Unable to send email to external recipient using Exchange 2007 RRS feed

  • Question

  • I am running Exchange 2007 on a stand alone Win 2003 Server.  It is the only server in the domain.  I can receive email just fine.  The send connector is configured as " * " and "smtp". 


    I have confirmed that my router / firewall is not blocking SMTP traffic and its is port mapped internally to themail server's internal address.


    DNS:  i have an MX record pointing to the server as well as a pointer for "mail.domainname.com"

    I AM able to telnet to port 25 on the server from outside the network and can send myself a test message.

    I'm sure there is something simple here that I am overlooking - but its driving me crazy!


    Currently, all test messages that I've sent to numerous different domains are coming back as "Delayed".  I haven't gotten and NDRs back yet.

    Do I have to configure a separate edge transport server on a different box?  Or can E2007 handle everything from a single server?  I know it seems like a dumb question, but I keep seeing references to pointing mail to a separate server.

    I hope I have provided enough info for someone to help

    Any help is much appreciated!


    - Tony


    Wednesday, December 20, 2006 11:32 PM

All replies

  • Tony,

    A few hints

    1) What role did you install?

    I assume you installed Edge or Hub. What server is the send connector configured to send to? Running "get-sendconnector | fl" should give you that information. If the connector is delivering to a smarthost, can you connect to this smarthost on port 25?

    2) If you want to deliver message to a E2k7 mailbox, you also need to install the mailbox role, create mailboxes and have a domain controller (I assume you already have one, since you say hou hve a domain)

    3) What is the state of those messages you just sent via SMTP. try running these commands from the E12 command line shell:

    >get-queue | fl

    >get-message | fl

    This will give you the last errors encountered when Transport attempted to deliver those messages.

    Let me know,


    Thursday, December 21, 2006 1:27 AM
  • Fritz - Thanks for the response!  These are the answers to your questions:

    1. Roles installed are:  Mailbox, Client Access, & Hub Transport


    2.  Mailbox role is installed - internal mail works fine (Exchange 2007 to Exchange 2007 mailboxes); The mail server is the domain controller (only server in domain).  Here are the "get-sendconnector" results:

    Schema                           : Microsoft.Exchange.Data.Directory.SystemConf
    DNSRoutingEnabled                : True
    SmartHosts                       : {}
    Port                             : 25
    LinkedReceiveConnector           :
    ConnectionTimeOut                : 00:10:00
    ForceHELO                        : False
    IgnoreSTARTTLS                   : False
    Fqdn                             :
    RequireTLS                       : False
    Enabled                          : True
    ExternallySecuredAsPartnerDomain :
    ProtocolLoggingLevel             : None
    AuthMechanism                    : None
    AuthenticationCredential         :
    UseExternalDNSServersEnabled     : False
    SourceIPAddress                  :
    SmartHostsString                 :
    AddressSpaces                    : {smtp:*;1}
    MaxMessageSize                   : 10MB
    DeliveryMechanism                : 2
    ConnectedDomains                 : {}
    IsScopedConnector                : False
    IsSmtpConnector                  : True
    Comment                          :
    SourceRoutingGroup               : Exchange Routing Group (DWBGZMFD01QNBJR)
    SourceTransportServers           : {UNC-SERVER}
    HomeMTA                          : Microsoft MTA
    HomeMtaServerId                  : UNC-SERVER
    MinAdminVersion                  : -2147453113
    AdminDisplayName                 :
    ObjectCategoryName               : msExchRoutingSMTPConnector
    ExchangeVersion                  : 0.1 (8.0.535.0)
    CurrentObjectVersion             : 0.1 (8.0.535.0)
    Name                             : To Internet
    DistinguishedName                : CN=To Internet,CN=Connections,CN=Exchange Ro
                                       uting Group (DWBGZMFD01QNBJR),CN=Routing Gro
                                       ups,CN=Exchange Administrative Group (FYDIBO
                                       HF23SPDLT),CN=Administrative Groups,CN=First
                                        Organization,CN=Microsoft Exchange,CN=Servi
    Identity                         : To Internet
    Guid                             : f109980a-17b1-4960-8823-e8ba35467bf7
    ObjectCategory                   : uncblue.com/Configuration/Schema/ms-Exch-Rou
    ObjectClass                      : {top, msExchConnector, mailGateway, msExchRo
    OriginalId                       : To Internet
    WhenChanged                      : 12/20/2006 3:21:10 PM
    WhenCreated                      : 12/20/2006 3:21:10 PM
    ObjectState                      : Unchanged
    OriginatingServer                : unc-server.uncblue.com
    IsReadOnly                       : False
    Id                               : To Internet
    IsValid                          : True

    Get-Queue "Last message" results -  All outgoing emails are in queue with this error messsage:

    451 4.4.0 Primary target IP address responed with: "421 4.4.1 Connection timed out." Attempted failover to alternate host, but that did not succeed. Either there are no alternate hosts ..

    It does appear that relay attempts are occuring.  I have 600 + messages in the queue and only about 15 are mine (test messages to outside mailboxes).


    Does this info help?




