none
Exchange 2010 Receives But Does Not Send Email To Internet

    Question

  • I have set up Exchange 2010.

    I have installed everything and am able to receive emails from external world but I cannot send to them, eg I cannot send to Yahoo.

    I have used the Exchange Test Connectivity here: https://testexchangeconnectivity.com and everything worked fine.

    I have also configured the Send Connectors and everything seems fine, yet, I cannot send emails to external addresses.

    Internally, everything works fine. Please help

     

    Ifeatu!

    Friday, July 02, 2010 5:37 PM

Answers

  • Ok, let us know what you find out from your firewall guys tomorrow.  Bottom line is that we have fixed some misconfigurations with the multiple send connectors so don't put those back.  Keep one outbound send connector.  I would suggest not enabling external DNS lookup on the send connector.  If you do, make sure that you specify external DNS servers to use.  Let us know what happens.
    Tim Harrington - Catapult Systems - http://HowDoUC.blogspot.com
    • Marked as answer by Ifeatu Osegbo Wednesday, July 07, 2010 3:00 PM
    Monday, July 05, 2010 7:55 PM
  • Do you have a one-to-one NAT configured for your Exchange server that corresponds to the IP listed on your MX records?  If so, check to make sure that your domain is not listed on any Real-time Black Lists (RBL's).  You can check here:  http://mxtoolbox.com/blacklists.aspx

    Ok, check the basics.  You may need to get your "Cisco" guys involved.  Start with your DNS MX record.  Have you created a MX record that points to the IP address assigned to you by your Internet Service Provider (ISP)?  You will then need to allow inbound traffic over SMTP (port 25) to access that public IP.  You will also need to make sure that you have a Network Address Translation (NAT/PAT) rule configured to forward traffic destined for your public IP and SMTP (port 25) to your Exchange server responsible for accepting messages (Edge Transport or Hub Transport).  If this is setup correctly, you should be able to telnet to other email (SMTP) servers FROM your Exchange server.  If you can't, then your firewall configuration needs to be corrected.  Also check any Windows Server firewall settings to ensure that they are not blocking this traffic.

    • Marked as answer by Ifeatu Osegbo Wednesday, July 07, 2010 3:00 PM
    Tuesday, July 06, 2010 8:23 PM

All replies

  • Are you getting NDR's?  Emails in the queue?  Is Exchange HUB the last hop to the Internet or is it passing through a smarthost/Edge server?  Do you have port 25 outbound open on your firewall?
    Tim Harrington - Catapult Systems - http://HowDoUC.blogspot.com
    Friday, July 02, 2010 5:45 PM
  • Yes, I have the following:

    451 4.4.0 Primary target IP address responded with: "421 4.2.1 Unable to connect." Attempted failover to alternate host, but that did not succeed. Either there are no alternate hosts, or delivery failed to all alternate hosts.

    The Exchange is Hub, no Edge at all, no smart host at all.. Port 25 is open and I confirmed with telnet.

    Thanks for your prompt response.

     

    Friday, July 02, 2010 5:54 PM
  • Is there coexitence with older version of Exchange?  How many Send Connectors have been created?  How many HUB servers to you have?  If no one can send outbound, sounds like a mis-configuration or a DNS lookup issue.

    Can you run Get-SendConnector | fl and post the results?  Looking for AddressSpaces, DNSRoutingEnabled, SmartHosts, SourceTransportServers, Enabled, port


    Tim Harrington - Catapult Systems - http://HowDoUC.blogspot.com
    Friday, July 02, 2010 6:17 PM
  • Do you have a one-to-one NAT configured for your Exchange server that corresponds to the IP listed on your MX records?  If so, check to make sure that your domain is not listed on any Real-time Black Lists (RBL's).  You can check here:  http://mxtoolbox.com/blacklists.aspx

    Friday, July 02, 2010 6:20 PM
  • Thanks all.

    No, there is no coexistence with any Exchange Server. I have up to 4 of them, yet nothing is happening.

    No one can send outbound mails.

