Hi, One of the vendors of our company is not able to send the mails to us. When he tries to use smtpdiag tool to check the problem he is getting the error -- Connecting to the server failed. Error: 10060 Now i am able to receive the mails from all the mail servers except his. I tried to add his domain to bypassedsenderdomain but still I am not able to receive the mails. Is this problem related to his mail server or my own mail server. He is able to send and receive mails to other mail servers as well. How can I solve this problem. Thanks.

Are you able to send email to his domain? Have you registered your domain for RBL listing? Have him submit email to your domain using telnet session see below KB http://support.microsoft.com/kb/153119 If your Server donot even open the banner for him or rejects that means either your Firewall/Antispam/Antivirus is not accepting his connection. You need to ask him to check his domain for any kind of blacklisting http://www.mxtoolbox.com/blacklists.aspx Last but not least you need to add his domain or ip in your Firewall/Antispam/Antivirus whitelist Vinod |CCNA|MCSE 2003 +Messaging|MCTS|ITIL V3|

Hi, Vinod I tried to add the mail server ip of that domain to ip allow list and also added that particular domain to bypassedsenderdomain lists in my anti-spam filters but still the problem is there. I am using forefront for anti-virus scanning and I am not able to find any mails blocked for that particular domain. Please help. Thanks.

Is he getting any kind of NDR message from your side? Did also whitelisted him on FSE and ht Server? just in case did you restsrted Transport Service after adding him to whitelist on HT?Vinod |CCNA|MCSE 2003 +Messaging|MCTS|ITIL V3|

Hi, I am still waiting for the NDR from there side. Meanwhile I have restarted the transport service on my edge servers. As far as whitelisting is concerned on HT and FSE. How can i do that. As i checked HT and found no option for whitelisting there. Also can you please update me what logs will be relevant in this scenario to check. I check my transport logs on edge server but found no traces of mails from that particular domain being bounced back due to content filter restrictions or ip blacklist. Thanks.

So you also use Edge? did you perform the Edge Synchronization between ET and HT? you need to first start looking @ FSE becoz that is where your internet emails are going to hit See below also Description of the scan order in Antigen 8.0, in Antigen 9.0, and in and Forefront Security for Exchange Server Exchange 2007 Content FIlter: The Whitelist Is Here! Vinod |CCNA|MCSE 2003 +Messaging|MCTS|ITIL V3|

Hi, Actually I did the same and used the following command --> Set-ContentFilterConfig -BypassedSenderDomains "test.com", "test2.com" Is it made any difference if i use space between test.com and test2.com ? Thanks.

Yes that is perfect. Set-ContentFilterConfig -BypassedSenderDomains "microsoft.com","zenprise.com","somedomain.com"Vinod |CCNA|MCSE 2003 +Messaging|MCTS|ITIL V3|

Hi, I talked to there mail server administrator and he said that he is not able to telnet to our mail server. I have already whitelisted his ip and according to my theory I dont think that our mail server is rejecting there mail server connection. What should i do. Thanks.

On Thu, 8-Oct-09 07:01:03 GMT, Dec0der wrote:>I talked to there mail server administrator and he said that he is not able to telnet to our mail server. I have already whitelisted his ip and according to my theory I dont think that our mail server is rejecting there mail server connection. >>What should i do.Can the other admin use traceroute (windows 'tracert') to your IPaddress? Does it work?It may be that there's an asymetric route between the two comapniess because of that.---Rich MatheisenMCSE+I, Exchange MVP--- Rich Matheisen MCSE+I, Exchange MVP

Hi Dec0der, From your description: i am able to receive the mails from all the mail servers except his. He is able to send and receive mails to other mail servers as well Since they even aren't able to telnet your mail server, seems there is a network issue between your server and their server. Please double check your Firewall settings, if the issue persists. I suggest you write a post on the network forum to fix this issue first. After they can telnet your server port 25, the issue should be resolved. Thanks, Elvis

Hi, Elvis and Rich thanks for your valuable suggestion. I have already troubleshooted the problem by asking there admin to tracert our mail server. I found that they are not able to reach our network through tracert and there lies the problem. I was somehow late in updating the post. You both were also correct regarding the issue. Thanks for all of your suggestions. Thanks.

