Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Can receive, but can't send! Messages stuck in queue.

Status
Not open for further replies.
mingtmak

mingtmak

Technical User
Apr 5, 2006
101
CA
I am currently migrating from a linux mail server to an Exchange 2003 server.
- Linux mail server sits within the DMZ
- Exchange server (Windows 2000 Advanced Server) sits behind the firewall within the network.

I've been able to receive emails on Exchange but cannot send out using DNS. Mails simply sit in the queue.
I can send mail using the Linux box as a smart host without issue. (would prefer not to use it this way).

I've tried the SMTPDIAG tool from MS, everything passes until I get:
"Connecting to cluster4.us.messagelabs.com [216.82.254.195] on port 25.
Connecting to the server failed. Error: 10060
Failed to submit mail to cluster4.us.messagelabs.com."

I can telnet into an external mail server and send a message from another network, but I can't establish a connection from inside the network to that same mail server.

The firewall being used is an IPTables firewall. There are no restrictions on outgoing traffic, incoming port 25 is allowing traffic through.

Is there another protocol/port required to be open to establish a connection?
Any help would be appreciated. Thanks in advance!

- Jon
 
Sort by date Sort by votes
So, what happens when you use: cluster4.us.messagelabs.com as the smarthost rather than the Linux box or DNS. Obviously only a test but you need to tell us what happened when you tried it.
 
Upvote 0 Downvote
Same thing. Though, messagelabs is a email filter service, so I expect it would not allow relaying of email.



- Jon
 
Upvote 0 Downvote
MessageLabs have a record of your IP address, and only allow know IP addresses to send email to them. You need to give them the public IP address of your new Exchange server - you can use ClientNet to update this, or ring them up.

 
Upvote 0 Downvote
messagelabs is the destination mail server (of the test destination email), not the mail relaying. (which I don't want to use). I just want to use straight DNS to send email from the exchange server and not a smarthost.

There may be some confusion, here's the smtpdiag output (I've edited out some of the details):

C:\Documents and Settings\Administrator.<localdomain>\Desktop\SMTPDiag\SmtpDiag>s
mtpdiag <local mailbox> <destination mailbox> /v

Searching for Exchange external DNS settings.
Computer name is SRV-PLS01.
VSI 1 has the following external DNS servers:
There are no external DNS servers configured.

Checking SOA for <destinationdomain>.com.
Checking external DNS servers.
Checking internal DNS servers.

Checking TCP/UDP SOA serial number using DNS server [192.168.90.99].
TCP test succeeded.
UDP test failed.
Serial number: 15

Checking TCP/UDP SOA serial number using DNS server [127.0.0.1].
TCP test succeeded.
UDP test failed.
Serial number: 15
SOA serial number match: Passed.

Checking local domain records.
Starting TCP and UDP DNS queries for the local domain. This test will try to
validate that DNS is set up correctly for inbound mail. This test can fail for
3 reasons.
1) Local domain is not set up in DNS. Inbound mail cannot be routed to
local mailboxes.
2) Firewall blocks TCP/UDP DNS queries. This will not affect inbound mail,
but will affect outbound mail.
3) Internal DNS is unaware of external DNS settings. This is a valid
configuration for certain topologies.
Checking MX records using TCP: <localdomain>.com.
A: <localdomain>.com [192.168.90.154]
A: <localdomain>.com [192.168.90.99]
A: <localdomain>.com [192.168.90.100]
Checking MX records using UDP: <localdomain>.com.
A: <localdomain>.com [192.168.90.99]
A: <localdomain>.com [192.168.90.154]
A: <localdomain>.com [192.168.90.100]
Both TCP and UDP queries succeeded. Local DNS test passed.

