Hi, Towards the inbound email flow issue, I think you could use a website tool to do the Inbound SMTP test: Title: Microsoft Remote Connectivity Analyzer URL: Then please post your output result here to get further analysis. At the same time, could you please let me know whether the mail flow issue only occurred to the Exchange server? If so, I think you could use the mail flow troubleshooter to narrow down the issue. Meanwhile, you could use other mail accounts to send emails to your organization email address to verify whether you could receive the NDR message or not. The detailed NDR message is very useful to clarify the issue.
BTW, please make sure the necessary mail flow ports are opened if you have setup the firewall in front of your SBS. Regards, James James Xiong TechNet Community Support. So you are using a mixture of SMTP and POP for inbound and inbound SMTP email is not working. A couple of quick checks to do. I would start with telneting into the server on port 25 (SMTP) first while on the local domain to see that works OK.
This will test the SMTP is OK and no firewall blockage on the server. (Note on Windows 7 PC you will have to add the Telnet Client from the 'Turn Windows Features On or Off' within Programs and Features in Control Panel). If that does work OK, I would then try the same from an external PC (home?) to see if that works to make sure no problems with ISP routing or your external facing firewall.
For example, type. Hi As suggested by Rob, the first step is to check if port 25 is open. If it is open follow the following:- 1. Check the event viewer fr any related events.
Enable logging on the internet receive connector and see if the email is hitting the exchange server. Alternatively see message tracking in Exchange toolbox to find if the email did reach the exchange server. Check for the free space in the C drive, if the c drive has less space emails could have stopped because of something called 'Back Pressure'. You would also get a relevant id which is a warning if thats the case.
Please confirm if the emails are reaching the server or not, we can troubleshoot accordingly. As Rob suggested have you checked your A and MX records to make sure they are still correct? Steve wrote in message news:066c6373-0a03-4170-b680-f4fd2f3e966f@communitybridge.codeplex.com. OK, I got telnet functionality added. Telnetnet server.internaldomain.local 25: gives me 220 servername.internal domain.local MS ESMTP Mail Service ready at time and date.
Telnet mystaticip 25 gives me the following response: 220 remote.domain.com Microsoft ESMTP MAIL Service Ready at data and time now, when I telnet remote.domain.com 25 I get 500 5.3.3 unrecognized command. OK try this; On the local network remote.domain.com should resolve to the local ipaddress of the server (not the external one) - can you check this via a ping in a command prompt. If it does from the local network can you do a telnet remote.domain.com 25 please (before you used the internal name). The reason for this is I have seem some posts about Cisco firewalls and policies that could affect this.
This will rule that out if it still doesn't work. Also come back on the MX record as well. Go to pop out now on a job, so will check back later. Telnet mystaticip 25 gives me the following response: 220 remote.domain.com Microsoft ESMTP MAIL Service Ready at data and time This indicates port 25 is open.
Telnet remote.domain.com 25 I get 500 5.3.3 unrecognized command To me this indicates a problem with your syntax.although it looks correct. It would be helpful to give us the actual domain.com name. Steve wrote in message news:7f8755bc-058a-464b-bc78-3f5f1080ff71@communitybridge.codeplex.com.
My A and MX records are correct. Do the telnet responses indicate a problem? From client on local network: ping remote.domain.com / resolves to local IP address telnet remote.domain.com 25 / 220 servername.domain.local ESMTP Mail Service ready at time and date. Currently I only have a router. Port Scan: 25 and 443 are open 21 222 23 53 80 110 143 139 389 587 1352 1433 3306 3389 8080 are timing out. I am surprised to see port 80 time out. On the router the following ports are forward to the SBS server: 25 440 443 1723 4125 5223 MX record points to my IP address.
OK - IP address resolves to static-IPaddress-ISP Warning - Reverse DNS does not match SMTP Banner Supports TLS. 0 seconds - Good on Connection time Not an open relay. 5.444 seconds - Warning on Transaction time. So when you telnet remote.domain.com 25 on the local network it is OK, but from an external network if you telnet remote.domain.com 25 you get the 500 5.3.3 unrecognized command error. On the local network you are doing this from a PC and not the server itself?