    The Get-Send-Connector gives this:

     

    AddressSpaces                : {SMTP:*;1}
    AuthenticationCredential     :
    Comment                      :
    ConnectedDomains             : {}
    ConnectionInactivityTimeOut  : 00:10:00
    DNSRoutingEnabled            : True
    DomainSecureEnabled          : False
    Enabled                      : True
    ForceHELO                    : False
    Fqdn                         : mailserver.domain.com
    HomeMTA                      : Microsoft MTA
    HomeMtaServerId              : mailserver
    Identity                     : OUTGOING INTERNET MAIL
    IgnoreSTARTTLS               : False
    IsScopedConnector            : False
    IsSmtpConnector              : True
    LinkedReceiveConnector       :
    MaxMessageSize               : 10 MB (10,485,760 bytes)
    Name                         : OUTGOING INTERNET MAIL
    Port                         : 25
    ProtocolLoggingLevel         : None
    RequireTLS                   : False
    SmartHostAuthMechanism       : None
    SmartHosts                   : {}
    SmartHostsString             :
    SmtpMaxMessagesPerConnection : 20
    SourceIPAddress              : 0.0.0.0
    SourceRoutingGroup           : Exchange Routing Group (DWBGZMFD01QNBJR)
    SourceTransportServers       : {mailserver}
    UseExternalDNSServersEnabled : False

    AddressSpaces                : {SMTP:*;1}
    AuthenticationCredential     :
    Comment                      :
    ConnectedDomains             : {}
    ConnectionInactivityTimeOut  : 00:10:00
    DNSRoutingEnabled            : True
    DomainSecureEnabled          : False
    Enabled                      : True
    ForceHELO                    : False
    Fqdn                         : mailserver.domain.com
    HomeMTA                      : Microsoft MTA
    HomeMtaServerId              : mailserver
    Identity                     : Outgoing Internet Mails
    IgnoreSTARTTLS               : False
    IsScopedConnector            : False
    IsSmtpConnector              : True
    LinkedReceiveConnector       :
    MaxMessageSize               : 10 MB (10,485,760 bytes)
    Name                         : Outgoing Internet Mails
    Port                         : 25
    ProtocolLoggingLevel         : None
    RequireTLS                   : False
    SmartHostAuthMechanism       : None
    SmartHosts                   : {}
    SmartHostsString             :
    SmtpMaxMessagesPerConnection : 20
    SourceIPAddress              : 0.0.0.0
    SourceRoutingGroup           : Exchange Routing Group (DWBGZMFD01QNBJR)
    SourceTransportServers       : {mailserver}
    UseExternalDNSServersEnabled : True

    AddressSpaces                : {SMTP:*;1}
    AuthenticationCredential     :
    Comment                      :
    ConnectedDomains             : {}
    ConnectionInactivityTimeOut  : 00:10:00
    DNSRoutingEnabled            : True
    DomainSecureEnabled          : False
    Enabled                      : True
    ForceHELO                    : False
    Fqdn                         : mailserver.domain.com
    HomeMTA                      : Microsoft MTA
    HomeMtaServerId              : mailserver
    Identity                     : L1
    IgnoreSTARTTLS               : False
    IsScopedConnector            : False
    IsSmtpConnector              : True
    LinkedReceiveConnector       :
    MaxMessageSize               : 10 MB (10,485,760 bytes)
    Name                         : L1
    Port                         : 25
    ProtocolLoggingLevel         : None
    RequireTLS                   : False
    SmartHostAuthMechanism       : None
    SmartHosts                   : {}
    SmartHostsString             :
    SmtpMaxMessagesPerConnection : 20
    SourceIPAddress              : 0.0.0.0
    SourceRoutingGroup           : Exchange Routing Group (DWBGZMFD01QNBJR)
    SourceTransportServers       : {mailserver}
    UseExternalDNSServersEnabled : True

    AddressSpaces                : {smtp:*;1}
    AuthenticationCredential     :
    Comment                      :
    ConnectedDomains             : {}
    ConnectionInactivityTimeOut  : 00:10:00
    DNSRoutingEnabled            : True
    DomainSecureEnabled          : False
    Enabled                      : True
    ForceHELO                    : False
    Fqdn                         : mailserver.domain.com
    HomeMTA                      : Microsoft MTA
    HomeMtaServerId              : mailserver
    Identity                     : Internet
    IgnoreSTARTTLS               : False
    IsScopedConnector            : False
    IsSmtpConnector              : True
    LinkedReceiveConnector       :
    MaxMessageSize               : 10 MB (10,485,760 bytes)
    Name                         : Internet
    Port                         : 25
    ProtocolLoggingLevel         : None
    RequireTLS                   : False
    SmartHostAuthMechanism       : None
    SmartHosts                   : {}
    SmartHostsString             :
    SmtpMaxMessagesPerConnection : 20
    SourceIPAddress              : 0.0.0.0
    SourceRoutingGroup           : Exchange Routing Group (DWBGZMFD01QNBJR)
    SourceTransportServers       : {mailserver}
    UseExternalDNSServersEnabled : True

    I checked the MXTOOLBOX and it is not there.