Hi,Elvis and Rich now again the ball is in my court. Actually now routing problem is not there. But still they are not able to telnet to our server. We tried to monitor the logs of our pix firewall and we can see that they are hitting our pix firewall without any problem. Our pix firewall has no restriction for outside world on port 25. Still they are not able to connect.Please update me which logs should i search so that i can check why they are not able to telnet to my server. One intresting find is that when capturing the session packets I am seeing sync failure packets.Looking forward for your valuable suggestions.Thanks.

On Fri, 9-Oct-09 12:13:13 GMT, Dec0der wrote:>Hi,>>Elvis and Rich now again the ball is in my court. Actually now routing problem is not there. But still they are not able to telnet to our server. We tried to monitor the logs of our pix firewall and we can see that they are hitting our pix firewall without any problem. Our pix firewall has no restriction for outside world on port 25. Still they are not able to connect.>to my server. One intresting find is that when capturing the session packets I am seeing sync failure packets.If you have the protocol logging level on the receive connector set to"verbose", check the "C:\Program Files\Microsoft\ExchangeServer\TransportRoles\Logs\ProtocolLog\SmtpReceive" directory.You can also try using a network monitor such as WireShark or NetMonif you con't see any connections from their IP address in your logfiles.Do they have any information to share with you from their log files?Are the messages delivered to your server and your server accepts themwith a 250 status code?Are the messages quarantined or dropped by your anti-spam oranti-virus applications?---Rich MatheisenMCSE+I, Exchange MVP--- Rich Matheisen MCSE+I, Exchange MVP

Hi, Rich thanks. Actually I have enabled logging on receive connector and found that no logs are being generated there. I mean they are not even able to telnet my server and get the welcome message back. And thats why there are no logs there in my receive connectors. I just want to know whether its network problem or my server. On server I have no firewall configured. Only Forefront for exchange is installed as an anti-spam solution. I think that if its server problem at least welcome banner should be provided to the client. But he is not able to get the welcome banner. Thanks.

On Sat, 10-Oct-09 06:09:50 GMT, Dec0der wrote:>Rich thanks. Actually I have enabled logging on receive connector and found that no logs are being generated there. I mean they are not even able to telnet my server and get the welcome message back. And thats why there are no logs there in my receive connectors. No logs at all??? That's not right. Check if the logging's reallyenabled:Get-ReceiveConnector |ft name,ProtocolLoggingLevelMake sure you're looking in the right directory, too. Have you movedsportRoles directory to another location?>I just want to know whether its network problem or my server. On server I have no firewall configured. Only Forefront for exchange is installed as an anti-spam solution. I think that if its server problem at least welcome banner should be provided to the client. But he is not able to get the welcome banner.Well, then it's time for a network monitor. WireShark or NetMon bothwork well (I prefer WireShark, but that's just me). Just set thecapture filter to watch port 25 and see if there are any connectionsfrom the IP address of the other server. Don't collect data inpromiscuous mode until you know that the connection isn't arriving atyour server. If it's not, check the firewall log files to see if theconnections being handled correctly. If everything look to be in orderyou can install the network monitor software on another machine, setit to collect in promiscuous mode, and hook it up to a port on yourets to that port inaddition to the one for the target MAC address. The connection's gottabe going somewhere!---Rich MatheisenMCSE+I, Exchange MVP--- Rich Matheisen MCSE+I, Exchange MVP

Hi Dec0der, Please follow Rich's suggestions to troubleshoot the issue. At the current stage, it's not an Exchange Server issue, but a network connection issue...If the issue persists, I suggest you put the questions on the network forum as I mentioned before. Thanks, Elvis

Hi, Yes you are correct. Actually I asked for the tracert result from his side and get 2 results for 2 different ips and both the results shows blockage in the midway i.e at ISP routers. I have submitted my case to our ISP provider and he is trying to figure it out why its happening. This problem comes after BGP implementation at our ISP end and thats why i am sure that it is network problem. Thanks for all the help.