Mmm - still strange. I can't as yet find anyone else where they get the 500 error straight away - they get the 220 response and then tend to get the error. The reason I was asking about your Firewall / Router is the I have seen quite a few posts along this line: 'The firewall separating the problem server from the rest of the network is a Cisco Pix Firewall. The command 'fixup protocol smtp 25' was in the configuration. After changing it to 'no fixup protocol smtp 25' everything worked fine.' Do you look after the router (what is the router btw?) or someone else. Have you power cycled the router to make sure it isn't causing issues.
Do you have a spare to try? As Compukirk said we may need your actual domain so we can test as well at some point. I am still confused as why you would get the 500 message straight away with no 220 first. You could setup Protocol Logging to see what command is causing the issue (see ) but that might be a little too early as yet.
That's up to you at this point. Come back on the router questions above and if you are happy for the actual domain name so I can check as well (it's open after all) Rob.
Hi, Towards the inbound email flow issue, I think you could use a website tool to do the Inbound SMTP test: Title: Microsoft Remote Connectivity Analyzer URL: Then please post your output result here to get further analysis. At the same time, could you please let me know whether the mail flow issue only occurred to the Exchange server? If so, I think you could use the mail flow troubleshooter to narrow down the issue. Meanwhile, you could use other mail accounts to send emails to your organization email address to verify whether you could receive the NDR message or not. The detailed NDR message is very useful to clarify the issue. BTW, please make sure the necessary mail flow ports are opened if you have setup the firewall in front of your SBS.
Regards, James James Xiong TechNet Community Support.
Hi, Towards the inbound email flow issue, I think you could use a website tool to do the Inbound SMTP test: Title: Microsoft Remote Connectivity Analyzer URL: Then please post your output result here to get further analysis. At the same time, could you please let me know whether the mail flow issue only occurred to the Exchange server?
If so, I think you could use the mail flow troubleshooter to narrow down the issue. Meanwhile, you could use other mail accounts to send emails to your organization email address to verify whether you could receive the NDR message or not.
The detailed NDR message is very useful to clarify the issue. BTW, please make sure the necessary mail flow ports are opened if you have setup the firewall in front of your SBS. Regards, James James Xiong TechNet Community Support. So you are using a mixture of SMTP and POP for inbound and inbound SMTP email is not working. A couple of quick checks to do.
I would start with telneting into the server on port 25 (SMTP) first while on the local domain to see that works OK. This will test the SMTP is OK and no firewall blockage on the server. (Note on Windows 7 PC you will have to add the Telnet Client from the 'Turn Windows Features On or Off' within Programs and Features in Control Panel).
Not Receiving Emails Outlook
If that does work OK, I would then try the same from an external PC (home?) to see if that works to make sure no problems with ISP routing or your external facing firewall. For example, type. Hi As suggested by Rob, the first step is to check if port 25 is open. If it is open follow the following:- 1. Check the event viewer fr any related events. Enable logging on the internet receive connector and see if the email is hitting the exchange server. Alternatively see message tracking in Exchange toolbox to find if the email did reach the exchange server.
Check for the free space in the C drive, if the c drive has less space emails could have stopped because of something called 'Back Pressure'. You would also get a relevant id which is a warning if thats the case.
Please confirm if the emails are reaching the server or not, we can troubleshoot accordingly. As Rob suggested have you checked your A and MX records to make sure they are still correct? Steve wrote in message news:066c6373-0a03-4170-b680-f4fd2f3e966f@communitybridge.codeplex.com. OK, I got telnet functionality added. Telnetnet server.internaldomain.local 25: gives me 220 servername.internal domain.local MS ESMTP Mail Service ready at time and date.
Telnet mystaticip 25 gives me the following response: 220 remote.domain.com Microsoft ESMTP MAIL Service Ready at data and time now, when I telnet remote.domain.com 25 I get 500 5.3.3 unrecognized command. OK try this; On the local network remote.domain.com should resolve to the local ipaddress of the server (not the external one) - can you check this via a ping in a command prompt.
If it does from the local network can you do a telnet remote.domain.com 25 please (before you used the internal name). The reason for this is I have seem some posts about Cisco firewalls and policies that could affect this. This will rule that out if it still doesn't work.
Also come back on the MX record as well. Go to pop out now on a job, so will check back later. Telnet mystaticip 25 gives me the following response: 220 remote.domain.com Microsoft ESMTP MAIL Service Ready at data and time This indicates port 25 is open.
