Exchange 2003 Server Can't Receive External Emails

[ykh]

We can send, receive internal emails fine. We can also send external emails but not receive external emails.

I ran the test on dnsreport.com and this is the error message:

ERROR: One or more of your mailservers does not accept mail to
postmaster@caslservice.org. Mailservers are required (RFC822 6.3, RFC1123
5.2.7, and RFC2821 4.5.1) to accept mail to postmaster.

mail.caslservice.org's postmaster response:
>>> RCPT TO:<postmaster@caslservice.org>
<<< 550 5.7.1 Unable to relay for postmaster@caslservice.org

The error message in bounced email:
Message from yahoo.com.
Unable to deliver message to the following address(es).

<itsupport@caslservice.org>:
68.251.210.65 does not like recipient.
Remote host said: 550 5.7.1 Unable to relay for
itsupport@caslservice.org
Giving up on 68.251.210.65.

I also turned on the logging in Exchange and got this error message:

Source: MSExchnageTransport
Category: SMTP Protocol
Event ID: 7010

This is an SMTP protocol log for virtual server ID 1, connection #4. The
client at "206.190.37.141" sent a "rcpt" command, and the SMTP server
responded with "550 5.7.1 Unable to relay for david_li@caslservice.org ".
The full command sent was "rcpt TO:<david_li@caslservice.org>". This will
probably cause the connection to fail.

I personally think it has something to do with the recipient policy or smtp. I checked the default recipient policy, it looks ok.

Please help as I really don't know what's wrong with it.

Thanks!

 

[Marcs41]

See thread955-963090
Also: try with telnet first to see if your port 25 is open and correctly forwarded.

Marc [santa2]
[sub]If 'something' 'somewhere' gives 'some' error, expect random guesses or no replies at all.
Free Tip: The F1 Key does NOT destroy your PC![/sub]
Don't forget to shop @

http://www.cafepress.com/tektips

for Christmas!

 

[ykh]

Marc,

Thanks for your prompt reply. I did telnet and it got in fine. But when I tried to RCPT TO user@caslservice.org, it said it's unable to relay.

550 5.7.1 Unable to relay for user@caslservice.org

KH

 

[Marcs41]

That is cannot realy is fine, but you should be able to send to yourself, from yourself.

Regarding Event 7010:

http://support.microsoft.com/default.aspx?scid=kb;en-us;843106

Marc [santa2]
[sub]If 'something' 'somewhere' gives 'some' error, expect random guesses or no replies at all.
Free Tip: The F1 Key does NOT destroy your PC![/sub]
Don't forget to shop @

http://www.cafepress.com/tektips

for Christmas!

 

[ykh]

Marc,

Yea, I've come across that MS article before, it didn't help.

What do you mean by "but you should be able to send to yourself, from yourself."?

On a side note, I upgraded our symantec antivirus corp ed from 8.0 to 9.0 last Thursday. This might screw up the exchange too

Thanks,
KH

 

[Marcs41]

Aaaaaaahh you got Norton in the house ...
Disable it and try again!

If it works then, disable, restart services, and enable.
You better hope it works afterwards, because there are more problems with that then anything else.

Marc [santa2]
[sub]If 'something' 'somewhere' gives 'some' error, expect random guesses or no replies at all.
Free Tip: The F1 Key does NOT destroy your PC![/sub]
Don't forget to shop @

http://www.cafepress.com/tektips

for Christmas!

 

[ykh]

Marc,

I've unistalled the norton and restarted the server. We still can't receive any external emails. Any suggestions? I better get this working today

Thanks,
KH

 

[Marcs41]

All I can suggest from here is to check your event logs while testing. Also firewall and/or router logs.

Clear them before running tests to get a clear view.
Post any anomalies you find.
Sorry that I cannot help more, but certain things need to be 'seen' to analyze...
If you get really stuck, get someone in.

Marc [santa2]
[sub]If 'something' 'somewhere' gives 'some' error, expect random guesses or no replies at all.
Free Tip: The F1 Key does NOT destroy your PC![/sub]
Don't forget to shop @

http://www.cafepress.com/tektips

for Christmas!

 

[ykh]

Marc,

Thanks for your suggestions. I changed the relay setting in default virtual SMTP server according to this thread by robbyb:

http://www.tek-tips.com/viewthread.cfm?qid=491257

DO THIS in ESM, navigate down from your Exchange server to the Default Virtual SMTP Server, right-click and then click Properties.

Click the Access tab, click Relay, and then click All except the list below. Make sure that the "Allow all computers which successfully authenticate..blah, blah.." is selected.

Click OK, and then click Authentication.
Click to select the Anonymous access check box.
Click OK two times.

You might need to restart the Default SMTP Virtual Server if you have had to change anything.

If you didn't need to change anything, then perhaps we need to check that Exchange is happy to receive mail addressed to mydomain.com.


And it works for now(external emails can come in), but this leads to the open relay issue.

We are a non profit org, the management always hesitates to spend more money, so having someone to come in or call MS for support is barely an option.

Thanks again,
KH

 

[Marcs41]

No, you have it as it should be, you are not open realy (yet).
If you want more certainty, you can add your LAN to the allowed List
If you do NOT have the Anonymous on and Allow all computers which successfully authenticate, you will not receive e-mail.

Basically, we were close, I just assumed you set it up correctly.

Marc [santa2]
[sub]If 'something' 'somewhere' gives 'some' error, expect random guesses or no replies at all.
Free Tip: The F1 Key does NOT destroy your PC![/sub]
Don't forget to shop @

http://www.cafepress.com/tektips

for Christmas!