commented:
the domain is autowash.co.uk

we had an update from the client, BT have been ding some work on their line today in perpetration for an upgrade, so we suspect this may have caused an issue.
Tom CieslikIT EngineerCommented:
I'm sorry but this is NOT DNS issue.
Telnet have told you your server is not accepting messages.

Did you have check if your domain is blacklisted ??

Double check all your Receive connectors settings

I don't have Ex 2010 but check this as reference from 2013.
Check Transport Hub and Frontend connector

Capture.JPG
Capture.JPG
CRL ltdAuthor Commented:
thanks for that, still no luck, i'm afraid
CRL ltdAuthor Commented:
i can get OWA, still no external emaisl going through
CRL ltdAuthor Commented:
and nothing coming up on blacklisting sites for domain or the clients IP
Ibrahim BennaTechnology LeadCommented:
Getting into OWA is not the same as sending/receiving emails - one is client access (OWA) and the other is transport (mail flow). When you send emails from an external source, do you receive a bounceback email?
Is mail flow internally between your users working properly?
Can your users send emails out of the organization?
David FavorLinux/LXD/WordPress/Hosting SavantCommented:
https://mxtoolbox.com/SuperTool.aspx?action=dns%3aautowash.co.uk&run=toolpage shows the first problem.

Look at the SOA differences.

This might or might not be a problem + should be fixed before proceeding.
CRL ltdAuthor Commented:
yes, internal is fine and sending externally is fine
David FavorLinux/LXD/WordPress/Hosting SavantCommented:
DNS stress test shows identical MX + A record for MX are begin returned consistently from all NS servers, so that's good.
David FavorLinux/LXD/WordPress/Hosting SavantCommented:
Ah... I think I see the problem...

Port 25 submission is configured incorrectly.

When connecting to port 25 there's some bogus (er... non SMTP protocol compliant) prompt with a banner of Account:, then the SMTP conversation hangs waiting for input.

Whatever code implements this prompt will block all incoming SMTP conversations, as SMTP has no idea what an interactive prompt for Account: might be.

There's no port 587 listener, so port 25 is the only submission channel for this SMTP server.

Just change the config to be normal SMTP + likely all will be well.
Ibrahim BennaTechnology LeadCommented:
@David Favor, when I telnet to mail.autowash.co.uk i am getting the proper response from Exchange with no issues.
Tom CieslikIT EngineerCommented:
Can you post screenshot from your Transport Hub configuration ?

try to use telnet but using real account not toolbox test
DrDave242Senior Support EngineerCommented:
I got inconsistent results when querying well-known public DNS servers for mail.autowash.co.uk. OpenDNS and 4.2.2.2 resolved it to a valid address (and I got the expected header when telnetting to that address on port 25), but 8.8.8.8 and 1.1.1.1 gave me a big fat Nope.

Also, SPF records don't come into play here. They're used for outbound mail only.
Sam Simon NasserIT Support ProfessionalCommented:
according to this error 553 sorry, that domain isn't in my list of allowed rcpthosts, try the solution here https://social.technet.microsoft.com/Forums/en-US/b33a4aad-463e-4078-b801-681d1f6e74f7/553-sorry-that-domain-isnt-in-my-list-of-allowed-rcpthosts-571-fix?forum=exchangesvrclientslegacy
As it turns out the problem was simply that she did not check the "Use same settings as my incoming mail server" under the "Outgoing Server" tab as required by our provider.
and many others simply mentioning the same thing
Outlook 2003 and up:
Open Outlook 2003 > Click Tools > E-Mail Accounts > View or change existing e-mail accounts
Select the email account > Click Change > Click 'More Settings' > Click the 'Outgoing Server' Tab
Check the checkbox "My outgoing server (SMTP) requires authentication"
Click OK > Next > Finish
David FavorLinux/LXD/WordPress/Hosting SavantCommented:
Telnet to mail.autowash.co.uk seems to be working for me now too.
David FavorLinux/LXD/WordPress/Hosting SavantCommented:
Just check what DrDave242 suggested + stress tested 8.8.8.8 and 1.1.1.1 returns.

Seems to be working for me too.

Since many people seem to be getting different results from your DNS, my guess is DNS is part of the problem.

Doing a SMTP test transaction, the conversation looks correct...

imac> swaks --to=test@foo.com --server=mail.autowash.co.uk
=== Trying mail.autowash.co.uk:25...
=== Connected to mail.autowash.co.uk.
<-  220 remote.autowash.co.uk Microsoft ESMTP MAIL Service ready at Thu, 3 Jan 2019 12:07:09 +0000
 -> EHLO davids-imac.local
<-  250-remote.autowash.co.uk Hello [136.62.164.224]
<-  250-SIZE 52183040
<-  250-PIPELINING
<-  250-DSN
<-  250-ENHANCEDSTATUSCODES
<-  250-STARTTLS
<-  250-AUTH
<-  250-8BITMIME
<-  250-BINARYMIME
<-  250 CHUNKING
 -> MAIL FROM:<david@davids-imac.local>
<-  250 2.1.0 Sender OK
 -> RCPT TO:<test@foo.com>
<** 550 5.7.1 Unable to relay
 -> QUIT
<-  221 2.0.0 Service closing transmission channel
=== Connection closed with remote host.

Open in new window


I'd suggest your next step is to use SWAKS to debug your SMTP conversations.

Start by running SWAKS inside your network, then ssh into some remote machine + run SWAKS from there.

If you watch the entire SMTP conversation in SWAKS, likely you'll quickly see the problem.

I use SWAKS many times each day. SWAKS is a tool I can't imagine living without.
CRL ltdAuthor Commented:
Hi All,  we found the issue, it was IP Block List Providers being enabled on the server.  when we disabled that mail started flowing again.  in the list there was spamhaus, spamcop and dnsbl.njabl.org.
David FavorLinux/LXD/WordPress/Hosting SavantCommented:
Glad you tracked down the problem!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.