Telnet remote.domain.com 25 I get 500 5.3.3 unrecognized command To me this indicates a problem with your syntax.although it looks correct. It would be helpful to give us the actual domain.com name. Steve wrote in message news:7f8755bc-058a-464b-bc78-3f5f1080ff71@communitybridge.codeplex.com. My A and MX records are correct. Do the telnet responses indicate a problem?
From client on local network: ping remote.domain.com / resolves to local IP address telnet remote.domain.com 25 / 220 servername.domain.local ESMTP Mail Service ready at time and date. Currently I only have a router. Port Scan: 25 and 443 are open 21 222 23 53 80 110 143 139 389 587 1352 1433 3306 3389 8080 are timing out.
I am surprised to see port 80 time out. On the router the following ports are forward to the SBS server: 25 440 443 1723 4125 5223 MX record points to my IP address. OK - IP address resolves to static-IPaddress-ISP Warning - Reverse DNS does not match SMTP Banner Supports TLS. 0 seconds - Good on Connection time Not an open relay. 5.444 seconds - Warning on Transaction time. So when you telnet remote.domain.com 25 on the local network it is OK, but from an external network if you telnet remote.domain.com 25 you get the 500 5.3.3 unrecognized command error. On the local network you are doing this from a PC and not the server itself?
Mmm - still strange. I can't as yet find anyone else where they get the 500 error straight away - they get the 220 response and then tend to get the error.
The reason I was asking about your Firewall / Router is the I have seen quite a few posts along this line: 'The firewall separating the problem server from the rest of the network is a Cisco Pix Firewall. The command 'fixup protocol smtp 25' was in the configuration. After changing it to 'no fixup protocol smtp 25' everything worked fine.' Do you look after the router (what is the router btw?) or someone else. Have you power cycled the router to make sure it isn't causing issues. Do you have a spare to try?
As Compukirk said we may need your actual domain so we can test as well at some point. I am still confused as why you would get the 500 message straight away with no 220 first. You could setup Protocol Logging to see what command is causing the issue (see ) but that might be a little too early as yet. That's up to you at this point.
Come back on the router questions above and if you are happy for the actual domain name so I can check as well (it's open after all) Rob. Hi, Towards the inbound email flow issue, I think you could use a website tool to do the Inbound SMTP test: Title: Microsoft Remote Connectivity Analyzer URL: Then please post your output result here to get further analysis. At the same time, could you please let me know whether the mail flow issue only occurred to the Exchange server? If so, I think you could use the mail flow troubleshooter to narrow down the issue. Meanwhile, you could use other mail accounts to send emails to your organization email address to verify whether you could receive the NDR message or not. The detailed NDR message is very useful to clarify the issue. BTW, please make sure the necessary mail flow ports are opened if you have setup the firewall in front of your SBS.
Regards, James James Xiong TechNet Community Support.
A new receive connector should not be nessecary. The printer is not an anonymous user if your trying to authenticate with a AD account. Why do you require the Printer to be able to POP the exchange? You mention you only require to scan documents to exchange, I would disable pop.
Create yourself a generic user called 'Scanner' for the purposes of authentication. Specify 'Domain Scanner' as the username unless there is a separate At this point I don't know if your exchange receives e-mail by SMTP externally? So also check your firewall that SMTP 25 is open (Control Panel - Windows Firewall - Allow a Program through Windows Firewall) A quick test to make sure it is not being blocked 'Telnet Servername 25' from any internal network PC. I hope this gives you something to work with.
I suspect that Mr Turner has not done much work with SBS 2008 based on several statements. Exchange does not natively support 'basic' authenication. This is different from SBS 2003 when sending from these multifunction machines was much easier. With Exchange 2007, even more of an effort was made to insure it did not become an open relay. So the default receive connector will not allow the connection. The new receive connector allows anonymous submittal from ONLY the internal IP of the scanner/fax machine and therefore it will not be an open relay. Because of the nature of SBS, the Windows Firewall (for internal connections) is open for port 25 Whether the external firewall is forwarding port 25 to allow for receipt of external mail has no effect on receiving mail from internal resources.
Cris what are you describing is SBS Internet Recieve connector, for incoming e-mail. Which all of what you just said is correct. The changes were there to stop open relay. Another receive connector is still not needed.