    Note I used the Mail Flow Troublshooter and I had an issue like this:

     Mail submission failed: Error message: The SMTP host was not specified..

    Thanks

     

     

    Friday, July 02, 2010 6:37 PM
  • So you have 4 different Send connectors?  This is your problem, they all have the same address space.  If you have 4 HUB servers you can add all four HUB servers to the same send connector.  Delete all of the send connectors except for one of them and add all HUB servers to use this connector.
    Tim Harrington - Catapult Systems - http://HowDoUC.blogspot.com
    Friday, July 02, 2010 6:47 PM
  • I have removed all except 1. I only have a single Hub.
    Friday, July 02, 2010 6:54 PM
  • ok good, so one send connector and one hub...restart the transport service.  Does it work now?
    Tim Harrington - Catapult Systems - http://HowDoUC.blogspot.com
    Friday, July 02, 2010 6:59 PM
  • Thanks. But It has not dropped into the External Recepient mailbox.

    I noticed the no. of messages in the Queue reduced and I had more Messages on the Message tab of the Queue Viewer.

    Friday, July 02, 2010 7:25 PM
  • Can you run the Get-SendConnector again.  I see that you have UseExternalDNSServersEnabled = true.  Do you have some defined.  If you disable this, it will use your internal DNS servers.  Unless there is a particular reason for using ExternDNS server, I would not check this box.
    Tim Harrington - Catapult Systems - http://HowDoUC.blogspot.com
    Friday, July 02, 2010 7:30 PM
  • Ok...it shows:

    AddressSpaces                : {smtp:*;1}
    AuthenticationCredential     :
    Comment                      :
    ConnectedDomains             : {}
    ConnectionInactivityTimeOut  : 00:10:00
    DNSRoutingEnabled            : True
    DomainSecureEnabled          : False
    Enabled                      : True
    ForceHELO                    : False
    Fqdn                         : mail.domain.com
    HomeMTA                      : Microsoft MTA
    HomeMtaServerId              : mail
    Identity                     : Internet
    IgnoreSTARTTLS               : False
    IsScopedConnector            : False
    IsSmtpConnector              : True
    LinkedReceiveConnector       :
    MaxMessageSize               : 10 MB (10,485,760 bytes)
    Name                         : Internet
    Port                         : 25
    ProtocolLoggingLevel         : None
    RequireTLS                   : False
    SmartHostAuthMechanism       : None
    SmartHosts                   : {}
    SmartHostsString             :
    SmtpMaxMessagesPerConnection : 20
    SourceIPAddress              : 0.0.0.0
    SourceRoutingGroup           : Exchange Routing Group (DWBGZMFD01QNBJR)
    SourceTransportServers       : {mail}
    UseExternalDNSServersEnabled : True

    Do you recommend I disable the External DNS?

    Friday, July 02, 2010 7:42 PM
  • Did you specifically tell it what External DNS servers to use?  If not, then it will fail.  Try disabling it and restarting the Transport service.  Then see what happens.
    Tim Harrington - Catapult Systems - http://HowDoUC.blogspot.com
    Friday, July 02, 2010 7:47 PM
  • I am not sure I did, that, everything is default. How do I tell it which one to us?
    Friday, July 02, 2010 7:54 PM
  • See this link:

    http://technet.microsoft.com/en-us/library/aa997285.aspx

    Use the External DNS Lookup settings on the transport server   Select this check box if you want to use a specific list of external DNS servers instead of the DNS servers configured on the network adapters of the source servers configured for this Send connector.

    Aa997285.important(en-us,EXCHG.140).gifImportant:
    Verify that you have configured the external DNS servers list by using the Set-TransportServer cmdlet, or by using the External DNS Lookups tab in the properties of the Hub Transport server object or the Edge Transport server object.

    Tim Harrington - Catapult Systems - http://HowDoUC.blogspot.com
    Friday, July 02, 2010 7:59 PM
  • Thanks. I tried it with no luck.

    I had to add 2 dns servers from our ISP.

