Hello, On a new Exchange server I have setup a smart host and I just sent an e-mail from OWA and to an external mail recipient and worked fine. However when I sent from external mail servers I do not receive nothing. I have DNS hosted by GO daddy and pointing mail.domain.com to my Public IP. My question is where does the MX record need to be at Go daddy or on my dns server mail.domain.com. I have configured the router to forward port 25 to my exchange server ISP says that no ports are blocked. Could it be any dns issue or some missing entry and how can I fix / test this to confirm

Hi, Configure MX reocrds on your external DNS which can be either on Go Daddy or you can host locally no matter also check your accepted domain have you configured them properly or not ? Receive connector could be the issue. Regards. Shafaquat Ali.M.C.I.T.P Exchange 2007/2010, M.C.I.T.P Windows Server 2008, M.C.T.S OCS Server 2007 R2, URL: http://blog.WhatDoUC.net Phone: +923008210320

will check accepted domain and receive connector and let you know..

Dear acmsoft, For new exchange 2007 or 2010 installation, by default the default receive connector do not have the anonymous user permission checkbox checked. Kindly checked the checkbox, you should be able to receive email. Thank you.

can someone please test my mail server telnet remote.avconti.info 25 as I am not receiving e-mails altough I have set the anonymous setting on both the default and client server receive connectors Are there any logs to see at least if e-mails are reaching the Exchange server. I can send e-mails externally and internally fine and only receive internally

also I just got the sent e-mails from an external mail server bounced back with this error. Could not be delivered because the domain name was unresolvable: Unable to resolve route avconti.info (MX) - *

Hi, As per this error its clearly written that check the MX records, I will recommend you to check your MX records again because its just because of that. Regards. Shafaquat Ali.M.C.I.T.P Exchange 2007/2010, M.C.I.T.P Windows Server 2008, M.C.T.S OCS Server 2007 R2, URL: http://blog.WhatDoUC.net Phone: +923008210320

Yes but what can I check apart that it is pointing to my sever 2008 with Exchange server. The entry of the MX record at GO DADDY is pointing to remote.avconti.info which is the same dns zone I have setup on the dns server with the A host record of the internal server ip on my machine

Hi, Kindly read this article and I hope you will get done. http://www.petri.co.il/configure_mx_records_for_incoming_smtp_email_traffic.htm Regards. Shafaquat Ali. M.C.I.T.P Exchange 2007/2010, M.C.I.T.P Windows Server 2008, M.C.T.S OCS Server 2007 R2, URL: http://blog.WhatDoUC.net Phone: +923008210320

nice article but the crucial part is only the MX record which is pointing correctly to my mail server. Could it be becuase of the Dynamic public ip I have which I have to update Godaddy dns just after connecting to the internet. Maybe it needs more time for dns propagation. have you tried to connect to my mail server yourself wit telnet to give me feedback pls

Connection failed on port 25. Have you opened port 25 on your firewall/router inbound? Does your ISP/provider allow inbound access on that port as well?

Is your IP 78.133.78.163? If so, the A record is updated (though it lacks a valid PTR.. which is not part of this problem).

correct that is my ip The PTR should only affect when sending e-mails however I am using a smart host. From where should I update the PTR from my dns server or from godaddy ? can we conclude something regarding the mail issue

I have forwarded port 25 of my dsl router to the server IP however my real doubt is about the ISP blocking incoming PORT 25 altough when I phoned them they told me that none of the ports are blocked but now I am starting to doubt this

is there sort of like a traceroute to see where the port is not being forwarded anymore ?

Well, the ISP is the most likely source for it being blocked. Do you have an internal router/switch as well or is the Exchange server plugged into the DSL router directly? (Id plug it in directly for troubleshooting to rule out any of your other equipment). If you're plugged into the DLS router directly and your ISP claims to not be blocking any ports inbound ask them to kndly telnet to your IP on port 25 and tell you the name of your Exchange server from the SMTP banner. :)

Sorry should have consolidated my replies.. you are correct the PTR will not (generally) impact recieving mail and uising a smarhost outbound should help when sending mail. If a PTR were to be created it would be created by those who manage the IP block (e.g. your ISP). Most ISPs won't create one specific to your domain, but many have ptr records for all IPs they manage... thoguh yours apparently does not.

tracert doesn't necissarily tell you that because you don't specify a port with the tool, but I can say that the last host which responded to a tracert request which was 217.22.189.140. If someone at the ISP can't telnet to your server on port 25 the number of possible places it is being blocked should be pretty darn small unless your ISP has the worst routing tables on the planet. ;)

