Windows, Operating System, Security, Networking, Malware, Support, Forum, Help Site Check Our Facebook Page!
Notices
Windows Server System Post your Windows Server System questions here. Besides Windows Server, this also includes other Microsoft Server software (such as BizTalk Server, Exchange Server, ISA Server & others).


Register your FREE account to unlock additional features at WindowsBBS.com
   
 
 
LinkBack Thread Tools
Old 17th December 2007   #1
Inactive
THREAD STARTER
 
Profile:
Join Date: Jul 2002
Location: Australia
Posts: 77
Computer Experience:
Always learning new
simond Reputation Level

Exchange server 2003: Not receiving Emails.Please advise


Hi,
I would like bit of assistance please? I'm unable to receive emails to my exchange server.

I have setup exchange server 2003 with service pack 2.
The exchange server is pointing to my local dns.
the DNS server are forwarding dns queries to my isp's DNS

I have setup HOST A record and updated the MX records and allowd ovewr 48hours for the dns to propergate.

I have setup port forwarding on my router for port 25 and it's forwarding smtp to my exchange server.

I have put the exchange server in DMZ but still cannot receive emails externalyl.Previously and NDR was generated but now no longer an ndr is generated.

Below is the steps taken

<details of DNS config removed by ReggieB - see below>


Plase advise


Last edited by ReggieB; 18th December 2007 at 08:49. Reason: IP information can be easily misused.
simond is offline  

 

Register
to remove this ad.
 
 

Old 17th December 2007   #2
Senior Member
 
Profile:
Join Date: Dec 2004
Location: USA
Posts: 209
Computer Experience:
Experienced
eannatone Reputation Level

When i try to access sending mail to your server this is the error i get.
"454 5.7.3 Client does not have permission to submit mail to this server."
Check the security setting on your virtual SMTP server.

eannatone is offline  

Did you find this post helpful? Yes | No
Old 17th December 2007   #3
Senior Member
 
Profile:
Join Date: Dec 2004
Location: USA
Posts: 209
Computer Experience:
Experienced
eannatone Reputation Level

Can you send mail internally?

eannatone is offline  

Did you find this post helpful? Yes | No
Old 17th December 2007   #4
Inactive
THREAD STARTER
 
Profile:
Join Date: Jul 2002
Location: Australia
Posts: 77
Computer Experience:
Always learning new
simond Reputation Level

Originally Posted by eannatone View Post
When i try to access sending mail to your server this is the error i get.
"454 5.7.3 Client does not have permission to submit mail to this server."
Check the security setting on your virtual SMTP server.
Hi,

I will check the virtual settings.
i had similar error. Maybe i have denied access to anonymous access .

simond is offline  

Did you find this post helpful? Yes | No
Old 17th December 2007   #5
Inactive
THREAD STARTER
 
Profile:
Join Date: Jul 2002
Location: Australia
Posts: 77
Computer Experience:
Always learning new
simond Reputation Level

Originally Posted by eannatone View Post
Can you send mail internally?
Internal no problems at all.

I will check the virtual server settings further.

simond is offline  

Did you find this post helpful? Yes | No
Old 18th December 2007   #6
Alumni
 
Profile:
Join Date: May 2004
Location: Worcs. UK
Posts: 2,786
Computer Experience:
Unabashed deviant
ReggieB Reputation LevelReggieB Reputation LevelReggieB Reputation LevelReggieB Reputation LevelReggieB Reputation LevelReggieB Reputation LevelReggieB Reputation LevelReggieB Reputation LevelReggieB Reputation LevelReggieB Reputation LevelReggieB Reputation Level

A good test is whether you can telnet into port 25 of the mail server, from outside your network. For example, if your external address is 11.11.11.11 then this command as the cmd shell should connect you into the server
Code:
telnet 11.11.11.11 25
You need to do this from a PC outside your network, as many routers (especially firewalled ones) will not act normally if you try to access a resource via its external address when you are inside the network.

What you get when you connect depends on the mail server. Sometimes there is a single greeting line of text, but sometimes you just get a blank screen. The key thing is that you don't get a failure to connect message. If you get a failure message, then there is a problem with way you are routing the traffic through to the mail server.

This test will also work internally, so you can familiarise yourself with a normal response before you try it externally. If your routing/port-forwarding is working correctly, you will get the same response internal and externally.

If you can connect via this method, then you are probably looking at a routing problem outside your network. Either you ISP DNS set up, or a routing problem on the internet. I'd suggest in this circumstance that the best way for is to discuss the problem with your ISP.

