none
Not receiving e-mails from outside after setting up Exchange 2013

    Question

  • Hi Guys,

    I have just setup an brand new Exchange 2013 which working almost 80 % if i may put it that way.

    My users are sending e-mails without and problem.The issue i have is users cannot receive e-mails from outside the organisation When we send emails we get bounce back that says recipient address rejected: User unknown in
    virtual mailbox table'

    My Environment

    dc on server 2012 r2 exchange (both cas and mailboxon one server) on server 2012  r2.

    Thanks


    Kassoka

    Saturday, September 10, 2016 8:47 AM

Answers

  • For direct SMTP to work with your exchange you need a few things:

    1. an static IP address (dynamical can work, through something like DynDNS, but it is an pain in the ass and you will need to send through a smarthost if you don't want to be blocked all the time)
    2. an router/firewall with an configured port forwarding of Port 25 TCP to your Exchange
    3. an MX record for your domain which is pointing to your external IP address (see 1.)

    For the why you need this stuff and what a MX record is lets assume I want to send an mail to silvestre.kassoka@example.com:

    1. my e-mail goes from my e-mail client (e. g. Outlook) to my mail server (e. g. Exchange)
    2. as the mail server doesn't know to which mail server it needs to send the e-mail it takes a look at the mail exchanger record (short MX record) in the DNS zone of example.com
    3. the e-mail is now send to to the mail server of example.com
    4. the mail server of example.com checks some things like if the address exists
    5. the mail server of example.com puts the mail into the mailbox of silvestre.kassoka@example.com and can bee pulled from the e-mail client

    This is an short version of mail flow, there are a few more steps in there for communication beetwen servers, spam protection, etc.

    Your problem is at step 4, the mail server doesn't know the address silvestre.kassoka@example.com. This can have multiple reasons:

    1. there is really no address silvestre.kassoka@example.com configured, most common issue for this is a typo in the mail address
    2. the MX record shows to the wrong mail server, e. g. the mail server of the ISP instead of the exchange server, mostly seen after the the domain provider is changed
    3. the port forwarding shows to the wrong mail server, e. g. the old non-exchange mail server

    Mostly a domain comes in some sort of package, like webspace. These packages contain normally some e-mail addresses, for these the provider uses his own mail server. The MX record for an domain points therefore to the provider mail server. If you want to use your own mail server you need to change the MX record. At some providers you can change the MX record in some sort of web interface, at some it can only be changed through their support.

    You can use ether a build-in tool like nslookup or some web tool like mxtoolbox to check your MX record.

    For the firewall, you don't need one normally the router from the ISP is enough to get it working, all it needs to do is a port forwarding to your Exchange. A wrong configured firewall is worse than an standard router from your ISP. I don't know how often I have seen expensive firewalls that are wide open (any to any, port forwarding for SMB to the file server, etc.)



    Saturday, September 10, 2016 6:22 PM
  • You have two MX records:

    • one srvmail A record with an private IP address
    • one mail2 A record pointing to an server @ linode.com

    the first MX record for srvmail can't work as it is most likely the internal IP address of your server, this needs to point to your (static) external IP address (and the port forwardings at your router/firewall).

    As the first MX record isn't reachable, the sendinig mail server goes to the next one which will be the one @ linode.com. From the SMTP banner of this server I would assume this is your domain provider.




    Monday, September 12, 2016 6:31 PM

All replies

  • As a wild guess (assuming external Mailserver was used before)-> check your MX Record, is it pointing to the correct mail server? Or eventually to your old external Mailserver?

    Another wild guess (assuming direct receiving) would be, if the port forwarding goes to the correct server.


    To eventually get more than some wild guesses a few more information would be nice. Like:

    • How was your e-mails working before Exchange 2013? Another Exchange Server? External Mail Server? Internal Non-Exchange?
    • How should your Exchange receive e-mails? Direct per SMTP? Or eventually POP3 download?
    Saturday, September 10, 2016 9:10 AM
  • Thanks Olaf,

    Here goes , the environment is so small we still have not setup any firewall as yet . Which brings me to another question , is it possible to still receive mail in such a case ( I know its not recommended and not safe).This is a brand new Installation , no old server setup.

    By MX record setup your asking if it is pointing to my internal host name of the exchange server? The Exchange server should receive through direct SMTP.

    I Hope it clarifies a bit.


    Kassoka

    Saturday, September 10, 2016 10:15 AM
  • For direct SMTP to work with your exchange you need a few things:

    1. an static IP address (dynamical can work, through something like DynDNS, but it is an pain in the ass and you will need to send through a smarthost if you don't want to be blocked all the time)
    2. an router/firewall with an configured port forwarding of Port 25 TCP to your Exchange
    3. an MX record for your domain which is pointing to your external IP address (see 1.)

