Limited time MSExchange.org offer! -- 1.Sep.2008 1:00:00 PM
TechGenix and SolarWinds have partnered to provide free copies of SolarWinds Exchange Monitor to all visitors who join the MSExchange.org Forums. SolarWinds Exchange Monitor is a handy desktop dashboard that continuously monitors Microsoft Exchange to deliver real-time insight into Exchange services, mail queue sizes, and host server health. Learn more about Exchange Monitor and the free offer!
External DNS and SMTP server - 22.Jan.2009 10:29:21 AM
I apologize if this has been answered in another post, however I have tried searching but I have not been able to find anything that quite matches my situation.
I currently have an exchange 2007 server with almost all(except for one or two) of our mailboxes on it, and an exchange 2003 server acting as the SMTP server. For the most part, everything seems to work fine, however sending to some domains fail, I believe this has to do with the fact that my external DNS server is set as one thing and the internal FQDN on the SMTP server is set to something different. However, when I try to change this, it kills the smtp relay function for the 2007 server and I am not able to send from this server. What am I missing, is there a setting that needs to be changed on the 2007 server as well?
Posts: 7111
Joined: 7.Jan.2004
From: California, USA
Status: offline
Please describe the manner in which the messages are failing. Are you receiving an NDR? What does it say? Does the message end up stuck in a queue? If so, what's the name of the queue? What troubleshooting steps have you already performed?
_____________________________
Regards,
Dean T. Uemura Microsoft MVP - Exchange exchangeguy.blogspot.com uemurad@yahoo.com
For the messages that fail to random domains I get :
This is an automatically generated Delivery Status Notification.
Unable to deliver message to the following recipients, due to being unable to connect successfully to the destination mail server.
However if I go to the exchange 2003 server and do a telnet to port 25 of the SMTP server for that email's MX record I can connect.
Yes the emails get stuck in the queue, the queue name is internet mail SMTP connector ("Servername") - "domain of email" (SMTP Connector) and the state goes from Active to retry.
I have not done a whole lot of troubleshooting because I was not quite sure of what to do beyond making sure DNS resolved and that I could connect to the other servers on port 25 from the SMTP server.
< Message edited by cmorris05 -- 22.Jan.2009 11:12:33 AM >
Also the message I get off the queue from the 2007 server is:
451 4.4.0 Primary target IP address responded with: "535 5.7.3 Anonymous authentication is not allowed." Attempted to failover to alternate host, but that did not succeed. Either there are no alternate hosts, or delivery failed to all alternate hosts.
Note that this is only when the SMTP server on the 2003 server is set to the external DNS name, when it is set to the DNS name of the server it works fine.
Posts: 7111
Joined: 7.Jan.2004
From: California, USA
Status: offline
Do the SMTP addresses for the users on the 2007 server use the same SMTP domain as the external FQDN for the 2003 server? In other words, if your user has a sending address of user@mydomain.com, does the PTR record for your public IP address for your 2003 server point to something like exch2003server.mydomain.com, or do they list different domain names?
If you perform the telnet test from the 2003 server, can you create/deliver a manually created message addressed from an actual user address?
_____________________________
Regards,
Dean T. Uemura Microsoft MVP - Exchange exchangeguy.blogspot.com uemurad@yahoo.com
Yes, the domains are the same internal and external is svhed.org. All of our external DNS points to that domain and our internal DNS is on that domain.
Telnet to what server? just someones SMTP server?
< Message edited by cmorris05 -- 22.Jan.2009 2:51:20 PM >
Posts: 7111
Joined: 7.Jan.2004
From: California, USA
Status: offline
If you know an address or domain to which you cannot send messages, that would be the place to start. What you're looking for during the Telnet session is a response giving you information as to why the message isn't being accepted.
_____________________________
Regards,
Dean T. Uemura Microsoft MVP - Exchange exchangeguy.blogspot.com uemurad@yahoo.com
Posts: 7111
Joined: 7.Jan.2004
From: California, USA
Status: offline
Do you have a PTR record for the public IP address from which your mail is coming? In other words, if you were to query the public DNS for your public IP address, would it return a FQDN with your domain name?
The initial response you are seeing looks like the SMTP filter on a Cisco box (MailGuard). Do you have such a device on your side of the Internet?
_____________________________
Regards,
Dean T. Uemura Microsoft MVP - Exchange exchangeguy.blogspot.com uemurad@yahoo.com
And yes, when I do a reverse lookup on the external IP for that server it resolves to the same one that is set for our external DNS. It does not return the actual server name, but does return what I have configured on our global DNS provider.
We have a Cisco PIX, but no other devices like that.
Yes, our domain through our registrar is svhed.org and our email addresses are svhed.org.
