Sign in
 
HomeOnline20132010Other VersionsLibraryForumsGalleryEHLO Blog
TechCenter >
Outward bound emails stalled in queue

Unanswered Outward bound emails stalled in queue

  • Wednesday, August 09, 2006 3:21 AM
     
     
    Sign In to Vote
    0
    I have just gone through the painful process of rebuilding my W2K server after a v nasty trojan trashed my registry and forced me to perform a fresh server re-install.

    I have setup W2K Server with Exchange 2000 and all services packs & updates are installed.  I was able to successfully recover all my emails etc from the old system thanks to a very recent full backup done-  HOWEVER - all is not working as it should:

    Following the installation of Exchange Server 2000 I find that incoming mail is working fine but all outgoing SMTP mail is stalled or refused. I have read all the documentation online that I can find and everything seems to be setup the way it should be but no mail gets out. I installed and ran SMTPDIAG.exe (results below) and also ran NSLOOKUP.

    Note: I use a POP client to get inward bound email which delivers this to my SMTP connector.

    NSLookup reported as follows:
    Default server: w2kserver.simnet.local
    Address: 192.168.0.1 


    The SMTPDiag.exe command was
    SMTPDIAG admin@simnet.local somebody@externalsite.com
    The results were:

    Searching for Exchange external DNS settings.
    Computer name is W2KSERVER.
    VSI 1 has the following external DNS servers:
    203.134.64.66, 203.134.65.66
    Checking SOA for externalsite.com
    Checking external DNS servers.
    Checking TCP/UDP SOA serial number using DNS server [203.134.64.66].
    TCP test succeeded.
    UDP test failed.
    Serial number: 2006072802
    Checking TCP/UDP SOA serial number using DNS server [203.134.65.66].
    TCP test succeeded.
    UDP test failed.
    Serial number: 2006072802
    Checking internal DNS servers.
    Checking TCP/UDP SOA serial number using DNS server [192.168.0.1].
    TCP test succeeded.
    UDP test failed.
    Serial number: 2006072802
    Checking TCP/UDP SOA serial number using DNS server [203.134.64.66].
    TCP test succeeded.
    UDP test failed.
    Serial number: 2006072802
    Checking TCP/UDP SOA serial number using DNS server [203.134.65.66].
    TCP test succeeded.
    UDP test failed.
    Serial number: 2006072802
    SOA serial number match: Passed.
    Checking local domain records.
    Starting TCP and UDP DNS queries for the local domain. This test will try to validate that DNS is set up correctly for inbound mail. This test can fail for 3 reasons.
    1) Local domain is not set up in DNS. Inbound mail cannot be routed to local mailboxes.
    2) Firewall blocks TCP/UDP DNS queries. This will not affect inbound mail, but will affect outbound mail.
    3) Internal DNS is unaware of external DNS settings. This is a valid configuration for certain topologies.
    Checking MX records using TCP: simnet.local.
    A:     simnet.local [192.168.0.1]
    A:     simnet.local [192.168.1.100]
    Checking MX records using UDP: simnet.local.
    A:     simnet.local [192.168.0.1]
    A:     simnet.local [192.168.1.100]
    Both TCP and UDP queries succeeded. Local DNS test passed.
    Checking remote domain records.
    Starting TCP and UDP DNS queries for the remote domain. This test will try to validate that DNS is set up correctly for outbound mail. This test can fail for 3 reasons.
    1) Firewall blocks TCP/UDP queries which will block outbound mail. Windows 2000/NT Server requires TCP DNS queries. Windows Server 2003 will use UDP queries first, then fall back to TCP queries.
    2) Internal DNS does not know how to query external domains. You must either use an external DNS server or configure DNS server to query external domains.
    3) Remote domain does not exist. Failure is expected. Checking MX records using TCP: externalsite.com
    MX:    mx1.externalsite.com (10)
    MX:    mx2.externalsite.com (20)
    A:     mx1.externalsite.com [220.240.226.162]
    A:     mx2.externalsite.com [202.7.81.135]
    Checking MX records using UDP: externalsite.com
    MX:    mx1.externalsite.com (10)
    MX:    mx2.externalsite.com (20)
    Both TCP and UDP queries succeeded. Remote DNS test passed.
    Checking MX servers listed for somebody@externalsite.com
    Connecting to mx1.externalsite.com [220.240.226.162] on port 25.
    Connecting to the server failed. Error: 10060
    Failed to submit mail to mx1.externalsite.com.
    Connecting to mx2.externalsite.com [202.7.81.135] on port 25.
    Connecting to the server failed. Error: 10060
    Failed to submit mail to mx2.externalsite.com.

    System setup.

    There are two NICs installed.

    NIC 1 [connected to my internal (local) area network]
    IP number is 192.168.0.1
    Mask 255.255.255.0
    Default gateway is open
    DNS Server is set at 192.168.0.1

    NIC 2 [connected to my DSL router]
    IP Number is 192.168.1.100
    Mask 255.255.255.0
    Default Gateway 192.168.1.1 [which is the IP of the DSL router itself]
    DNS links are given as 203.134.64.66 and 203.134.65.66

    Note:
    I can surf the web fine with these settings no errors.
    I can ping any external website without problem
    I can traceroute to any external site without problem
    Outward bound mail fails.

    Note:
    I have tried routing outgoing mail to a smart host and that fails
    I have tried direct delivery and that fails too.
    I don't know what else to try to do to resolve this.

    Note:
    At this point I am NOT runninng any firewall software but I will install ISA Serv once I have mail flowing properly
    Therefore there is nothing running that should block port 25.

    Help please (before I pull out what's left of my hair!!!!)
     

All Replies

  • Thursday, August 17, 2006 7:26 AM
     
     
    Sign In to Vote
    0

    ok... sounds to me like something isn't listening or is blocking you from getting you through to port 25.

    It's possible that your ISP is blocking you from sending mail precisely because it detected you had a virus and was working to contain you from infecting other customers. If this is the case, you're going to have to call them up, there's no way around this issue. Some ISPs also have strict policies on how they will take oubound port 25 traffic, some forbid it completely while others require some form of authentication.

    To diagnose this problem further I would look in the event logs, attempt to telnet into port 25 to the IP in question and see what errors are reported, and look in the queue viewer to see what the diagnostic string reports on the queue that is retry.

    If this doesn't get you towards the answer, I'd repost this question in the "Transports" forum, there's a lot of folks there that will be able to help you more quickly and better.

    Good luck!

     
  • Thursday, August 17, 2006 5:50 PM
     
     
    Sign In to Vote
    0

    I'd also follow up with...

    Is this a business, or a home?  Is your external IP (DSL router) a static IP, or dynamic IP?  In any case, you may have previously set up an SMTP Connector on your Exchange server to send all outbound mail out via your ISP's mail server as a SmartHost.  If you have a dynamic IP, this is almost always required, not to mention that there are RBL's that are configured with known dynamic IP ranges, and will block connections from them.

    I'd agree with Greg here that it sounds like your ISP is blocking port 25 outbound, either administratively (simply don't allow it), or because they know you had a virus (was it a mass-mailing worm?).