ReggieB is offline  

Did you find this post helpful? Yes | No
Old 18th December 2007   #7
Alumni
 
Profile:
Join Date: May 2004
Location: Worcs. UK
Posts: 2,786
Computer Experience:
Unabashed deviant
ReggieB Reputation LevelReggieB Reputation LevelReggieB Reputation LevelReggieB Reputation LevelReggieB Reputation LevelReggieB Reputation LevelReggieB Reputation LevelReggieB Reputation LevelReggieB Reputation LevelReggieB Reputation LevelReggieB Reputation Level

I've just had another look at the information you posted and have realised that you've posted too much information about your configuration. I was able to use the information you posted to test the connection via telnet from here. Telnet to port 25 failed. However, when I entered your address into a browser I was taken straight to an IIS "under construction" default page.

Remove the server from your DMZ

I am fairly sure that server is not properly secured and by putting it in your DMZ, you've exposed it to the internet in a way that is bypassing much of the security provided by your router/firewall. What's more your posting pointed straight at that server.

I'd recommend that you give that server a very thorough scan for malware and viruses before you proceed.

Forwarding port 25 should be all you need to do get incoming SMTP traffic to pass through your router/firewall.

My guess is that your problem with e-mail is that your server isn't listening on port 25 or that your router is port-forwarding to an incorrect internal address.

ReggieB is offline  

Did you find this post helpful? Yes | No
Old 18th December 2007   #8
Inactive
THREAD STARTER
 
Profile:
Join Date: Jul 2002
Location: Australia
Posts: 77
Computer Experience:
Always learning new
simond Reputation Level

Hi,

Thanks for the reply.

The only reason i put the machine in the DMZ for testing purposes since i wasn't receving emails internally even though i had port 25 forwarded to my exchange server i wanted to see if the issue would reoccur if the server was in the DMZ...Sounds silly to put the server in the dmz because the documentation says port 25 should be forwarded to the exchange and it should do the job but i decided to take extra step.

I use this machine for testing purpose and i'll reimage the server again.

Good News

For first time i was able to receive emails from external domains. What I done to resove the problem was enabling anonymous access under virtual server.I had disabled anonymous access


Here is the step taken


Under the properties of the SMTP Virtual Server, Access Tab, Authentication button ticked anonymous access and under the Relay button made sure have 'Only the list below" were selected and nothing in the list box below it


I have taken the server from the DMZ and tried sending emails from external domains and did not have any problems. Finally


I'm currently working on my exchange certification so this is the best way of learning..

I need a clarification please?


1) When you telent to the smtp server from external domain? Should the public ip be visable?

2) For users to access outlook web access the server needs to be a front end server? therefore it should be on the dmz?


Many Thanks as always you guys help alot.

simond is offline  

Did you find this post helpful? Yes | No
Old 18th December 2007   #9
Alumni
 
Profile:
Join Date: Jan 2002
Location: Montgomery AL
Posts: 1,947
Computer Experience:
Experienced
Scott Smith Reputation LevelScott Smith Reputation LevelScott Smith Reputation LevelScott Smith Reputation LevelScott Smith Reputation LevelScott Smith Reputation LevelScott Smith Reputation LevelScott Smith Reputation LevelScott Smith Reputation LevelScott Smith Reputation LevelScott Smith Reputation Level

Send a message via AIM to Scott Smith Send a message via MSN to Scott Smith Send a message via Yahoo to Scott Smith
If your talking about external users accessing their exchange it would go like this:

For Outlook 2003 Web access:

Forward Port 80 to Exchange box.

Enter from outside as mail.yourdomain.com/exchange

User will be promped for credentuals.

Scott Smith is offline  

Did you find this post helpful? Yes | No
Old 18th December 2007   #10
Alumni
 
Profile:
Join Date: May 2004
Location: Worcs. UK
Posts: 2,786
Computer Experience:
Unabashed deviant
ReggieB Reputation LevelReggieB Reputation LevelReggieB Reputation LevelReggieB Reputation LevelReggieB Reputation LevelReggieB Reputation LevelReggieB Reputation LevelReggieB Reputation LevelReggieB Reputation LevelReggieB Reputation LevelReggieB Reputation Level

Originally Posted by simond View Post
2) For users to access outlook web access the server needs to be a front end server? therefore it should be on the dmz?
As Scott says - port forward the ports required for the web service (80). I'm not sure if web outlook uses SSL. If it does, you will need to forward port 443 too.

However, it does depend on your DMZ.

The use of the term DMZ has been muddied in the last few years. Many cheap router define a DMZ simply as an internal address to which all requests are forwarded. That less a DMZ and more a huge hole in your firewall (or the incomplete protection provided by NAT).

