So, it is a good time to summarise the diagnosis procedure so the same problem can be tackled quickly.
It is based on W2k3 , Exchange Server 2k3 environment. 1.) Check the port of your firewall or setup the NAT in your router if you can not get any mail sent out/got in. 2.) If only some special domain having problem, then need to look at your DNS. Use nslookup, (u can start it from DNS management console or type in DOS command mode.). the first line will tell you which DNS you are using, if no DNS display, you need to specify a valid DNS on your machine. Then type in the problematic mail DN, e.g. mail.hotmail.com It will show you all the IPs that the DNS can resolve. If no valid IP shown, you need a qualified or updated DNS , I recommended one 130.88.13.7. I hope others can contribute more so we can balance the network traffic to a single DNS. You also can nslookup the mx server to see if their existence,
If you confirm it is a the DNS problem, you need a new DNS either put into the DNS forward IP option or midify the SMTP protocol in the exchange server management as describe: Exchange system manager->Administrative groups->First Administrative group->Servers-Your Server->Protocols->SMTP->Right Click Default Virtual Server->Properties->Delivery->Press Advanced Button->Press Configure Button near the Configure external DNS servers-> add a new good one and move to top. Stop/start the smtp server. 3.) Still having problem, You must look at the antivirus program. I had the Norton AV 10 installed. Maybe it is the installation order problem or it is an internal bug of NAV. I have to disable the Internet email Auto-protect to get hotmail email to go out. Remember after clicking the tick box in NAV configure page, you also need to press OK button. Otherwise, this won't effect. 4) Last try is to disable the EDNS. You need to install the support tool form the W2k3 CD and change dir to the drive:/Program Files/Support tools/ and type in: dnscmd /config /enableednsprobes 0
But I suspect this will cure the program. Only the last option before reinstallation. That will most of the program of stuck at some special domain(s). If still not working, I bet you need to reinstall. MS exchange is a long term product, should not be that problematic. So, try to find most possible traps first.
< Message edited by tanghz -- 27.Feb.2006 7:36:42 PM >
I have solved my problem. I have not been able to send to MSN, Hotmail, and emidaho. Bottom line is NAV 10 was causing my problem. I disabled NAV exchange scanning and on access scan but was still getting NDR's. Had to stop the services on NAV and my messages in my queues got delivered with in 20 minutes. I was using exchange 2000 fully patched, and server 2000 fully patched. Hope this helps!
Just adding my own input to the fray; i managed to rectify this problem by lowering the MTU size on the ADSL modem router. Like most of you everything was working fine until one day it just stopped working. It was initially set at 1500 but found it could not route emails out that were over 1kb in size. This explains why I COULD SEND blank test emails with outlook express/pop3, outlook express/exchange and OWA OK but COULD NOT SEND with outlook/pop3 or outlook/exchange (as default emails in Outlook use html so the code brought the total message size over 1kb). It also explains why the remote access (VNC & RDP) stopped working and i could only connect in via RDP after establishing a VPN connection. A reboot of the modem and server often saw everything work for 5-10 minutes. Changing the adsl modem router (i tried three different types, An old Alcatel Speedtouch, Netgear DG834GT and an SMC 7904BRA ADSL2+ and none of them worked) It was only until i set the MTU to 1458 that everything was stable - emails, www, remote access etc.
This was to suit changes for Telstra Bigpond Broadband in Perth Western Australia.
I've since had this problem at three independent sites all using the same ISP!
Just to add more confusion to the debate. We also have the same problem. We can send to Hotmail etc OK but we have a problem with a couple of other domains, one being kardex.ie We use a watchguard firewall which has the latest software and use the SMTP proxy filter. The one thing I did notice on the firewall was that our server would contact the kardex.ie mailserver on port 25 but the reply back on random tcp ports above 1000. When I contacted the ISP for the domain they said we had our server configured wrong but surely not if we can send to everyone else. This is what they said
Server A connects /from/ a random port to port 25 on Server B. Server B then communicates back to Server A from port 25 /to/ that random port that Server A originated the session from. So yes the email transfer is on port 25 but only on one of the two servers - on the other server (i.e. the one that originated the connection) it uses a random high (i.e. > 1024) port. I've just double checked this against a few different types of mail servers and see the same behaviour on them all.