    Thursday, December 21, 2006 4:47 PM
  • Your send connector appears to be fine.

    The DNS name resolution is using the adapters configured on the network card (UseExternalDNSServersEnabled is false) - can you get MX records for those domains using nslookup?

    Can you post the output of some of those queues (run get-queue | fl)? I am interested in the NextHopDomain fields of those queues. It seems to me that you may be connecting to the wrong server (or maybe to a server that does not run SMTP). To better diagnose this, you should also enable protocol logging.

    > set-sendconnector -Identity 'To Internet' -ProtocolLoggingLevel:Verbose

    This will enable you to see exactly what your server is connecting to and how the protocol dialog unfolds (commands/responses, etc).

    Also, are you sure your firewall is not blocking outside connections on port 25?

    Let me know how this goes


    Thursday, December 21, 2006 6:17 PM
  • Yes, I am getting MX records in nslookup for the domain...


    Here are the get-queue results (I deleted most of the messages in the queue just to clean it up)

             [MSH] C:\Documents and Settings\Administrator>get-queue | fl

    Identity         : unc-server\138
    DeliveryType     : DnsConnectorDelivery
    NextHopDomain    : pfgworld.com
    NextHopConnector : f109980a-17b1-4960-8823-e8ba35467bf7
    Status           : Active
    MessageCount     : 8
    LastError        :
    LastRetryTime    : 12/21/2006 2:20:01 PM
    NextRetryTime    :
    IsValid          : True
    ObjectState      : Unchanged

    Identity         : unc-server\271
    DeliveryType     : DnsConnectorDelivery
    NextHopDomain    : casefoam.com
    NextHopConnector : f109980a-17b1-4960-8823-e8ba35467bf7
    Status           : Ready
    MessageCount     : 0
    LastError        :
    LastRetryTime    :
    NextRetryTime    :
    IsValid          : True
    ObjectState      : Unchanged

    Identity         : unc-server\313
    DeliveryType     : DnsConnectorDelivery
    NextHopDomain    : yahoo.com
    NextHopConnector : f109980a-17b1-4960-8823-e8ba35467bf7
    Status           : Active
    MessageCount     : 2
    LastError        :
    LastRetryTime    : 12/21/2006 2:18:49 PM
    NextRetryTime    :
    IsValid          : True
    ObjectState      : Unchanged

    Identity         : unc-server\Submission
    DeliveryType     : Undefined
    NextHopDomain    : Submission
    NextHopConnector : 00000000-0000-0000-0000-000000000000
    Status           : Ready
    MessageCount     : 0
    LastError        :
    LastRetryTime    :
    NextRetryTime    :
    IsValid          : True
    ObjectState      : Unchanged


    No, my firewall is not blocking anything - this server replaced a fully functional and working Exchange 2003 server that has been removed (Exchange services stopped, completely different domain, not connected to this server in any way).  I never had this problem w/ the old server...


    Do the get-queue results tell you anything?



    Thursday, December 21, 2006 9:42 PM
  • This tells me that you have a total of 10 messages, 2 in one queue, 8 in the other. The 2 queues are active, meaning they are have established or are trying to establish a connection. Do the message counts change when you call get-queue multiple times? Do you ever see a value in the "last error" field of the queue? Is the "last error" string you sent earlier taken off a message?

    If the status of a queue is Active for too long but the queue does not deliver any messages, there is a problem somewhere along the process of establishing the connection - either in the MX record resolution or in attempting to connect to the destination IP address retuned by the MX query.

    So let's find out what's wrong with our outbound connections on this machine. To do this we will enable the connectivity log (it is not enabled by default)

    >set-transportserver -Identity:<identity of transport server> -ConnectivityLogEnabled:$true

    You can get the identity of the server by looking at the Identity field of the object returned running get-transportserver (the Name field works as well)

    Look at the path set for the field ConnectivityLogPath of the transport server object. This is where your log files will be.

    Now pick a queue whose status is Retry and has messages in it (MessageCount > 0), (not the submission queue) and run "retry-queue <queue identity>". This will tell the server to attempt a connection immediately, instead of waiting until the next retry time. Then look in the connectivity log directory, you should have some log data - the destination, the IP, etc. this way we'll know if we connect to the right servers. Optionally, you can wait until the connection times out as you described and see what gets written in the log.

    Friday, December 22, 2006 12:17 AM
  • Tony

    I didnt see anywhere that you have edge servers installed? Is that right? If that is so, is something preventing the hub to relay mail to the internet

    From your last error it looks like the hub is not able to push out the mail since it doesnt know where to send it to - so there's a misconfig there.

    About your NDR question - the delay notifications are generated 4hrs from sending mail - but expiry time for messages aka NDR will come only after 2 days of sending mail. So, please be aware and increase the expiry time to longer if the issue is not getting fixed.




    Saturday, December 23, 2006 7:22 PM
  • Hey All,


    Funnily enough i am having the same issue. However mine is a bit different it that i have Domain1 set up all good a working fine with about 9 server, one being an exchange 2003 box and all works fine. This is our companies domain ... however i am setting up a few servers for s sub company, and getting them all up and going prior to installing them at their site, to minimise down time. I have only one server in this DOMAIN2, it is on its own domain, with exchange 2007 installed and is the domain controller.