On Fri, 8 Oct 2010 22:16:02 +0000, Chris Scharff wrote: > > >tracert doesn't necissarily tell you that because you don't specify a port with the tool, but I can say that the last host which responded to a tracert request which was 217.22.189.140. > >If someone at the ISP can't telnet to your server on port 25 the number of possible places it is being blocked should be pretty darn small unless your ISP has the worst routing tables on the planet. ;) It sure looks like port 25's unusable. Port 80 is working, though. Traceroute stops at the same network (just a different router) for me, too: 217.22.189.144 The IP address 78.133.78.163 looks like it's in Malta. The ISP that owns the routers is Datastream Ltd, also in Malta. The RIPE information for the 217.22.189.144 IP address is here: http://www.db.ripe.net/whois?form_type=simple&full_query_string=&searchtext=217.22.189.144&do_search=Search The RIPE information for the 78.133.78.163 IP address is here: http://www.db.ripe.net/whois?form_type=simple&full_query_string=&searchtext=78.133.78.163&do_search=Search --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP

MX record at GODADDY Priority HOST GOES TO 0 mail mail.avconti.info what is HOST referring to ?

Dear acmsoft, Mind to tell me what is ur domain name, so i can perform some nslookup for you to locate the host that are receiving mail. If it is avconti.info, clearly that the MX is not setup correctly at Godaddy site.

yes my domain is avconti.info and I am pointing it to mail.avconti.info 195.158.84.92 ON the dns server I have a dns entry named mail.avconti.info pointing to the mail server

Dear acmsoft, Just checked, you have the A record for mail.avconti.info which is resolved to 195.158.84.92. But you are missing the MX record for the avconti.info domain which is pointing to mail.vconnti.info. Kindly check with your registrar to have the MX records register on the public DNS. Thank you.

On Sat, 9 Oct 2010 08:37:14 +0000, acmsoft wrote: > > >MX record at GODADDY > > > >Priority HOST GOES TO > > 0 mail mail.avconti.info > > > >what is HOST referring to ? The MX record for the domain "mail.avconti.info" directs other MTAs to connect to the machine (host) named "mail.avconti.info". There is no MX record for the avconti.info domain. Here's the result from NSLOOKUP for the domain mail.avconti.info: > mail.avconti.info Server: bitsy.mit.edu Address: 18.72.0.3 Non-authoritative answer: mail.avconti.info MX preference = 0, mail exchanger = mail.avconti.info avconti.info nameserver = ns49.domaincontrol.com avconti.info nameserver = ns50.domaincontrol.com mail.avconti.info internet address = 195.158.84.92 ns49.domaincontrol.com internet address = 216.69.185.25 ns50.domaincontrol.com internet address = 208.109.255.25 Is it your intention that e-mail sent to you should be addressed to user@mail.avconti.info or was it your intention that the e-mail should be addressed to user@avconti.info ? Regardless of your answer, the IP address assigned to mail.avconti.info does not accept connections on port 25. Either you have the port closed on your firewall, or the ISP is blocking connections on port 25, or your router is using NAT and is sending the inbound connection to the wrong internal IP, or your Exchange server is misconfigured. Interestingly, you have a TXT record for the domain "avconti.info" that publishes your SPF information (v=spf1 a mx ~all), but there's no "A", CNAME, or MX record for the domain. If "avconti.info" is the domain name you want to use to do business on the Internet then I'd start by examining the way you have DNS configured for that zone. The registration for the avconti.info domain says you're in Malta. Is that correct, or is the domain registration protected? Here's the "dig" output for avconti.info: 10/09/10 11:23:27 dig avconti.info @ bitsy.mit.edu Dig avconti.info@ns50.domaincontrol.com (208.109.255.25) ... Authoritative Answer Query for avconti.info type=255 class=1 avconti.info SOA (Zone of Authority) Primary NS: ns49.domaincontrol.com Responsible person: dns@jomax.net serial:2010100903 refresh:28800s (8 hours) retry:7200s (2 hours) expire:604800s (7 days) minimum-ttl:86400s (24 hours) avconti.info NS (Nameserver) ns49.domaincontrol.com avconti.info NS (Nameserver) ns50.domaincontrol.com avconti.info TXT (Text Field) v=spf1 a mx ~all Dig avconti.info@ns49.domaincontrol.com (216.69.185.25) ... Authoritative Answer Query for avconti.info type=255 class=1 avconti.info SOA (Zone of Authority) Primary NS: ns49.domaincontrol.com Responsible person: dns@jomax.net serial:2010100903 refresh:28800s (8 hours) retry:7200s (2 hours) expire:604800s (7 days) minimum-ttl:86400s (24 hours) avconti.info NS (Nameserver) ns49.domaincontrol.com avconti.info NS (Nameserver) ns50.domaincontrol.com avconti.info TXT (Text Field) v=spf1 a mx ~all Dig avconti.info@bitsy.mit.edu (18.72.0.3) ... Non-authoritative answer Recursive queries supported by this server Query for avconti.info type=255 class=1 avconti.info SOA (Zone of Authority) Primary NS: ns49.domaincontrol.com Responsible person: dns@jomax.net serial:2010100903 refresh:28800s (8 hours) retry:7200s (2 hours) expire:604800s (7 days) minimum-ttl:86400s (24 hours) avconti.info NS (Nameserver) ns49.domaincontrol.com avconti.info NS (Nameserver) ns50.domaincontrol.com avconti.info NS (Nameserver) ns49.domaincontrol.com avconti.info NS (Nameserver) ns50.domaincontrol.com ns49.domaincontrol.com A (Address) 216.69.185.25 ns50.domaincontrol.com A (Address) 208.109.255.25 --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP

The thing is that I turned off the adsl modem and since I am on a dynamic IP it has changed. Now I have 78.133.92.81 and I will leave it on so that I can do the proper testing without the ip being changed can someone confirm how to properly set the MX record at GODADDY to make sure it is right ?

