Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Can't receive email from SOME servers?

Status
Not open for further replies.
esmithbda

esmithbda

IS-IT--Management
Jun 10, 2003
304
0
0
US
In one of our affiliate offices in another city, we are seeing this problem. They have an Exchange 2003 SBS server up and running. All mail sent out from it goes out fine and servers get it fine.
But mail coming in to it is currently having issues. Many servers send them mail and it gets through just fine. But there are also relatively many (it is not just an isolated problem) who can't send e-mail.

The ones that we can't receive from don't get any error messages and so far haven't gotten time-out messages either. If the admin on our side up there looks in the Exchange 2003 connections, they can see the server trying to connect to them - they can freeze and force the connection, but the message doesn't get through.

Our server there does not do SPF checks and it is not doing DNS reverse lookups on incoming mail.

I can telnet to port 25 on it from various servers that I have access to and that is fine, and I can send mail through fine as well.

One of the example servers that can't talk to us is an Ernst and Young one - so it isn't exactly a mom and pop sort of thing who is having problems.

I have NEVER seen this issue before, so I have no clue how to resolve it. The manager up there is deciding that yelling at me is currently the best way to resolve it, which is nice.

Can you please offer possible things to check as to what might allow some messages to get through, but not others (the anti-virus is not blocking the messages, we watched that - nor is the anti-spam software, also checked - and the IT person up there can see the servers connected, just no mail ever comes in)

I'm baffled personally.
 
Sort by date Sort by votes
If you can see the mails coming in you can rule out most common probs like DNS and MX records.

Any form of whitelist / blacklist?
Authentication set to anonymous?
 
Upvote 0 Downvote
Zelandakh:
We can see mail coming in from some servers. Works totally fine (I would even say "most" servers - but "most" doesn't matter if there are some important clients not getting through).
The IT person there says he can see the machines connecting in the queue for incoming mail - but I think what he means is the "Current Sessions" under the default SMTP virtual server since I don't know of a way to see incoming servers in the regular queue (maybe I just missed something and just don't know how to do that?).

So yeah, the DNS/MX records appear to be fine. I can telnet to port 25 of the server and go through everything that way - you can't do that when the DNS/MX records aren't working.

This is an SBS server that was just installed 2 days ago and has all of the default settings out of the box - no whitelist/blacklist, it doesn't do DNS reverse lookups on incoming mail, and it is not doing anything with SPF.

When I last spoke to the IT person, he said Authentication was set to anonymous, but I didn't make him walk through the menus with me to double-check that.
Perhaps that is it - but were that not set - wouldn't that block all external e-mail and not just some of it?
 
Upvote 0 Downvote
By default SBS 2003 allows anonymous. Probably a red herring.

OK, telnet to the SBS box on port 25 and manually send an email using as many details as you can from Ernst and Young including a valid email addy. See if you get any kind of error.

If you don't know how, use
 
Upvote 0 Downvote
Would you mind giving me a test email address with the FQDN of your email server? I could do some basic tests for you. If I had to guess, you may have some sort of anti-virus/anti-spam application running which is quarantining the email from those "problem" domains.
 
Upvote 0 Downvote
jeffwadsworth:
This affiliate office currently only has one user in AD, so the only e-mail I could give you is his, and he won't know what is going on.
It is another domain than ours and we don't have the trust relationship yet, so I can't just go in and create one for you.

As for anti-virus/anti-spam - this is a machine straight out of the box with nothing on it but a fresh install of SBS with EX2003.
There is no AV and no spam blocking on it, and they don't use any external service to do it.

Whether or not Ernst and Young uses something, I don't know - but I have never heard of a spam software blocking something on the way out to a domain if it is a legit user on the inside (meaning that it was getting blocked on their side).

 
Upvote 0 Downvote
Okay, finally got a some closure here.
We got in touch with the group that does the IT for the E&Y office which we were having the issues with. They scanned the errors that they were getting and came back with a "TLS Handshake Failed 4.7.0".

That finally got us somewhere since previously we saw no errors, just the problems. It also explains why the servers were connecting to us successfully, but never sending the mail.

The most obvious thing to do is to check that only "Anonymous" is checked in the Virtual Server | Properties | Access | Authentication.

In our case - we did have that and TLS was not checked.

So that left the other common problem which is frequent on SBS servers, which is what this is running. The issue shows up after some patch (Ex2k3 sp1?) which then gets more strict about this.
If you have a certificate on the machine, then it overrides anything else that is set and assumes you want to enable TLS.
(note this problem also shows up when you try to put a cert on a machine that is running Exchange and you want it to also run OWA - by default it assumes OWA is only on a Front End server and therefore again will assume TLS regardless of the settings)

The easiest option is to remove the certificate if you don't need it. If you do need it, then you need to fool around a bit to make an HTTP virtual server that represents the front end then point back to the same phsyical hardware's virtual SMTP.
We did that when we first put in Ex2003 here (or rather one of our IT consultants did), but in the case of our SBS machine, we just dropped the certificate since we don't use OWA on it and don't need SSL/TLS.

Here are two pages which discuss this a bit:
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Brent Fletcher
  • Locked
  • Question
Exchange rule to remove "✉" icon when it appears in a subject title from a supplier
Replies
0
Views
1K
Brent Fletcher
Brent Fletcher
sreejay2211
  • Locked
  • Question
email issue
Replies
0
Views
1K
sreejay2211
sreejay2211
david jackson
  • Locked
  • Question
Extract only the subject and recipients from a mailbox
Replies
0
Views
983
david jackson
david jackson
Trevor Gryffyn
  • Locked
  • Question
Removed Accepted Domain, now can't email that (now external) domain
Replies
2
Views
146
AdrianGates
AdrianGates
IcarusHallsorts
  • Locked
  • Question
VBA to create output file of headers of selected emails
Replies
0
Views
1K
IcarusHallsorts
IcarusHallsorts

Part and Inventory Search

Sponsor

Back
Top