    For the why you need this stuff and what a MX record is lets assume I want to send an mail to silvestre.kassoka@example.com:

    1. my e-mail goes from my e-mail client (e. g. Outlook) to my mail server (e. g. Exchange)
    2. as the mail server doesn't know to which mail server it needs to send the e-mail it takes a look at the mail exchanger record (short MX record) in the DNS zone of example.com
    3. the e-mail is now send to to the mail server of example.com
    4. the mail server of example.com checks some things like if the address exists
    5. the mail server of example.com puts the mail into the mailbox of silvestre.kassoka@example.com and can bee pulled from the e-mail client

    This is an short version of mail flow, there are a few more steps in there for communication beetwen servers, spam protection, etc.

    Your problem is at step 4, the mail server doesn't know the address silvestre.kassoka@example.com. This can have multiple reasons:

    1. there is really no address silvestre.kassoka@example.com configured, most common issue for this is a typo in the mail address
    2. the MX record shows to the wrong mail server, e. g. the mail server of the ISP instead of the exchange server, mostly seen after the the domain provider is changed
    3. the port forwarding shows to the wrong mail server, e. g. the old non-exchange mail server

    Mostly a domain comes in some sort of package, like webspace. These packages contain normally some e-mail addresses, for these the provider uses his own mail server. The MX record for an domain points therefore to the provider mail server. If you want to use your own mail server you need to change the MX record. At some providers you can change the MX record in some sort of web interface, at some it can only be changed through their support.

    You can use ether a build-in tool like nslookup or some web tool like mxtoolbox to check your MX record.

    For the firewall, you don't need one normally the router from the ISP is enough to get it working, all it needs to do is a port forwarding to your Exchange. A wrong configured firewall is worse than an standard router from your ISP. I don't know how often I have seen expensive firewalls that are wide open (any to any, port forwarding for SMB to the file server, etc.)



    Saturday, September 10, 2016 6:22 PM
  • Hi Olaf,

    Thanks for the detailed reply,

    It clears off the whole confusion or at least in theory.

    However, i do not know where i am getting lost, i mean i have created all the

    necessary records for my domain cunhairmao.co.ao , my MX record is pointing

    to the host name of my internal server and an A record as but still it seems

    my server name srvmail.cunhairmao.co.ao cannot be found on the internet.

    Hence i continue to get the same error.


    Kassoka

    Monday, September 12, 2016 5:32 PM
  • Hi Kossoka,

    plz check the accepted domain and email address policy accordingly to the accepted domain plus check where your email is landing on any spam firewall or directly at your email host, check mxtoolbox for all our DNS records  or paste here full NDR.

    Regards.

    Shakir

    Monday, September 12, 2016 5:50 PM
  • Shakir,

    Here goes,

    The following message to <test.test@cunhairmao.co.ao> was undeliverable.

    The reason for the problem:

    5.1.0 - Unknown address error 550-'5.1.1 <test.test@cunhairmao.co.ao>: Recipient address rejected: User unknown in virtual mailbox table'


    Kassoka

    Monday, September 12, 2016 6:16 PM
  • You have two MX records:

    • one srvmail A record with an private IP address
    • one mail2 A record pointing to an server @ linode.com

    the first MX record for srvmail can't work as it is most likely the internal IP address of your server, this needs to point to your (static) external IP address (and the port forwardings at your router/firewall).

    As the first MX record isn't reachable, the sendinig mail server goes to the next one which will be the one @ linode.com. From the SMTP banner of this server I would assume this is your domain provider.




    Monday, September 12, 2016 6:31 PM
  • Hi Olaf,

    Thanks for your suggestion there seems to be progress. I can get a successfuly connectivity from

    testconnectivity.microsoft.com.However the last part that says the message could not be delivered leaves

    somewhat bewildered.

    The open relay test message delivery failed, which is a good thing.
    The exception detail:
    Exception details:
    Message: Mailbox unavailable. The server response was: 5.7.1 Unable to relay
    Type: System.Net.Mail.SmtpFailedRecipientException
    Stack trace:
       at System.Net.Mail.SmtpTransport.SendMail(MailAddress sender, MailAddressCollection recipients, String deliveryNotify, Boolean allowUnicode, SmtpFailedRecipientException& exception)
       at System.Net.Mail.SmtpClient.Send(MailMessage message)
       at Microsoft.Exchange.Tools.ExRca.Tests.SmtpOpenRelayTest.PerformTestReally()
    Elapsed Time: 5579 ms.


    Kassoka

    Monday, September 12, 2016 7:00 PM
  • Hi Guys,

    Its working now!!!!!

    I want to thank you all for your support and a special salute to  Olaf Reitz.

    After getting my MX record to point to my Public IP associated with domain

    and creating a Port forward rule on my ADSL modem  I could get positive results from

    testeconnectivity.microsoft.com. By the way thats your best friend in such a situation.

    Thanks guys.


    Kassoka

    Monday, September 12, 2016 9:11 PM