There is allready a default internal SBS2008 recieve connector, that will accept basic or AD authentication from any IP within the network other than the default gateway. I'm fully aware that SMTP is open by default, what I'm not doing is making the presumption that it is open as it has not been made clear yet if SMTP is used for anything else incoming at this point, internal or external. This is why I have asked for a simple telnet test of Exchange. Which will also tell me if the default SBS2008 is functioning correctly. There is also a third SMTP recieve connector, specificly for the built in POP3 connector to transfer to.
A third party POP collector would have to use the default SMTP receive connector. Please don't make assumptions about what I am and am not familiar with. It would also help if you read a comment as I was not suggesting anonymous access in any case. Thanks so much guys; after going through all the suggestions, I finally succeeded by creating a new connector. Anonymous connections to my local server IP:25 works well now but I think it opens up for spam, what do you guys think?
Another reason why I open up smtp is that apparently users in our organization 'like' using Gmail import mail option to create copies of mails, works fine now I still have a problem with certificates though.how can I completely delete one? Apparently users connecting externally use the authentic one email.domain.com (from previous sbs 2003) while internally they use remote.domain.com. Did I do something wrong? Last question; I attempted to move/migrate to another sbs2008 but failed due to hardware problems, should I be worried? Your new receive connector needs to be modified to ONLY allow mail from the specific IP of the copier scanner. Not real clear what you're doing with Gmail.
Regarding Certs.with SBS 2008 when you run the Set up my internet address wizard, unless you make changes, the self signed cert is created for remote.domainname.com If you want to use email.domainname.com then you have to run the wizard again and click on advanced when you enter the domain name and change remote to email and then finish the wizard Of course the best option is to purchase a trusted third party cert.
We use pop accounts as a backup when our server or internet connection is down. We've recently upgraded to sbs 2008. I've added our backup pop accounts via the SBS console pop conenctor. When i hit retreive now it give me an error. In the event log the error is described as: The TCP/IP connection with the 'pop sever' server was terminated while trying to access the '[email protected]' mailbox. The cause may be server problems, network problems, a long period of inactivity, a connection time limit, or incorrect connection settings. This only happens if there is a message in the account.
If the account is empty it gives no error and says completed successfully. The message can be any size and it still throws this error. It times out in under a minute. Looking at the pop verbose logs it gets as far as the downloading message stage before it times out. Ie it authenticates, checks how many messages there are and begins the download. I know it's not a firewall issue because i the relevant ports are open on the hardware filewall and the server. I can download the mail from these pop accounts when i set one up in outlook directly.
I also don't think it's a virus scanning problem as I have this problem even if i disable Symantec Endpoint Protection 11 on the server- which is what we use. Any ideas anyone? Download the network monitor from and use it to watch the connection to the POP3 server. POP3 is a simple protocol and POP3 commands are plain text. In the output from the network monitor you'll be able to see the commands sent by your server and the responses from the POP3 server. It should be easy to see exactly what the problem is. The latest version of the network monitor is a bugger to use, but the help is reasonably good and has examples.
Great tool but i'm not sure what it's telling me. I've tried it filtering only pop traffic. The sequence is similar to the pop log. The final entry in the pop sequence is actually the email text which i can read.
Just before this final entry there is a line that says: Tcp: Segment LostFlags=.AP., SrcPort=POP 3(110), DstPort=4562, PayloadLen=577, Seq= -, Ack=, Win=65535 (scale factor 0x0) = 65535 i'm guessing the segment lost is significant? – May 28 '09 at 10:11. I get a RETR 1 followed by a +OK 28214 octets (this is the size of the first message). Then it stops. In the nework monitor there's nothing more. In the pop3 connector log it shows Timeout!!! EVENT: The TCP/IP connection with the server was terminated while trying to access the mailbox.
The cause may be server problems, network problems, a long period of inactivity, a connection time limit, or incorrect connection settings. (AsyncConn ) Connection to closed. (SMTP) TX QUIT it isn't a long period though, only about a min. The messages aren't big. – May 30 '09 at 12:50. You need to do this in the exchange console: set-connector 'pop3 connector name' -ConnectionTimeout hours:minutes:seconds set-connector 'pop3 connector name' -ConnectionIdleTimeout hours:minutes:seconds This will increase the amount of time it will take before exchange assumes that the connector has become idle - even if the connector is still busy downloading mails. This is especially necessary if the server has a slow connection to the internet and/or they regularly receive large mails which might cause the connector to timeout.
This fixed my problem. I hope it fixes yours! Regards, Andrew.
Comments are closed.
|
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |