none
Can't send outgoing email to external websites

    Question

  • Hi All,

    We've recently setup Office 365 on hybrid mode with Exchange Server 2010.

    All was working well - until we installed Exchange Server 2013 (2012 R2) alongside 2010.

    Users can no longer email outside of the organisation. We've checked the send connectors and it is setup to route all mail to mx record, and NOT smart host. (we CAN receive)

    We ran the remote connectivity analyzer and it came back as failed, see below:

    The outbound SMTP test failed.

    Elapsed Time: 22168 ms.

    Attempting reverse DNS lookup for IP address 217.179.26.144.
      Reverse DNS lookup failed.
     
    Additional Details
     
    IP address 217.xxx.xxx.xxx doesn't have a PTR record in DNS.

    It also came back with:

    The Microsoft Connectivity Analyzer wasn't able to find the SPF record.
      
    More than one SPF record was found. You may have only one SPF record.

    we think we have resolved this last error by removing the SPF records and replacing with one LIKE this:

    v=spf1 ip4:10.10.10.1/16  mx ptr:Sender.domain.com include:spf.protection.outlook.com ~all

    Any help would be greatly appreciated

    Thanks in advance,

    DG


    Test Steps
     
    Attempting reverse DNS lookup for IP address 217.179.26.144.
      Reverse DNS lookup failed.
     
    Additional Details
     
    IP address 217.179.26.144 doesn't have a PTR record in DNS.
    Elapsed Time: 20 ms.

    Wednesday, August 10, 2016 4:27 PM

Answers

  • Hi DG

    I would have them check, i cannot telnet to your domain on port 25, connection failed. Your mail should go to 365 but 365 probably cannot get to you either because that port is not open. See below:

    C:\windows\system32>telnet bidefordcollege.org 25
    Connecting To bidefordcollege.org...Could not open connection to the host, on port 25: Connect failed.


    Edward van Biljon - Exchange MVP

    • Marked as answer by displaynameftw Thursday, August 11, 2016 1:00 PM
    Wednesday, August 10, 2016 6:08 PM
    Moderator

All replies

  • Hi

    Installing a higher version of exchange should not break mail as you haven't added it to the send connector for outbound. If you have you will obviously need to assign it a public ip but Exchange 2010 should still send fine.

    Yes, you can only have 1 SPF Record in place and if O365 is your first point then point to it rather.


    Edward van Biljon - Exchange MVP

    Wednesday, August 10, 2016 4:46 PM
    Moderator
  • Hi Edward,

    Thanks for replying to my post.

    We did change the send connector for outbound, to go from Exchange 2013. What exactly do you mean by that we need to assign it a public IP? I have our public IP to hand.

    Thanks again,

    DG

    Wednesday, August 10, 2016 4:53 PM
  • Hi there

    Is your public IP natted to your 2010 server and just used for SMTP or did you NAT it to your 2013 instead?

    If you remove 2013 and add the 2010 server back does mail flow?


    Edward van Biljon - Exchange MVP

    Wednesday, August 10, 2016 5:01 PM
    Moderator
  • Hi Edward,

    We believe that it is natted to 2013 now, we had to request this from the company that deals with our external DNS and firewall. Do you know of a sure fire way to test this?

    We tried that - but unfortunately mail still does not flow.

    Thanks,

    DG

    Wednesday, August 10, 2016 5:04 PM
  • Hi DG

    the first step from outside is to telnet to you domain for example mail.domain.com on port 25 and see if it is closed. If so you will need to get hold of your company that does the firewall to check. you can perform the same test internally to an external company and see if port 25 responds.


    Edward van Biljon - Exchange MVP

    Wednesday, August 10, 2016 5:09 PM
    Moderator
  • Hi Edward,

    I cannot telnet from the exchange server to our domain.org, it says connect failed. Could I run the same telnet check on an external company i.e. google mail?

    Thanks for your ongoing help,

    DG

    Wednesday, August 10, 2016 5:43 PM
  • Hi DG

    What is your domain that i can try and telnet to it and see if port 25 is open? I doubt google will allow telnet, i cannot telnet to them. You can try my lab which is thexchangelab.com


    Edward van Biljon - Exchange MVP

    Wednesday, August 10, 2016 5:56 PM
    Moderator
  • Hi Edward,

    I tried to telnet thexchangelab.com and it comes back as connect failed. Does this almost certainly mean our firewall is blocking us? Am I right in thinking that if this is the case, we need to ask our provider to check that all outbound traffic can go out through port 25?

    All of our incoming mail first goes through 365, so I imagine if you telnet to that us it would reach 365.

    Our domain is domain.org.

    Thanks again,

    DG


    Wednesday, August 10, 2016 6:02 PM
  • Hi DG

    I would have them check, i cannot telnet to your domain on port 25, connection failed. Your mail should go to 365 but 365 probably cannot get to you either because that port is not open. See below:

    C:\windows\system32>telnet bidefordcollege.org 25
    Connecting To bidefordcollege.org...Could not open connection to the host, on port 25: Connect failed.


    Edward van Biljon - Exchange MVP

    • Marked as answer by displaynameftw Thursday, August 11, 2016 1:00 PM
    Wednesday, August 10, 2016 6:08 PM
    Moderator
  • Another thing, did you re-run the hybrid wizard at all and select your 2013 server as well?

    Edward van Biljon - Exchange MVP

    Wednesday, August 10, 2016 6:09 PM
    Moderator
  • Hi Edward,

    I will talk to them tomorrow about this to check. I think we may have ran this already, but I'll also check this tomorrow.

    Thanks again for your help with this, I'll keep posted to this forum page tomorrow.

    DG

    Wednesday, August 10, 2016 7:01 PM
  • Hi,

    According to above troubleshooting steps,the issue may be caused by firewall side.

    Please confirm if your firewall is blocking port 25.

    In addition,as the issue occurs after installing exchange 2013,I suggest we also double check the send connector configuration,or create a new send connector for test.

    https://technet.microsoft.com/en-us/library/jj657457(v=exchg.150).aspx

    Look forward to your update.

    Regards,



    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    David Wang_
    TechNet Community Support

    Thursday, August 11, 2016 2:37 AM
    Moderator
  • Hi DG

    I did a test now again and still cannot telnet to your domain on port 25, what does your ISP say?


    Edward van Biljon - Exchange MVP

    Thursday, August 11, 2016 9:05 AM
    Moderator
  • Hi Edward and David,

    After contacting my providor again, they opened up the secure SMTP port aswel as port 25. All mail now works well.

    Thank-you so much for your help.

    DG

    Thursday, August 11, 2016 1:00 PM
  • Hi,
    Glad to hear that you got it.
    Please mark some other helpful replies as answers,that will encourage people to take time out to help you. 

    Thanks,
    David



    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    David Wang_
    TechNet Community Support



    Thursday, August 11, 2016 2:24 PM
    Moderator