none
Exchange Server 2013, can send mail but not receive externally RRS feed

  • Question

  • Greetings,

    I have deployed an exchange server in a Windows Server 2012 environment. The server has DC/DNS enabled and exchange is running on a hyper-v layer. 

    The external mail address is mail.nextsolutionllc.com

    Our website will be hosted on godaddy and our mail will be hosted in-house. I created an A record in Godaddy(named mail) and pointed it to our static IP address. I also created an mx record in godaddy and pointed it to the A record. 

    I have verified all ports required are opened in our cisco ASA firewall. 

    Currently our mail server will SEND mail but will not receive mail. I can send/receive mail internally and send mail externally, just cannot receive external emails. 

    I have used mxtoolbox.com and it gives these results:

    "Connecting to 97.89.55.134

    220 *********************************************************************************************** [655 ms]
    EHLO MXTB-PWS3.mxtoolbox.com
    250-MAIL.NextSolutionLLC.local Hello [64.20.227.133]
    250-SIZE 37748736
    250-PIPELINING
    250-DSN
    250-ENHANCEDSTATUSCODES
    250-XXXXXXXA
    250-XXXXXXXXXXXXXB
    250-AUTH
    250-XXXXXXXXXXXXXXXXXC
    250-8BITMIME
    250-BINARYMIME
    250-XXXXXXXD
    250 XXXXE [712 ms]
    MAIL FROM: <supertool@mxtoolbox.com>
    250 2.1.0 Sender OK [728 ms]
    RCPT TO: <test@example.com>
    550 5.7.1 Unable to relay [5702 ms]

    MXTB-PWS3v2 8753ms

    I Have also used the microsoft test connectivity tool and it said "

    Testing inbound SMTP mail flow for domain 'administrator@nextsolutionllc.com'.
      The Microsoft Connectivity Analyzer failed to test inbound SMTP mail flow.
     
    Additional Details
      Elapsed Time: 83 ms.
     
    Test Steps
     
    Attempting to retrieve DNS MX records for domain 'nextsolutionllc.com'.
      The Microsoft Connectivity Analyzer wasn't able to retrieve MX records from DNS."


    Can anyone give me some insight? I feel as if I'm very close to having a functional exchange server. I did call Charter about ~2 hours ago and ask them to make a reverse DNS lookup for mail.nextsolutionllc.com to our static IP, I know that can take up to 24 hours but still have not had any results.
    Sunday, January 5, 2014 5:47 AM

All replies

  • Hi tpmeredith,

    I am not sure whether the domain name you provided ('nextsolutionllc.com') is a real one. But in case it is, I haven't found the MX on public DNS for this domain! Maybe it is not fully synchronized yet but.

    Furthermore, please make sure that you have added 'nextsolutionllc.com' as an accepted domain in Exchange. See http://technet.microsoft.com/en-us/library/bb124423(v=exchg.150).aspx

    HTH
    Timo

    Sunday, January 5, 2014 9:14 AM
  • You need to talk to you Service Provider, once they make the changes and it's updated, you should be good to Go.

    There's nothing wrong with your exchange right now.


    Cheers,

    Gulab Prasad,

    Technology Consultant

    Blog: www.exchangeranger.com  Twitter:    LinkedIn:   
    Check out CodeTwo’s tools for Exchange admins   

    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Sunday, January 5, 2014 9:18 AM
  • Hi tpmeredith,

    I am not sure whether the domain name you provided ('nextsolutionllc.com') is a real one. But in case it is, I haven't found the MX on public DNS for this domain! Maybe it is not fully synchronized yet but.