I do not think the PIX I have uses fixups, I believe it was replaced by inspect maps. The only thing that I can find that would be close to what you are talking about is the ESMTP inspect map, and it is set to log only, not to drop.
Posts: 7111
Joined: 7.Jan.2004
From: California, USA
Status: offline
Okay, let's regroup.
You say that if you allow the outbound messages to go directly out from the 2007 server, everything works. When you attempt to send them through the 2003 server, it fails to deliver to some domains.
1. Are the 2007 and 2003 servers in the same Exchange organization? 2. Are the domains to which delivery fails always the same ones? 3. What does Message Tracking say about the failed deliveries? 4. Have you attempted to test a telnet session from your 2007 server to your 2003 server pointing to a recipient address in one of the problem domains?
_____________________________
Regards,
Dean T. Uemura Microsoft MVP - Exchange exchangeguy.blogspot.com uemurad@yahoo.com
You say that if you allow the outbound messages to go directly out from the 2007 server, everything works. When you attempt to send them through the 2003 server, it fails to deliver to some domains.
Im sorry if I did not communicate that correctly. There are two problems that I believe are related. The one thing that never changes is the 2003 server is always the SMTP server. One problem is that the way I have the FQDN of the SMTP server set on the 2003 server it seems to not be able to send mail to some domains. I believed this to be because the FQDN is configured as the name of the server and the FQDN set up at the registrar for global DNS is a different name. So, I changed the FQDN on the SMTP server to try to fix this problem, which creates a second problem, that users with mailboxes (all of them) on the 2007 server are not able to send through the SMTP server on the 2003 server.
quote:
1. Are the 2007 and 2003 servers in the same Exchange organization?
Yes
quote:
2. Are the domains to which delivery fails always the same ones?
I am not 100% sure about all of them, but I know two that does always fail mac.com and me.com which are both through apple.
quote:
3. What does Message Tracking say about the failed deliveries?
It depends on how it is set up, if the email can be sent from the 2007 server to the 2003 smtp server, then I get no error on 2007 but the email sits in the queue on the 2003 server. If I change the FQDN on the SMTP server as I described above I get the error: "451 4.4.0 Primary target IP address responded with: "535 5.7.3 Anonymous authentication is not allowed." Attempted to failover to alternate host, but that did not succeed. Either there are no alternate hosts, or delivery failed to all alternate hosts." and the mail sits in the queue on the 2007 server.
quote:
4. Have you attempted to test a telnet session from your 2007 server to your 2003 server pointing to a recipient address in one of the problem domains?
No.. but I am not sure that is relevent since it is able to send when the FQDN is set to the name of the server.. I could very well be wrong though.
< Message edited by cmorris05 -- 23.Jan.2009 1:59:35 PM >
Posts: 7111
Joined: 7.Jan.2004
From: California, USA
Status: offline
quote:
Im sorry if I did not communicate that correctly.
No worries - it's hard to communicate at an appropriate level through a half-duplex dialog...
quote:
It depends on how it is set up, if the email can be sent from the 2007 server to the 2003 smtp server, then I get no error on 2007 but the email sits in the queue on the 2003 server. If I change the FQDN on the SMTP server as I described above I get the error: "451 4.4.0 Primary target IP address responded with: "535 5.7.3 Anonymous authentication is not allowed." Attempted to failover to alternate host, but that did not succeed. Either there are no alternate hosts, or delivery failed to all alternate hosts." and the mail sits in the queue on the 2007 server.
In the ESM, drill down to your 2003 server, then to Protocols and SMTP. Open the properties of the Default SMTP Virtual Server, and on the Access tab click on Relay. Is the "Allow all computers which successfully authenticate to relay, regardless of the list above" checkbox checked? It needs to be.
_____________________________
Regards,
Dean T. Uemura Microsoft MVP - Exchange exchangeguy.blogspot.com uemurad@yahoo.com
In the ESM, drill down to your 2003 server, then to Protocols and SMTP. Open the properties of the Default SMTP Virtual Server, and on the Access tab click on Relay. Is the "Allow all computers which successfully authenticate to relay, regardless of the list above" checkbox checked? It needs to be.
I do have that checkbox checked. Sorry for not replying sooner, busy weekend and busier Monday.
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Printable Version
All Forums >> [Microsoft Exchange 2003] >> Message Routing >> External DNS and SMTP server 
Limited time MSExchange.org offer! -- 1.Sep.2008 1:00:00 PM
External DNS and SMTP server - 
New Messages
No New Messages
Hot Topic w/ New Messages
Hot Topic w/o New Messages
Locked w/ New Messages
Locked w/o New Messages
Post New Thread