Checking remote domain records.
Starting TCP and UDP DNS queries for the remote domain. This test will try to
validate that DNS is set up correctly for outbound mail. This test can fail for
3 reasons.
1) Firewall blocks TCP/UDP queries which will block outbound mail. Windows
2000/NT Server requires TCP DNS queries. Windows Server 2003 will use UDP
queries first, then fall back to TCP queries.
2) Internal DNS does not know how to query external domains. You must
either use an external DNS server or configure DNS server to query external
domains.
3) Remote domain does not exist. Failure is expected.
Checking MX records using TCP: <destinationdomain>.com.
MX: cluster4.us.messagelabs.com (10)
MX: cluster4a.us.messagelabs.com (20)
Checking MX records using UDP: <destinationdomain>.com.
MX: cluster4.us.messagelabs.com (10)
MX: cluster4a.us.messagelabs.com (20)
A: cluster4a.us.messagelabs.com [216.82.248.45]
A: cluster4a.us.messagelabs.com [216.82.249.179]
A: cluster4a.us.messagelabs.com [216.82.254.211]
A: cluster4a.us.messagelabs.com [216.82.248.44]
Both TCP and UDP queries succeeded. Remote DNS test passed.
A: cluster4.us.messagelabs.com [216.82.253.243]
A: cluster4.us.messagelabs.com [216.82.254.195]
A: cluster4.us.messagelabs.com [216.82.254.211]
A: cluster4.us.messagelabs.com [216.82.249.179]
A: cluster4.us.messagelabs.com [216.82.240.99]
A: cluster4.us.messagelabs.com [216.82.250.19]
A: cluster4.us.messagelabs.com [216.82.250.163]

Checking MX servers listed for user@<destinationdomain>.com.
Connecting to cluster4.us.messagelabs.com [216.82.250.163] on port 25.
Connecting to the server failed. Error: 10060
Failed to submit mail to cluster4.us.messagelabs.com.
Connecting to cluster4.us.messagelabs.com [216.82.250.19] on port 25.
Connecting to the server failed. Error: 10060
Failed to submit mail to cluster4.us.messagelabs.com.
Connecting to cluster4.us.messagelabs.com [216.82.240.99] on port 25.
Connecting to the server failed. Error: 10060
Failed to submit mail to cluster4.us.messagelabs.com.
Connecting to cluster4.us.messagelabs.com [216.82.249.179] on port 25.
Connecting to the server failed. Error: 10060
Failed to submit mail to cluster4.us.messagelabs.com.
Connecting to cluster4.us.messagelabs.com [216.82.254.211] on port 25.
Connecting to the server failed. Error: 10060
Failed to submit mail to cluster4.us.messagelabs.com.
Connecting to cluster4.us.messagelabs.com [216.82.254.195] on port 25.
Connecting to the server failed. Error: 10060
Failed to submit mail to cluster4.us.messagelabs.com.
Connecting to cluster4.us.messagelabs.com [216.82.253.243] on port 25.
Connecting to the server failed. Error: 10060
Failed to submit mail to cluster4.us.messagelabs.com.

So as you can see, it keeps trying the different IPs associated with the destination domain. I should be getting a ehlo/helo response after. I'm going to go over the firewall again with a fine tooth comb.

thanks for your attention on this.

- Jon
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

PoorMens_Bravo
  • Locked
  • Question
452 4.3.1 Insufficient system resources (UsedVersionBuckets[F:\Exchsrvr\TransportRoles\data\Queue\ma
Replies
1
Views
2K
sircles
sircles
T
  • Locked
  • Question
How to use third party mail security gateway to scan internal/inter-domain mails in Exchange On-Premise?
Replies
3
Views
2K
DrB0b
DrB0b
microsGuy16
  • Locked
  • Question
Global Address List Names not showing in Outlook OWA 365
Replies
0
Views
2K
microsGuy16
microsGuy16
DrB0b
  • Locked
  • Question
Moved to 365 in cloud, cannot get iPhones default mail app to connect
Replies
2
Views
2K
Priyanka_Chauhan
Priyanka_Chauhan
Brent Fletcher
  • Locked
  • Question
Exchange rule to remove &quot;✉&quot; icon when it appears in a subject title from a supplier
Replies
0
Views
2K
Brent Fletcher
Brent Fletcher

Part and Inventory Search

Sponsor

Back
Top