    Friday, July 02, 2010 8:24 PM
  • So it works after adding the two external DNS servers from your ISP?  IF you have External DNS enabled, you must have servers listed, if you don't have external servers in the list then you must not enable external DNS.

    Please let me know if you resolved your issue and it is working now.


    Tim Harrington - Catapult Systems - http://HowDoUC.blogspot.com
    Friday, July 02, 2010 8:30 PM
  • It did not work after the IP address was added. I still see the previous:

    451 4.4.0 Primary target IP address responded with: "421 4.2.1 Unable to connect." Attempted failover to alternate host, but that did not succeed. Either there are no alternate hosts, or delivery failed to all alternate hosts.

    Should it be any thing with the MX records?

    Friday, July 02, 2010 8:35 PM
  • Also, I wish to note that I had created some email address policies ealier.

    We had a .biz domain and we used POP3 to pull all the emails to the .com domain.

    But on the Queue, I see the Outgoing email address as me@domain.biz instead of me@domain.com can this be part of the reason for the problem?

    Friday, July 02, 2010 8:48 PM
  • Hello,

    I figure out that outbound SMTP traffic is not allowed to leave my lan here.

    I can telnet to external smtp servers from outside our network, but I cannot do same from our network.

    I have called the ISP and they said they did not block it. I wil get to talk to the Cisco guys tomorrow.

    Monday, July 05, 2010 5:43 PM
  • Hello

    I had same issue and ISP said they are not blocking, The I requested to speak to a higher level tech and they said they need to open port 25 from their end..So check with them to see if they have port 25 going out blocked or if they are using a different port to route mail externally, if so then you may need to change this on your external send connector. I will be suprise if this have anything to do with Cisco


    Isaac Oben MCITP:EA, MCSE
    Monday, July 05, 2010 6:27 PM
  • Ok, let us know what you find out from your firewall guys tomorrow.  Bottom line is that we have fixed some misconfigurations with the multiple send connectors so don't put those back.  Keep one outbound send connector.  I would suggest not enabling external DNS lookup on the send connector.  If you do, make sure that you specify external DNS servers to use.  Let us know what happens.
    Tim Harrington - Catapult Systems - http://HowDoUC.blogspot.com
    • Marked as answer by Ifeatu Osegbo Wednesday, July 07, 2010 3:00 PM
    Monday, July 05, 2010 7:55 PM
  • Do you have a one-to-one NAT configured for your Exchange server that corresponds to the IP listed on your MX records?  If so, check to make sure that your domain is not listed on any Real-time Black Lists (RBL's).  You can check here:  http://mxtoolbox.com/blacklists.aspx

    Ok, check the basics.  You may need to get your "Cisco" guys involved.  Start with your DNS MX record.  Have you created a MX record that points to the IP address assigned to you by your Internet Service Provider (ISP)?  You will then need to allow inbound traffic over SMTP (port 25) to access that public IP.  You will also need to make sure that you have a Network Address Translation (NAT/PAT) rule configured to forward traffic destined for your public IP and SMTP (port 25) to your Exchange server responsible for accepting messages (Edge Transport or Hub Transport).  If this is setup correctly, you should be able to telnet to other email (SMTP) servers FROM your Exchange server.  If you can't, then your firewall configuration needs to be corrected.  Also check any Windows Server firewall settings to ensure that they are not blocking this traffic.

    • Marked as answer by Ifeatu Osegbo Wednesday, July 07, 2010 3:00 PM
    Tuesday, July 06, 2010 8:23 PM
  • I got to talk to both the ISP and the Network guy and they said smtp 25 is wide open. My Windows Firewall is turned off. I cannot access smtp 25 on external websites/mail servers from any of my clients here or Exchange Server.

    I will not know if there is any other way/tool I can use to trace where the smtp connection is failing.

    Thanks.

    Wednesday, July 07, 2010 1:06 PM
  • I tried using network monitor to fix this and I noticed that all the Telnet and SMTP based protocol is going thru my LAN interface. The External Interface that is facing the internet is not seeing the traffic.

    Please how do I direct all the traffic from the local adapter on the Exchange Server to the External Adapter

    Wednesday, July 07, 2010 2:43 PM
  • Solved.

    I found out I had a Default Gateway on my Local Network Interface. I had to remove it and everything worked like a magic.

    Thanks to you all and network monitor, it is a great tool.

    Thanks TWHarrignton.

    Wednesday, July 07, 2010 2:59 PM