Another "SMTP in SBS 2003" issue

admin note: split from the Setting up SMTP in SBS 2003 thread.

I've just signed up after seeing this message which appears to mirror some trouble I'm having and I can see their are some fairly talented folks in this "Knowledge Group ".

I'm following up behind another tech that installed 2003 SBS for a client without any concern for the Exchange settings (wasn't a requirement at the time). Now they want to whole setup and he was having trouble with the server sending out e-mail. I've setup an additional server at the office to mirror theirs but my systems is sending and recieving just fine.

I believe our error lies with the ISP that is still hosting the mailboxes until we can resolve this issue. The ISP hasn't yet redirected the MX record to our Firewall device.

I've tried adding the DNS for the ISP (207.254.192.2 and 192.3) in several locations (such as Virtual SMTP, DNS Forward Lookup, Local NIC) but to no avail.

Someone mentioned ETRN settings and I'm thinking that is the correct path to explore. Could someone give me some more details? Most of my experience is with Exchange 5.5 pre 2003 server but I'm catching up fast!

Thanks in Advance!

 

Oxford81 - welcome to the forum. I think your issue will get better attention as a new thread all to itself.

 

Additional Info:

The following message is displayed the Exchange System Manager screen under the "queue" area after a message has attempted to send out and failed:

-- Remote SMTP service does not support TLS

 

I don't use Exchange at the moment and have only used versions 5, and 5.5 2000 in the past. So cannot tell you which setting is wrong.

However, I can start by telling you some things that will not be causing the problem.

These things only effect incoming e-mail. As you have a problem sending mail, they will not be the cause of your problem:

• It will not be a problem with your MX record. The MX record is used by remote systems that are sending you e-mail (so they know which IP address to send the e-mail to).
• ETRN is used to trigger a remote mail server to send you mail. It is used in situations where your incoming email is held at your ISP's e-mail server while you are off-line (used a lot before broadband ... it seems so long ago ). When you come back on line you send an ETRN message to the ISP server to tell it you are ready to receive the e-mails it has stored.
• It is unlikely to be a firewall problem. When sending an e-mail your server acts as the client to the remote server it is sending the e-mail to. It therefore sends the message from a port greater that 1024, and these ports are usually left unblocked for outgoing traffic.

The problem may be with the ISP. However, with exchange it is easy to bypass the ISP when sending. If you configure the server to send e-mails directly (rather than forwarding them to your ISP's mail server) your mail server will send the message directly to the recepient's e-mail server. So if you were to send an e-mail to me@my.com Exchange will send the e-mail directly to the my.com mail server, rather than forwarding it to the ISP's mail server for that server to pass it on to the my.com server.

The error message suggests to me that in trying to fix the out going mail problem, you accidently configured something that should have been left blank.

I would suggest.

1. Uninstall Exchange (to get rid of any problematic settings). Unfortunately the success of this will depend on how good the uninstall program is. If it is good, uninstalling and reinstalling will put a fresh install on. However, too many bits of software "remember" their old settings (telling you not all the setup files or registry keys were removed during the uninstall). If there is a better way of setting you back to the first stage, hopefully someone will post it here.
2. Make sure your DNS service is working. Make sure you can ping www.windowsbbs.com from the Exchange server. Do a NSLOOKUP www.windowsbbs.com and make sure it is your server that responds.
3. Then install Exchange again.
4. Go through the steps to set up Exchange, making a note of the settings you make and try again.

I am sure you have at least two things wrong with the server. A TLS authentication setting that is wrong, and an underlying problem sending messages. I think it will be difficult to fix one while the other problem is there (you won't know when you have made one problem right because the other will still be wrong and prevent you sending mail). That is why I suggest removing Exchange and starting again.

However, I may be wrong. If you can, I would recommend waiting a day or two and seeing if anyone comes up with a better solution first.

 

Hi,

I want to clarify... you cant receive email or you cant send email or both?

If your ISP still has the MX record and a dequeue method (like etrn) has not been established between your org and the ISP, then you won't be able to receive mail. If you wanted to test your server's ability to receive before you cut the "public" mx record over, you can always setup a test exchange server in a separate Active Directory Forest, separate Exchange org and create a dummy dns zone with your real organization's mx record pointing to your external interface of your firewall. you can then test to ensure that mail is able to be received. Regardless of your MX record, if things are configured correctly within Exchange and with your firewall you should be able to *send* external email.

Exchange can use a smarthost or DNS to deliver email. with a smarthost, you put the IP address of your ISP's SMTP server and your server will forward all of it's out going email through it. You will need your ISP's permission for this to work. With DNS, your Exchange server will utilize DNS to locate the MX record for the receiving domain and it will establish the smtp connection and process the delivery of the outgoing messages itself.

Please let me know how I can further clarify.

 

I've come across another problem in the last few days that may be relevant:

I worked out that it was not the e-mail software at fault by using Telnet. If everything is working properly you should be able to connect to your ISP's mail server from your mail server by using the command:

telnet <ISP mail server's address> 25

e.g. telnet mail.AnISP.net 25

Check your telnet program, (telnet /?) as some systems require a colon between the address and the port number). In XP its a space between the address and the port number.

If you get a connection, but cannot send e-mails, the problem is probably something wrong with your e-mail server configuration. If you cannot connect with telnet (try another ISP to check) then the problem is more likely to be network related - a firewall problem for example.

And the problem I fixed:

By default McAfee Enterprise VirusScan version 8 blocks port 25 connections. In most circumstances this is good as it prevents the system being used as a Spam relay. But for a mail server, it will prevent mail being sent. The error message was pretty obscure (Winsock error 10053 at the MDaemon server. Exchange may give you a different error). If you are runnig this AV, you'll need to switch off the "Prevent Mass Mailing worms from sending mail" in the Access Protection Policy (either at the client, or in a centrally managed system within ePO). The port blocking only comes into effect on the next reboot after installing the Anti-Virus software. So if you didn't reboot at install, the problem can manefest some time after the install.

 

Yo Oxford81 - you still out there? How are things with your problem?