locked
Exchange 2003 - Not Receiving Mail on 1 of 2 Domains RRS feed

  • Question

  • I've inherited an Exchange server running on SBS 2003. This server is supposed to be receiving mail via standard incoming SMTP for 2 domains, for the sake of this discussion let's call them abcltd.com and xyzltd.com.

    The server was first set up with a local AD domain abc.local. It was first associated with the external domain abcltd.com. I'm told incoming mail worked fine up to "about 8 months ago" for that domain. However, incoming mail is no longer working for that domain.

    At some point, the second domain xyzltd.com was added to the Exchange server. Incoming mail via that domain is working fine at this time.

    I've been using the convenient testexchangeconnectivity.com site to test incoming SMTP mail.

    There are some complications in mail routing to the server. There are 2 separate internet connections at the office, with a separate router for each. However, connectivity seems to be set up correctly: DNS MX records are correct, SMTP port 25 forwarding is set correctly to the server.

    I was able to install the NetMon 3.4 packet sniffer on the server. SMTP traffic reaches the server during tests of both the domains. For the successful domain xyzltd.com, the capture log shows a standard SMTP conversation, interacting with inetinfo (which I understand hosts the Exchange SMTP Virtual Server) on the server. This is confirmed by activity in the Exchange server SMTP log.

    For tests to the unsuccessful abcltd.com domain, the capture log shows fewer packets, and none of them interact with inetinfo. No activity is logged in the Exchange SMTP log.

    My understanding from other Exchange 2003 installations supporting multiple domains is, to make them work all you need to do is: 
    1. Make sure DNS MX records are correct
    2. Make sure routers etc. are set up so incoming traffic can reach the server
    3. Add the new domain to an appropriate Recipient Policy
    4. Apply the Recipient Policy
    5. Check for new SMTP addresses for recipients, add if necessary

    This all appears to have been set correctly in this case.

    My thinking at this point is, there is either a problem with Exchange configuration, or another process running on the server is causing interference.

    The SBS installation seems fairly "vanilla", in a single-homed (not dual-homed) configuration. I've looked at server NIC settings and SMTP Virtual Server properties, I don't see anything that would cause incoming traffic for one domain to work, but the other to fail.

    RRAS is not running on the SBS server. I don't see any 3rd party firewall or routing software installed (other than as noted below).

    Symantec Endpoint Protection (client only) is running on the server. However, its firewall is not configured to do anything special. I have also tested with it turned off, that had no effect.

    A "MailArchiva" mail archiving server is installed and running on the SBS server, but it does not appear to have ever been configured. I have also tested with its service stopped, that also had no effect. 
      
    I have tried removing abcltd.com from Recipient Policies, applying the change, adding it back, and applying the change again. This had no effect.

    It looks as though incoming SMTP traffic is reaching the server during tests for both domains, but the server's response is different:

    SEP: it turns out its client includes a network traffic log. A successful test of xyzltd.com mail appears as a connection to inetinfo.exe on the server, lasting less than one second. An unsuccessful test of abcltd.com mail also appears as a connection to inetinfo.exe, lasting about 10 seconds.

    NetMon: I've saved corresponding successful and unsuccessful captures in NetMon 3.4. The successful test shows testexchangeconnectivity.com connecting to the server's IP address (e.g. 192.168.xxx.yyy), and talking to the inetinfo.exe process. The unsuccessful test shows a connection to the server's name (e.g. server1.abcltd.local), and no process name showing. The first couple of packets for both tests are the same, but the third (and subsequent ones) differ.

    It looks as though, for some reason, inetinfo.exe/IIS/SMTP Virtual Server are responding differently to incoming SMTP traffic for the two different mail domains. At this point I'm at a loss to figure out why. It's possible my predecessors may have made obscure tweaks that are causing this, but I don't know where to check.

    Any ideas or SWAGs appreciated.

    Thursday, August 18, 2011 7:48 PM

Answers

  • This is your problem:

    "There are some complications in mail routing to the server. There are 2 separate Internet connections at the office, with a separate router for each. However, connectivity seems to be set up correctly: DNS MX records are correct, SMTP port 25 forwarding is set correctly to the server. "

    You cannot have two default gateways on the server. Therefore if the email is trying to be delivered through the second connection, Exchange will be sending the response through the wrong connection.

    Two fixes.

    1. Use the same connection for both domains. You can use the same MX records etc. That will allow you to drop the second connection or use it for something else.

    2. Purchase a dual WAN router.

    This is a routing issue, not an Exchange issue.

    Simon.


    Simon Butler, Exchange MVP
    Blog | Exchange Resources | In the UK? Hire Me.
    • Marked as answer by Anonymous1664 Monday, August 22, 2011 7:00 AM
    Thursday, August 18, 2011 10:34 PM

All replies

  • This is your problem:

    "There are some complications in mail routing to the server. There are 2 separate Internet connections at the office, with a separate router for each. However, connectivity seems to be set up correctly: DNS MX records are correct, SMTP port 25 forwarding is set correctly to the server. "

    You cannot have two default gateways on the server. Therefore if the email is trying to be delivered through the second connection, Exchange will be sending the response through the wrong connection.

    Two fixes.

    1. Use the same connection for both domains. You can use the same MX records etc. That will allow you to drop the second connection or use it for something else.

    2. Purchase a dual WAN router.

    This is a routing issue, not an Exchange issue.

    Simon.


    Simon Butler, Exchange MVP
    Blog | Exchange Resources | In the UK? Hire Me.
    • Marked as answer by Anonymous1664 Monday, August 22, 2011 7:00 AM
    Thursday, August 18, 2011 10:34 PM
  • Thanks for your reply - you are correct. This was actually fairly easy to test, just had to wait for a time when I could change the server's default gateway. Whichever router the gateway was set to, its mail domain would work, and the other wouldn't. Interestingly, the routers on both connections are Linksys/Cisco RV042s, which are dual-WAN devices. However, ISTR seeing a post claiming they have a limitation, that port forwarding only works for the primary WAN connection. If true, that would not work for us. Time to do some more research. Updating the secondary mail domain's DNS MX to match the first is probably the way to go for us. Thanks again.
    Monday, August 22, 2011 7:10 AM