none
Unable to Send E-mail

    Question

  • Hello all,  I successfully implemented SBS 2011 on a server.  My users are now logging in just fine via the web and they are authenticating just fine.  Once in, they are able to e-mail each other within the SBS network and are able to access the internal web site.  Cool!!  But we are unable to send e-mail to outside the network for example email to gmail.com or msn.com fails.   We get a message that the server will continue to try but of course it never goes through.  The Best Practices analyzer turned up something critical about the certificates that I think I resolved but after rebooting a few more times the sec analyzer doesn't find any more critical problems but still we can't successfully send e-mail to foreign addresses.  Port 25 is successfully opened on my router as is 80, 443 and 987.  Any ideas or better ways to test this functionality?
    Monday, March 14, 2011 5:08 PM

Answers

  • Hi,

    Based on the output, it looks like the port 25 is blocked.

    Please try telnet the TCP port 25, such as telnet alt4.gmail-smtp-in.l.google.com 25 on the computer and let us know the result.

    If it works, please test it in the telnet context:

    http://support.microsoft.com/kb/153119


    This posting is provided "AS IS" with no warranties, and confers no rights. Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Wednesday, March 16, 2011 8:43 AM
    Moderator
  • Hi Tim,

    It is not your port 25 incoming but the problem is port 25 outgoing. Maybe your ISP is blocking outgoing port 25?


    Regards Ronny
    -------------
    Visit my Blog or follow me on Twitter
    Thursday, March 17, 2011 1:16 PM

All replies

  • Hi,

    Please check in exchange if there is a send connector, and if there is is it configured to use DNS to send email of is there a smart host configured?

    If there is a smart host, can you try to telnet to the smarthost on port 25?


    Regards Ronny
    -------------
    Visit my Blog or follow me on Twitter
    Monday, March 14, 2011 6:55 PM
  • I am not using a smart host  so I am trying to configure DNS).   And yes, I have 2 send connectors listed. Each has a slightly different FQDN.   The FQDN of the first is "mail.domain.net".  The FQDN of the other is "remote.domain.net".

    thanks in advance

    Tim


    Tim Back
    Tuesday, March 15, 2011 2:19 AM
  • hi Tim,

    you have 2 send connectors? can you post the configuration? 


    Regards Ronny
    -------------
    Visit my Blog or follow me on Twitter
    Tuesday, March 15, 2011 6:47 AM
  • Did you use the SBS Console to do any configuration? or are you doing it all through EMC?

    There should be a default SBS Send Connector "Windows SBS Internet Send SERVERNAME" which is set to use DNS by default.

    You should also use the SMTPDIAG program which is very useful at diagnosing outbound email issues, you can download that here : http://www.microsoft.com/downloads/en/details.aspx?familyid=bc1881c7-925d-4a29-bd42-71e8563c80a9&displaylang=en  it does say for Exch 2003 but it works on any system.

    Do you also have things like RDNS/SPF setup?


    Robert Pearman SBS MVP (2010) | robertpearman.wordpress.com | www.itauthority.co.uk | www.thirdtier.net
    Tuesday, March 15, 2011 11:33 AM
    Moderator
  • Happy to but...  How do i find (what command reveals)  the configuration that you want?

    thanks for your help,

     

    Tim


    Tim Back
    Tuesday, March 15, 2011 11:37 PM
  • Robert, you are absolutely right.

    There is is a Windows SBS Internet Send PEQUODSERVER connector although it is the second one listed.  Should i kill the other one?

    I did run the SMTPDIAG program and the only thing that worked was the inbound SMTP test.  All the other tests failed.  I wasn't clear which failures I should focus on as some didn't seem appropriate to my situation.  I don't think I have RDNS and SPF setup as I don't recall doing it.


    Tim Back
    Tuesday, March 15, 2011 11:42 PM
  • Robert, thanks for your patience.  I was using a different SMTP diag tool than the onew you suggested (sorry I am new to exchange and SMTP but trying hard to learn).  I just ran the SMTPDIAG one you suggested and got interesting results.  I ran it from the command prompt on my SBS machine and these are the results.  Please let me know what you think.  (On a perhaps related note I was surprised to see that my domain is blacklisted even though I haven't been in operation for more than 2 weeks--they said it had to do with the fact that my certs are self-signed and not the paid for kind from Verisign)  At any event here it is...

    Searching for Exchange external DNS settings.

    Computer name is SOMESERVER.

    VSI 1 has the following external DNS servers:

    There are no external DNS servers configured.

     

    Checking SOA for gmail.com.

    Checking external DNS servers.

    Checking internal DNS servers.

     

    Checking TCP/UDP SOA serial number using DNS server [192.168.1.149].

    TCP test succeeded.

    UDP test succeeded.

    Serial number: 1444712

    SOA serial number match: Passed.

     

    Checking local domain records.

    Starting TCP and UDP DNS queries for the local domain. This test will try to

    validate that DNS is set up correctly for inbound mail. This test can fail for

    3 reasons.

        1) Local domain is not set up in DNS. Inbound mail cannot be routed to

    local mailboxes.

        2) Firewall blocks TCP/UDP DNS queries. This will not affect inbound mail,

    but will affect outbound mail.

        3) Internal DNS is unaware of external DNS settings. This is a valid

    configuration for certain topologies.