Traditionally, a secure network would have two firewalls. An outer one (often little more than a router with a set of firewall rules), and an inner one (a fully fledged firewall). The space between the two firewalls was the DMZ.

In the DMZ you'd put any servers that provided services to the internet.

The idea was that servers in the DMZ would have some protection provided by the outer firewall, but were expected to be secure themselves (fully patched and limited open connections). The system was designed so as to handle these servers becoming compromised. That is, even if a hacker got control of a server in the DMZ, they would still be blocked from the main network by the inner firewall.

However, managing two firewalls was often seen as excessively complicated and expensive. Therefore, a compromise was designed. The two firewalls were collapsed into one but this single firewall had separate connections to two (or more) internal networks. One the main network. The other the DMZ. The firewall could then be configured with different less stringent rules for the DMZ than for the main network. Also traffic between the DMZ and the main network would have to pass through the firewall and therefore could also have controlling rules applied. This is the set up that most decent modern firewalls provide.

The cheap router DMZ provides none of the security or features of a proper DMZ. It is in effect a port forwarding of all services to an internal host PC. That PC then has to protect itself on all the ports that could be attacked. If it becomes compromised, the whole of your internal network is compromised because there is nothing between the compromised device and the rest of the network.

In conclusion
Therefore, if you have a proper DMZ that is separated from your main network by a firewall, then putting a dedicated mail server in the DMZ makes a lot of sense (note the word dedicated. If the server is also your file server, then putting it in a DMZ isn't such a good idea). Firewalls that provide this facility have a separate DMZ port and allow you to set rules specifically for the DMZ.

If as I suspect, you do not have a proper DMZ, using port forwarding is a far better solution. With port forwarding only the specific required ports are forwarded, thereby limiting the potential pathway to your server and making it easier to secure.

ReggieB is offline  

Did you find this post helpful? Yes | No
Old 19th December 2007   #11
Inactive
THREAD STARTER
 
Profile:
Join Date: Jul 2002
Location: Australia
Posts: 77
Computer Experience:
Always learning new
simond Reputation Level

Thanks for the info guys.
The issue is resolved

simond is offline  

Did you find this post helpful? Yes | No


 

THIS THREAD HAS EXPIRED.

Are you having the same problem? Please post a new thread, but first you'll have to join us by Registering (FREE).



Discussion Forums
Operating Systems
Windows 8 Windows 8
Windows 7 Windows 7
Windows Vista Windows Vista
Windows XP Windows XP
Windows Server System Windows Server System
Legacy Windows OS Legacy Windows OS
Internet & Networking
Networking (Hardware & Software) Networking
Internet Explorer Internet Explorer
Microsoft Mail Microsoft Mail
Firefox, Thunderbird & SeaMonkey Firefox, Thunderbird
      & SeaMonkey

Web Applications & Cloud Web Applications & Cloud
General Internet
Security
Malware and Virus Removal Malware and Virus
     Removal

Security and Privacy Security and Privacy

Other
Other PC Software Other PC Software
Test Posts Test Posts
Hardware
PC Hardware PC Hardware
Mobile Devices Mobile Devices
Community
Introductions Introductions
General Discussions General Discussions
Site Comments & Suggestions Site Comments
      & Suggestions

News News @ WindowsBBS

Thread Tools


Find us on Facebook   Web Of Trust Rating

All times are GMT. The time now is 07:30.


Recent Discussions
Running CHKDSK /R finishes with NO .. (5)
Your video card must support Shader.. (10)
Difficulty setting up "Sync&qu.. (0)
What is giveio.sys and how to get r.. (32)
Impact of defrag command on SSD? (20)
Update To Windows 8.1 Reverted MS A.. (2)
Missing apps on Programs and featur.. (5)
IE8 fails to initialize on Win XP (5)
Proxy Server on this Computer (User.. (5)
LibreOffice question. (0)
the program has stopped responding (7)
Photo Email Is Back At Picasa (1)
Overclocking my CPU advice requeste.. (11)
OUTLOOK 2013 - Not Sending or Recei.. (5)
RDP Port 3389 (2)
Latest MS patch causing BSOD (31)
SSD trim and defrag (5)
OK to change name of port for wirel.. (8)
outlook 2013 overloading with email.. (3)
Google Chrome !Aw SNAP! etc. (6)


Donate!
Support Windows BBS!



Powered by vBulletin® Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO
Copyright © 2002 - 2013 WindowsBBS.com. All rights reserved.
FDMA Media LLC
Terms of Use, Legal Information & Privacy Policy
Page generated in 0.14995 seconds with 7 queries