We are in the proces of migrating from a exchange 2003 server to exchange 2007. everything was working fine then the exchange 2003 server went down. we removed the server from the domain and believe we have the exchange 2007 server configured correctly to recieve mail. but the server will not receive email. if I run telnet servername.domainname 25 I get a the correct response but when I do the same test just to the domain name it fails telnet domainname 25 times out so I believe this is my problem with recieving mail but I can not figure out how to resolve this issue. I have a valid mx record in my dns and forward and reverse lookup zones are all configured and double checked to make sure that the records are as they should be. I ran best practicese on the exchange 2007 and it does not come up with any errors. I have 2 domain controllers running 2003 32 bit and are both dns servers 1 exchange server running server 2003 64 bit and exchange 2007 Any suggestions on what to check ?

Please go to https://testexchangeconnectivity.com and do an inbound mail flow test and post the results.James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com

Testing inbound SMTP mail flow for domain person@comapny.com. Inbound SMTP mail flow was verified successfully. Test Steps Attempting to retrieve DNS MX records for domain company.com. One or more MX records were successfully retrieved from DNS. Additional Details MX Records Host Server.company.com, Preference 10 Testing Mail Exchanger Server.company.com . This Mail Exchanger was tested successfully. Test Steps Attempting to resolve the host name Server.company.com in DNS. The host name resolved successfully. Additional Details IP addresses returned: 100.100.100.100 Testing TCP port 25 on host Server.company.com to ensure it's listening and open. The port was opened successfully. Additional Details Banner received: 220 Server.company.com Microsoft ESMTP MAIL Service ready at Tue, 15 Feb 2011 20:43:09 -0500 Attempting to send a test e-mail message to person@company.com using MX Server.company.com. The test message was delivered successfully. Testing the MX essex.dsa-nwk.rutgers.edu for open relay by trying to relay to user Admin@TestExchangeConnectivity.com. The Open Relay test passed. This mx isn't an open relay. Additional Details The open relay test message delivery failed, which is a good thing. The exception detail: Exception details: Message: Mailbox unavailable. The server response was: 5.7.1 Unable to relay Type: System.Net.Mail.SmtpFailedRecipientException Stack trace: at System.Net.Mail.SmtpTransport.SendMail(MailAddress sender, MailAddressCollection recipients, String deliveryNotify, SmtpFailedRecipientException& exception) at System.Net.Mail.SmtpClient.Send(MailMessage message) at Microsoft.Exchange.Tools.ExRca.Tests.SmtpOpenRelayTest.PerformTestReally()

Looks good, so you didn't get the test email from Admin@TestExchangeConnectivity.com to your mailbox?James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com

the problem comes I believe when servers are doing a revierse dns check on my domain and they do not get a response if the check is not done then the mail gos through.

Ahh I see, go to http://www.mxtoolbox.com/ReverseLookup.aspx and enter your domain.James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com

I get a reverse dns failed error and I also get Warning - Reverse DNS does not match SMTP Banner I double check my reverse dns and I have a valid prt record with the correct ip

If you go to http://www.mxtoolbox.com/ enter your domain and do mx lookup, smtp test link, reverse lookup link. You should get response like below. Are you getting failed? OK - x.x.x.x resolves to smtp.company.com OK - Reverse DNS matches SMTP Banner 0 seconds - Good on Connection time Not an open relay. 0.250 seconds - Good on Transaction time James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com

ok I did this 2 times and both of my dns servers answered the mx lookup (one each time) but when a ran the smtp diag I got Timeout occurred due to inactivity. 2/15/2011 8:35:06 PM Connection attempt #1 - Timeout occurred due to inactivity. [16.22 sec]

Don't worry about that, it seems your ptr record is incorrect if you're getting the Reverse DNS does not match SMTP Banner. Please double check that your external mail IP has a reverse ptr record. From a computer outside your network do: nslookup -type=ptr MyExternalMailIP Server: cdns2.cox.net Address: 68.105.28.12 Non-authoritative answer: x.x.x.x.in-addr.arpa name = mail.company.com If you're not getting a resolution above in bold you either have an incorrect reverse record or you're actually don't own your IP space and you need your ISP to enter the reverse record.James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com

We do not have an ISP with the ptr we are in a subdomain of a university and the university is forwarding the dns traffic to our dns subdomain. I ran the command from a different network on campus and returned the following results Server: customer2.com Address: xxx.xxx.xxx.xxx domainname.com primary name server = servername.domainname.com responsible mail addr = hostmaster serial = 14111 refresh = 900 (15 mins) retry = 600 (10 mins) expire = 86400 (1 day) default TTL = 3600 (1 hour)

Just to recap the issue, sending to some domains fail because you suspect that you don't have a valid ptr record? Does your Exchange server send out to the internet or do you have a gateway SMTP server? I would start looking at your SMTP logs to see why the particular emails are failing. The logs will tend to be fairly specific on why it's failing and point out if it's due a missing ptr record.James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com

Run the command from outside your campus network.James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com

I ran the command from home and recieved the same results as above when run from a different network on campus. The reverse dns was working until the 2003 server went down it seems that there is a disconnect between the domainname and smtp server it is like the domain does not known about the smtp server it does not know which server to pass the request to for the reply.

Does your Exchange server send directly to the internet? Can you see if your internet send connector's FQDN matches the DNS hostname? 1. EMC 2. Org Config, Hub Transport, Send Connectors 3. Internet Connector Properties, specify the FQDN this connector will provide in response to HELO or EHLO.James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com

Yes the FQDN is in the SMTP connector. found a few things wrong one is the my two domain controllers were not syncing Fixed that issue by removing the second domain controller and readding it. also added the Exchange 2007 server as a domain controller with dns enabled. I can now telnet to the domain port 25 and get the correct response but in the email queue i and still getting rejections from other servers on dns reverse lookup. I check the the reverse lookup with the site you suggested earlier. and this is the result I get back No connection could be made because the target machine actively refused it xxx.xxx.xxx.xxx:25 but the ip address returned is not the mail server it is the main domain controller. how does the domain respond to smtp requests when the smtp request is sent to the domain port 25 shouldn't the answering domain controller respond back with the correct email server ip address or forward the request to the email server and have it answer ? is there some setting in the dns that has to be set to respond to outside dns queries ? or the email server ?

You're running into some DNS mixups. Your DC is answering because your internal AD domain name resolves to all your DCs. Is your internal domain name the same as your external email domain name? Also not best practice to have Exchange on same box as DC, you run into separate configuration managment scenarios that can cause headaches down the road.James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com

yes inside and outside domain names are the same.

In your external send connector, add your external DNS server addresses to be used in addition to your internal DNS setup. This seems to resolve the problems for our customers.....

Who hosts your public DNS? Is your internal AD\DNS server also your public DNS server?James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com

yes we host the public and it is the same as the internal main dns is like university.edu and we are a subdomain. so the universities main dns server forward all requests to the dns servers listed for the subdomain whick are the 3 domain controllers

I see, that makes sense then. You're experiencing the headaches of not using separate internal and external DNS namespace. When you send email externally, destination domains block your email after they do a ptr lookup. The ptr lookup looks up the external IP of your mail server but resolves to your DCs because your internal and external name are the same.James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com

yes that seems to be correct, any suggestions, I have another domain where this is working fine and this current domain use to work fine before the server problem.

Hmm, maybe you were relaying through a smarthost before?James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com