    The only way that the two domains are linked is that the UNTRUST port of the DOMAIN 2 firewall is going into the DOMAIN1 switch to enable external connection to the internet. This all works fine ... internet all good etc.


    However i am having the same issue as above ... i can send mail internally all fine, but when i try and send to an external domain, the messages just sit in the queue retrying all the time but reporting no error message. I have donethe above with the ConnectivityLog and the results as below ...


    #Software: Microsoft Exchange Server
    #Log-type: Transport Connectivity Log
    #Date: 2007-05-03T23:55:07.031Z
    #Fields: date-time,session,source,Destination,direction,description
    2007-05-03T23:55:07.031Z,08C95BF37519319D,SMTP,gmail.com,>,Failed connection to (0000274C)
    2007-05-03T23:55:28.140Z,08C95BF37519319D,SMTP,gmail.com,>,Failed connection to (0000274C)
    2007-05-03T23:55:49.140Z,08C95BF37519319D,SMTP,gmail.com,>,Failed connection to (0000274C)
    2007-05-03T23:56:10.156Z,08C95BF37519319D,SMTP,gmail.com,>,Failed connection to (0000274C)

    I have the send connector addresses set to * and all seems normal. I have SMTP, MAIL, HTTP, HTTPS enabled in the firewall for DOMAIN2 so shouldnt be an issue. There is also MS-Exchange as an option to allow, whichi havn't tried yet. I havetried to send to our domain itself as well DOMAIN1, and it has the same errors as above ....


    Any help would be appreciated.

    Friday, May 4, 2007 12:05 AM
  • From the Ex07 mail server that is acting as the edge


    c:\telnet destination.mailserver.com 25


    If you cannot connect that way and receive an smtp banner, your smtp is being filtered. Either by the destination, or by your ISP.

    When in doubt, attempt the connection manually.

    Tuesday, May 8, 2007 8:59 PM
  • Tuesday, November 20, 2007 7:15 PM
  • Hi did you manage to solve the problem  ?

    I have a very simillar one:

    1 Exchanege 2007 Standard Server (rollup 5) installed on an W2K3 Standard R2 (which is also DC)  with all roles except edge.

    The topology does not imply an edge server, around 10% of the messages are kept several hours in the submission queue with DnsConntectorDelivery delivery type al others are OK.

    The remote MX server are perfecttly visible with nslookup (set q=mx) from that machine using the same ns server, and if I use telnet <remote ip> 25 everything seems OK.

    1. I've changed the send conector several times.

    2. Internal mail is perfectly OK.

    3. There is no pattern for the remote domains on which the queue is blocking (even yahoo.com sometimes).


    I really do not know what to do next, except downgrade to 2k3.

    Here is output for get-sendconnector:

    AddressSpaces                : {smtp:*;1}
    AuthenticationCredential     :
    Comment                      :
    ConnectedDomains             : {}
    ConnectionInactivityTimeOut  : 00:10:00
    DNSRoutingEnabled            : True
    DomainSecureEnabled          : True
    Enabled                      : True
    ForceHELO                    : False
    Fqdn                         : otpleasing.ro
    HomeMTA                      : OTPLEASING.LOCAL/Configuration/Deleted Objects/Microsoft MTA
    HomeMtaServerId              : OTPLEASING.LOCAL/Configuration/Deleted Objects/Microsoft MTA
    Identity                     : Send Connector
    IgnoreSTARTTLS               : False
    IsScopedConnector            : False
    IsSmtpConnector              : True
    LinkedReceiveConnector       :
    MaxMessageSize               : 20MB
    Name                         : Send Connector
    Port                         : 25
    ProtocolLoggingLevel         : Verbose
    RequireTLS                   : False
    SmartHostAuthMechanism       : None
    SmartHosts                   : {}
    SmartHostsString             :
    SourceIPAddress              :
    SourceRoutingGroup           : Exchange Routing Group (DWBGZMFD01QNBJR)
    SourceTransportServers       : {C10}
    UseExternalDNSServersEnabled : True


    and the output for one of those queues:


    Identity         : c10\125
    DeliveryType     : DnsConnectorDelivery
    NextHopDomain    : totalsoft.ro
    NextHopConnector : 0872ac6a-0b58-41df-9719-9d0e1b73a934
    Status           : Active
    MessageCount     : 1
    LastError        :
    LastRetryTime    : 11/27/2007 10:09:06 AM
    NextRetryTime    :
    IsValid          : True
    ObjectState      : Unchanged


    Other mentions: I had F-secure install on that server but was uninstalled.


    Many thanks and any help will be highly appreciated




    Tuesday, November 27, 2007 12:08 PM



    check you can succesfully telnet to the server the mx record points to on
    port 25


    Ex: telnet mail.mailservername.com 25


    if you coudn,t telnet do right click on your network connection and repair then try to telnet.



    Sunday, September 28, 2008 11:36 AM