Ryan Martin
asked on
Issues with Microsoft Exchange 2016 external emails not delivering
Microsoft Exchange 2016: Emails going to queue and not sending for a while but do eventually send. Users will receive messages from server about the mail being in queue and will retry for the next 1day...
In the connectivity log we have entries like so:
2019-06-18T12:59:41.954Z,0
2019-06-18T12:59:41.954Z,0
2019-06-18T12:59:41.954Z,0
2019-06-18T12:59:41.954Z,0
2019-06-18T12:59:43.297Z,0
2019-06-18T12:59:43.297Z,0
2019-06-18T12:59:43.297Z,0
2019-06-18T12:59:43.297Z,0
2019-06-18T12:59:43.298Z,0
2019-06-18T12:59:43.298Z,0
2019-06-18T12:59:44.757Z,0
I have one Exchange server at Site A and another Exchange server at Site B ( this server contains mailbox database ), both are identical in version. I recently migrated mailboxes from A to B and tried changing external/internal DNS over to point to Site B only but this is when email delivery issues started to occur. Settings are identical on both servers so I'm confused why I am having issues. After reverting DNS back i am still having these issues. Is there a delay between Exchange servers when they are on separate AD sites? Also, all internal emails work perfectly and show up almost immediately.
In the connectivity log we have entries like so:
2019-06-18T12:59:41.954Z,0
2019-06-18T12:59:41.954Z,0
2019-06-18T12:59:41.954Z,0
2019-06-18T12:59:41.954Z,0
2019-06-18T12:59:43.297Z,0
2019-06-18T12:59:43.297Z,0
2019-06-18T12:59:43.297Z,0
2019-06-18T12:59:43.297Z,0
2019-06-18T12:59:43.298Z,0
2019-06-18T12:59:43.298Z,0
2019-06-18T12:59:44.757Z,0
I have one Exchange server at Site A and another Exchange server at Site B ( this server contains mailbox database ), both are identical in version. I recently migrated mailboxes from A to B and tried changing external/internal DNS over to point to Site B only but this is when email delivery issues started to occur. Settings are identical on both servers so I'm confused why I am having issues. After reverting DNS back i am still having these issues. Is there a delay between Exchange servers when they are on separate AD sites? Also, all internal emails work perfectly and show up almost immediately.
ASKER
Both servers are listed in the send connector. We are using AppRiver as the spam filter.
Check the public IP(s) you are using to send email to AppRiver against the blacklists: https://mxtoolbox.com/blacklists.aspx
I've seen situations where a cloud filter blocked attempts to send email because the mail IP address they used was listed on a number of blacklists due to an internal client being compromised and outgoing port 25 not being limited to just the mail servers.
I've seen situations where a cloud filter blocked attempts to send email because the mail IP address they used was listed on a number of blacklists due to an internal client being compromised and outgoing port 25 not being limited to just the mail servers.
ASKER
The site states: Listed 0 times with 3 timeouts.
OK. Are your servers configured to use DNS for sending emails or are you configured to route through AppRiver? You should be set for the latter. AppRiver's setup guides explain how to do this.
ASKER
Right now they are configured to use DNS for sending emails. Are you saying using a smart host is my only viable option?
sendconnector.JPG
scoping.JPG
sendconnector.JPG
scoping.JPG
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I have chatted with AppRiver support and they are enabling the Smart Host feature, but will take a couple hours until is ready. How will that fix the external email issue (google and others are just blocking our emails all of a sudden?) The external emails sent fine before I introduced the new Exchange server into the environment, so i figured it had something to do with that.
ASKER
Okay now i have another issue once the Smart host is configured i had email rules to redirect some mail for internal addresses, is there a way to have the send connector for all external emails (the smart host) and another one for internal?
@Ryan,
Case 1
Your problem is related to Outgoing and relaying email towards the other server.
If you were using external DNS such as (8.8.8.8, 1.1.1.1) which is not recommended - and then you started using internal such as your -
local Ip (192.168.1.2) the problem "Might" lie on the DNS forwarders. Your DNS is not resolving your domains you need to add some IP -
to your forwarders thus the can resolve any domain
Case 2
If you have an exchange within the same forest your connector will be the same in both servers. If your server was working then I highly doubt that could be the issue. Problem DNS not resolving names.
Let me know if anything applies, I don't want to write more cases before I get more answer about your configs.
Case 1
Your problem is related to Outgoing and relaying email towards the other server.
If you were using external DNS such as (8.8.8.8, 1.1.1.1) which is not recommended - and then you started using internal such as your -
local Ip (192.168.1.2) the problem "Might" lie on the DNS forwarders. Your DNS is not resolving your domains you need to add some IP -
to your forwarders thus the can resolve any domain
Case 2
If you have an exchange within the same forest your connector will be the same in both servers. If your server was working then I highly doubt that could be the issue. Problem DNS not resolving names.
Let me know if anything applies, I don't want to write more cases before I get more answer about your configs.
ASKER
So we have successfully created a new send connector that routes mail to our new smart host in AppRiver. The queues on both Exchange servers are empty, and mail does deliver within a reasonable amount of time except for any going to gmail accounts? I've tested: Yahoo, Outlook.com, AIM, and COX and all of them deliver almost immediately. Any thoughts on that? We have a valid SSL certificate and SPF record....
@Ryan
Creating a new connector shouldn't be the way to go, as an admin is always good to leave that as the last resource, even if you are in a production environment, determine the root of a problem must be PLUS. But I totally understand you want to fix the issue.
Based on your descriptive issues you could've tried a few things.
1 - reboot the transport services that controls outgoing and incoming email flow.
2- Re-check the connector settings. (based on your primary comment section, the problem started after you changed the DNS) to me maybe you did not have forwarders or maybe all you needed was to restart the transport service.
Think about this, if everything was ok and the problem happened all of the sudden why would you check certificate and SPF.
A certificate only provides encryption from the server towards the client not for connection. SPF is only to avoid domain spoofing and tell the ISP provider your domain is legitimate.
Creating a new connector shouldn't be the way to go, as an admin is always good to leave that as the last resource, even if you are in a production environment, determine the root of a problem must be PLUS. But I totally understand you want to fix the issue.
Based on your descriptive issues you could've tried a few things.
1 - reboot the transport services that controls outgoing and incoming email flow.
2- Re-check the connector settings. (based on your primary comment section, the problem started after you changed the DNS) to me maybe you did not have forwarders or maybe all you needed was to restart the transport service.
Think about this, if everything was ok and the problem happened all of the sudden why would you check certificate and SPF.
A certificate only provides encryption from the server towards the client not for connection. SPF is only to avoid domain spoofing and tell the ISP provider your domain is legitimate.
ASKER
You would check the certificate and SPF record to make sure Google isn't marking our server as spam source. The DNS for the Exchange server points to the local AD domain controller. The AD domain controller has forwarders set up for external addresses using 1.1.1.1 and 8.8.8.8.
ASKER
Okay guys I think everything is good, after setting up the smart host for sending emails, and verifying DNS it all started to work as expected. I appreciate the comments.
Are both servers listed as source servers on the organization's Send connector for the Internet (Go into mail flow > send connectors and look for the one whose address scope is "*" and see which servers are listed as source servers)?
Also, what are you using as a spam filter?