    Checking MX records using TCP: replacedwithdummytext.net.

      MX:    mail.replacedwithdummytext.net (10)

      A:     mail.replacedwithdummytext.net [xxx.xx.75.214]

    Checking MX records using UDP: replacedwithdummytext.net.

      MX:    mail.replacedwithdummytext.net (10)

      A:     mail.replacedwithdummytext.net [xxx.xx.75.214]

    Both TCP and UDP queries succeeded. Local DNS test passed.

     

    Checking remote domain records.

    Starting TCP and UDP DNS queries for the remote domain. This test will try to

    validate that DNS is set up correctly for outbound mail. This test can fail for

    3 reasons.

        1) Firewall blocks TCP/UDP queries which will block outbound mail. Windows

    2000/NT Server requires TCP DNS queries. Windows Server 2003 will use UDP

    queries first, then fall back to TCP queries.

        2) Internal DNS does not know how to query external domains. You must

    either use an external DNS server or configure DNS server to query external

    domains.

        3) Remote domain does not exist. Failure is expected.

    Checking MX records using TCP: gmail.com.

      MX:    alt4.gmail-smtp-in.l.google.com (40)

      MX:    gmail-smtp-in.l.google.com (5)

      MX:    alt3.gmail-smtp-in.l.google.com (30)

      MX:    alt2.gmail-smtp-in.l.google.com (20)

      MX:    alt1.gmail-smtp-in.l.google.com (10)

      A:     alt4.gmail-smtp-in.l.google.com [74.125.65.27]

    Checking MX records using UDP: gmail.com.

      MX:    gmail-smtp-in.l.google.com (5)

      MX:    alt3.gmail-smtp-in.l.google.com (30)

      MX:    alt2.gmail-smtp-in.l.google.com (20)

      MX:    alt1.gmail-smtp-in.l.google.com (10)

      MX:    alt4.gmail-smtp-in.l.google.com (40)

      A:     gmail-smtp-in.l.google.com [74.125.113.27]

    Both TCP and UDP queries succeeded. Remote DNS test passed.

      A:     alt3.gmail-smtp-in.l.google.com [74.125.155.27]

      A:     alt2.gmail-smtp-in.l.google.com [74.125.43.27]

      A:     alt1.gmail-smtp-in.l.google.com [209.85.229.27]

     

    Checking MX servers listed for replacedwithdummytext@gmail.com.

    Connecting to gmail-smtp-in.l.google.com [74.125.113.27] on port 25.

    Connecting to the server failed. Error: 10060

    Failed to submit mail to gmail-smtp-in.l.google.com.

    Connecting to alt1.gmail-smtp-in.l.google.com [209.85.229.27] on port 25.

    Connecting to the server failed. Error: 10060

    Failed to submit mail to alt1.gmail-smtp-in.l.google.com.

    Connecting to alt2.gmail-smtp-in.l.google.com [74.125.43.27] on port 25.

    Connecting to the server failed. Error: 10060

    Failed to submit mail to alt2.gmail-smtp-in.l.google.com.

    Connecting to alt3.gmail-smtp-in.l.google.com [74.125.155.27] on port 25.

    Connecting to the server failed. Error: 10060

    Failed to submit mail to alt3.gmail-smtp-in.l.google.com.

    Connecting to alt4.gmail-smtp-in.l.google.com [74.125.65.27] on port 25.

    Connecting to the server failed. Error: 10060

    Failed to submit mail to alt4.gmail-smtp-in.l.google.com.


    Tim Back
    Wednesday, March 16, 2011 2:26 AM
  • Hi,

    Based on the output, it looks like the port 25 is blocked.

    Please try telnet the TCP port 25, such as telnet alt4.gmail-smtp-in.l.google.com 25 on the computer and let us know the result.

    If it works, please test it in the telnet context:

    http://support.microsoft.com/kb/153119


    This posting is provided "AS IS" with no warranties, and confers no rights. Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Wednesday, March 16, 2011 8:43 AM
    Moderator
  • Hi Joson, I ran the telnet test that you suggested.  It ran but the result was that it failed to connect.  You suggested that perhaps port 25 is closed on my router.  But port 25 is open on my router.  I double checked my router last night.  It is showing port 25 as being open to the IP of my SBS server.    I also ran a port scanner from www.grc.com (the shieldsup utility)  that utility also confirmed that port 25 as well as ports  80, 443 and 987 are all open on my router.

    suggestions?

    many thanks in advance,

    Tim
    Tim Back
    Thursday, March 17, 2011 1:09 PM
  • Hi Tim,

    It is not your port 25 incoming but the problem is port 25 outgoing. Maybe your ISP is blocking outgoing port 25?


    Regards Ronny
    -------------
    Visit my Blog or follow me on Twitter
    Thursday, March 17, 2011 1:16 PM
  • Hi,

    I agree with Ronny. If the outbound traffic is not blocked by the Router, please check it with the ISP.

    Thanks.


    This posting is provided "AS IS" with no warranties, and confers no rights. Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Monday, March 21, 2011 1:29 AM
    Moderator
  • Hi,

    How's everything going? If you need further assistance, please feel free to respond back.

    Have a nice day.


    This posting is provided "AS IS" with no warranties, and confers no rights. Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Friday, March 25, 2011 7:37 AM
    Moderator