So we're trying to communicate back to the port they originated the session from.
I got the same prob, to only 1 domain, but I got this error
did not reach the following recipient(s): ....... on Thu, 6 Jul 2006 14:54:31 +0700 You do not have permission to send to this recipient. For assistance, contact your system administrator. <... #5.7.1 smtp;501 5.7.1 This system is not configured to relay mail from <...> to <...> for my server IP> and an Event ID: 3018 MSExchange Transport.
I tried all suggestion, & Microsoft's solution for error: #5.7.1 but none helps! any one knows, please THanks!
I solved it at the end though not completely!! I tried to send by yahoo but got the same error! So, if any of you, failed with all advices, ring your ISP
See my posting just up the page about Port problems. This was what we had to fix.
If you are using a Watchguard firewall this is where the problem is. Microsoft mention this on their website saying that you should contact Watchguard for a fix. Did that and they were as much help as a chocolate teapot!!!!!
What you need to do is add the DNS in the SMTP as suggested and any of the other fixes suggested before. Especially PTR and A records.
We have Watchguard X700 and X2500 firewalls and this is what I did to get it all to work.
Dynamic NAT needs to be setup with an entry for the internal mailserver address - external address. Advanced NAT Service = tick the "Enable Service Based NAT" On the Filtered SMTP Service = Choose Simple NAT in dropdown and add the entry for the internal mailserver address - external address on the incoming tab. Watchguard will try to tell you not to do this but if you don't you will not be able to send any mail or use the internet.
Add the DNS Service = Choose Simple NAT in dropdown and add the NAT entry for the internal mailserver address - external address on the incoming tab. The reason for adding the DNS service is that the mailserver should have at least one external DNS entry within the SMTP settings. It was the reply back from the DNS that was not getting through the firewall. The service will now forward any DNS replies back to the Mailserver.
Not having all the above NAT entries will cause the mailserver to stop sending emails and will also stop all Internet traffic.
I hope this helps at least someone out there and many thanks for all the other postings about this because it gave me some idea as to where I should be looking.
If you have a watchguard firewall my advice would be not to renew the license as I have had to ask them several other techy questions before and have always ended up telling them how to fix it and as I pointed out to them I am not a firewall expert!!!! So what is the money for?
Andy
Text for the search engines Watchguard X700 Watchguard X2500 The semaphore timeout period has expired The connection was dropped by the remote host Unable to bind to the destination server in DNS The connection was dropped due to an SMTP protocol event sink SMTP could not connect to any DNS server
I have had the same issues and resolved it by Symantec Un-Check (anti-virus).
NOW I have a new problem.
If I send email to my account FROM hotmail.com I get it. When I reply to it I get it at my hotmail.com account fine.
When I create a NEW email and send it to my hotmail.com account it does not get delivered. It leave my server fine but it never hits my hotmail.com account.
If I reply to a email from hotmail.com it works fine.
I don't know any more which stupid told me to mess with DNS settings. Check this out: Open MS DNS, right click on server name, properties, advanced, "Disable recursion" checkbox MUST BE EMPTY !!!!!!!!! In forwardes tab add ISP's DNS server IP.
Had the same problem here, Solved the problem by checking the dns server under fully qualified domain name. (default smpt virtual server - delivery - advanced) The hostname must be the same as your isp hostname. klick check dns. Smart host - use isp smtp to relay (smtp.xs4all.nl)
Connectors - SmallBusiness SMTP connector Properties Use Forward all mail through thes connector to the following smart host smtp isp (smtp.xs4all.nl)
That worked for my client
Thanx for pointing me in the direction. Anthony Donkers
Ok I have gone through and read all 7 pages of this forum and I am happy to say that my scenario is unique to everyone here with the SAME problem.
I am running MS WINDOWS 2000 SERVER SP4 running EXCHANGE 2003 SP2 in a Windows 2000 Domain. I can not send to a few domains on this server.