    Furthermore, please make sure that you have added 'nextsolutionllc.com' as an accepted domain in Exchange. See

    HTH
    Timo

    It is a real domain, it is already in the accepted domains in exchange and is the default domain. I also already have the SSL certificate activated, https://mail.nextsolutionllc.com/owa/ is active and working too.
    Sunday, January 5, 2014 9:23 AM
  • Awesome, that's good to hear. I just want to make sure I have this up by monday at the latest. I called the service provider roughly 6-7 hours ago and they said the reverse lookup should be active within 24 hours. You can't see anything else that may need to be setup in advance before my monday deadline?
    Sunday, January 5, 2014 9:24 AM
  • Next thing is, Wait and Watch :)

    Cheers,

    Gulab Prasad,

    Technology Consultant

    Blog: www.exchangeranger.com  Twitter:    LinkedIn:   
    Check out CodeTwo’s tools for Exchange admins   

    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Sunday, January 5, 2014 9:54 AM
  • Still patiently waiting,

    One thing I noticed however is when I email into the server I immediately get a failed confirmation which states, "Delivery to the following recipient failed permanently:

    Technical details of permanent failure:
    Google tried to deliver your message, but it was rejected by the server for the recipient domain nextsolutionllc.com by nextsolutionllc.com. [192.186.250.168].

    The error that the other server returned was:
    550"

    However, the IP address it mentions there is not my static IP for mail.nextsolutionllc.com , it is my godaddy IP which was in use until yesterday.
    Sunday, January 5, 2014 4:32 PM
  • Also when I use the mxtoolbox, is it supposed to have this in one of the fields? That is the local address/hostname for the mail server, should that read mail.nextsolutionllc.com ? 

    250-MAIL.NextSolutionLLC.local Hello 
    Sunday, January 5, 2014 4:39 PM
  • You need to telnet test the SMTP. 

    check out http://support.microsoft.com/kb/153119/en-us and half way down the page is how to test your server. 

    Check internally then check from an outside computer.  

    I think you have an issues with you router/firewall.

    Sunday, January 5, 2014 5:36 PM
  • Using whatsmyip.org/port-scanner/ internally and radmin's port scanner externally, 25 is open for that hyper-v.

    However, I cannot telnet into it, connection times out for both mail.nextsolutionllc.com and it's static IP
    Sunday, January 5, 2014 5:50 PM
  • If I telnet into the exchange server from within network using it's local IP it works fine.
    Sunday, January 5, 2014 5:51 PM
  • Also I can telnet externally using port 2525 just not port 25, port is confirmed open on my cisco asa and windows firewall disabled for testing
    Sunday, January 5, 2014 6:51 PM
  • You should be able to Telnet the Port 25.
    Check SMTP inspection on the firewall and make sure it's Disabled.

    Cheers,

    Gulab Prasad,

    Technology Consultant

    Blog: www.exchangeranger.com  Twitter:    LinkedIn:   
    Check out CodeTwo’s tools for Exchange admins   

    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.


    • Edited by Gulab Prasad Sunday, January 5, 2014 7:49 PM update
    Sunday, January 5, 2014 7:22 PM
  • Gulab,

    Thanks for the insight. I disabled esmtp inspection on our cisco ASA and it cleared up one of the errors mxtoolbox was issuing saying it did not support TLS. Now we still have a warning on reverse DNS mismatch.

    Perhaps you can look for us at mxtoolbox, mail.nextsolutionllc.com
    Sunday, January 5, 2014 9:16 PM
  • Also I followed this guide step by step, telnetting in from external:
    http://technet.microsoft.com/en-us/library/bb123686(v=exchg.150).aspx

    Everything worked, obviously where kate@fabrikam.com I changed to administrator@nextsolutionllc.com

    When I logged in I had a message in the inbox from chris@contoso.com


    However, at some point today I can't even send emails now. Using the microsoft connectivity tester it says it should be working.
    Monday, January 6, 2014 1:43 AM
  • Nevermind, it just came threw but took quite a long time. (30+ minutes)
    Monday, January 6, 2014 1:56 AM
  • I believe you open port 25 at the router/firewall and maybe your ISP is blocking port 25 for you.  

    Monday, January 6, 2014 3:40 AM
  • Port 25 is open, I guarantee it. Scan it if you don't believe me: 97.89.55.134


    I can even telnet now to that IP externally via port 25 from my office.

    I'm probably going to revert to godaddy email cause this business needs to be up tomorrow.
    Monday, January 6, 2014 3:55 AM