I have already tried the following answers (meaning do not post it if i have it listed)
(sorry to be blunt but tired of seeing the same answers posted and tired of getting answers that don't apply to my situation and yes I have already tried implementing them just to see for grins and giggles with no luck either)
1) reverse PTR with ISP 2) External DNS server in Exchange (if you can find out what the resolvers are for primelink1.net I'd be glad to know what they are so I can try that) 3) no fixup protocol for SMTP on Pix 4) disable EDNS (not running windows 2003 so it doesn't apply) 5) adjustment for cisco pix for DNS size (again applies to windows 2003 only) 6) restarting server or SMTP services does not work at all (not even for a second) 7) disable Auto-protect in NAV --- Not running NAV
Well, You need to try the next Step: -Open Esm(console) -Clik on Server -Select Protocol -Click on SMTP After select DEFAULT SMTP VIRTUAL PROTOCOL right click Properties and go to Delivery Tab on click Avanced and check(FQDN). To do Check DNS, If you DNS display "Is no Valid", Need Configure IP DNS External or to Write The Dns Correct.
Good Lucky
_____________________________
Eng. Hector Colina Microsoft Certified Coord. Infraestruture
Hello All! First time post here. I have one issue sending to Yahoo. I read all 7 pages of this post and tried just about all of it and cant seem to get something that sticks. I have Exch2003 on srvr2003 behind a cisco asa5520 firewall. i turned off the inspections and still othing.
i see the thread hasnt been posted since Jan. 2007 so if anyone kows anything new that would be great
Posts: 926
Joined: 11.Mar.2005
From: Virginia, USA
Status: offline
Are you getting any NDR (non delivery report)? please post it Make sure you have RDNS for your domain. Make sure you are not on the any of the RBL list Make sure you are not on Yahoo black list ( call yahoo) Make sure there is no Cisco Firewall issue (article id 828263) http://support.microsoft.com/kb/828263
Thanks for the Response!! I have reverse dns working, AOL and Gmail and Hotmail seem to think its ok. I can telenet into an aol server with the standard response, no issues there. I disabled DNS inspect at my Cisco firewall. You had mentioned calling Yahoo, do you have a number for them or an email? i cant seem to find anything. I used http://www.mxtoolbox.com/blacklists.aspx to check blacklists they claim im clean. Freakin Frustrating!
AHA! found something! check out http://apews.org they seem to have a block of adresses Blacklisted there and my MX records are in that block! UGH Contacting my ISP now to see what can be done
I read every page on this post and I figured out our issue with Exchange.
I was getting the classic: "The connection was dropped by the remote host." and "This message was rejected due to the current administrative policy by the destination server. Please retry at a later time. If that fails, contact your system administrator." error messages. However, when I would telnet to port 25 on the destination server everything seemed fine. When I would telnet to port 25 on the destination server from the SENDING server (the Exchange server) I would get "450 DNS lookup didn't match <IP address>-><PTR Record>-><>
What I found out is that even though there is a PTR record being reported on the IP address on the SENDING server, it is not a "Verified" address. That means that the recieving server was checking the DNS of both the PTR and the IP address to make sure that they both resolved back to the same address and even though our IP address had a PTR record, the PTR record itself didn't resolve to the IP address in our ISP's DNS A records. For some reason, my workstation PTR and DNS record resolve back and forth perfectly (thanks Mediacom!) but Comcast was lazy and doesn't automatically setup the DNS side of things for the sending server.
Fixing this cleared up alot of various issues sending emails out. I hope this has helped someone with their email issues.
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Printable Version
All Forums >> [Microsoft Exchange 2003] >> Message Routing >> RE: Cannot send mail to certain domains 
RE: Cannot send mail to certain domains - 
RE: Cannot send mail to certain domains - 
RE: Cannot send mail to certain domains - 
Remote side does not support a required SMTP Extension (if you have AUTH configured, for example) 
Check this out: Open MS DNS, right click on server name, properties, advanced, "Disable recursion" checkbox MUST BE EMPTY !!!!!!!!! In forwardes tab add ISP's DNS server IP. 
RE: Cannot send mail to certain domains - 
RE: Cannot send mail to certain domains - 
New Messages
No New Messages
Hot Topic w/ New Messages
Hot Topic w/o New Messages
Locked w/ New Messages
Locked w/o New Messages
Post New Thread