On Sat, 9 Oct 2010 16:22:40 +0000, acmsoft wrote: > > >The thing is that I turned off the adsl modem and since I am on a dynamic IP it has changed. > >Now I have 78.133.92.81 > > > >and I will leave it on so that I can do the proper testing without the ip being changed > > > >can someone confirm how to properly set the MX record at GODADDY to make sure it is right ? There's nothing wrong with the MX record now if your domain name is mail.avconti.info. If your IP address changed you need to change the "A" record for the machine mail.avconti.info to agree with your new IP address (which you've already done). You still have your original problem, though -- connections to 78.133.92.81 on port 25 fail. You need to work with your ISP to allow those connections to succeed. Since you're on a dynamic IP address you probably don't have a business-class connection and the use of port 25 may be forbidden by your ISP. --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP

Is it possible to change the listening port on the Exchange server and make it listen to an opened port ?

hmmm it useless since all other mailservers in the world are configured to use port 25 for sending e-mails.. Thank you for all your help

By any chance can someone have a look at My dns and Exchange settings just to confirm they are all set correctly. I can give Teamviewer ID and pass My ISP have confirmed again that PORT 25 is opened INCOMING and they just advised to use their mailserver to SEND outgoing e-mails since I do not have a fixed IP.

On Sun, 10 Oct 2010 07:23:18 +0000, acmsoft wrote: >Is it possible to change the listening port on the Exchange server and make it listen to an opened port ? Yes, it is. But unless you can convince the other MTAs to use that port it won't be much help. --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP

On Sun, 10 Oct 2010 08:52:10 +0000, acmsoft wrote: > > >By any chance can someone have a look at My dns and Exchange settings just to confirm they are all set correctly. > >I can give Teamviewer ID and pass > >My ISP have confirmed again that PORT 25 is opened INCOMING and they just advised to use their mailserver to SEND outgoing e-mails since I do not have a fixed IP. I see that the domain "mail.avconti.ino" is gone and the domain "avconti.info" now has a MX record that uses the server mail.avconti.info at IP address 78.133.17.200. avconti.info MX preference = 0, mail exchanger = mail.avconti.info mail.avconti.info internet address = 78.133.17.200 Unfortunately, that IP address doesn't accept connections on port 25: C:\Users\matheisen>telnet 78.133.17.200 25 Connecting To 78.133.17.200...Could not open connection to the host, on port 25: Connect failed Using the ISP's SMTP relay server for outbound mail is a good suggestion. --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP

Yes in fact that's how I want it to be, that is the domain avconti.info and then MX record pointing to mail.avconti.info Unfortunately, that IP address doesn't accept connections on port 25: This is the only problem left which I want to fix and I want to make sure it is not any wrong config of Exchange or DNS

On Mon, 11 Oct 2010 04:54:00 +0000, acmsoft wrote: >Yes in fact that's how I want it to be, that is the domain avconti.info and then MX record pointing to mail.avconti.info I thought it was, but you asked for confirmation. :-) >>Unfortunately, that IP address doesn't accept connections on port 25: >This is the only problem left which I want to fix and I want to make sure it is not any wrong config of Exchange or DNS You (and your ISP) can use simple telnet to verify if port 25 is open. Start on your LAN and work your way out towrds the Internet from there: Can you connect to port 25 on your server from your LAN? Can you connect to port 25 on your server from your firewall? Can the ISP connect to port 25 on your server from their network? If all that works then the ISP needs to contact their upstream provider and figure out the problem. --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP

Yes already checked LAN works WAN does not work FIrewall ALL disabled ISP Always says port is open

Hi, Have you tried to restart Exchange transport service after check the "Anonymous users" options in receive connector? Since you are using a dynamic IP address, you have to change the IP address of mail.avconti.info manually when the IP address was changed. Is that your network environment: 1. Exchange server has a internal IP address and it is connected to a router. 2. The router has a dynamic public IP address and it will forward the 25 port traffic to the internal IP address of the exchange server. Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. Thanks Gen Lin-MSFT

On Tue, 12 Oct 2010 04:41:45 +0000, acmsoft wrote: >Yes already checked > > > >LAN works Good. So it probably isn't your Exchange server. >WAN does not work I'm not sure of your definition of a WAN. If you mean that it doesn't work when you try to connect to it from, say, some other site, well, I think we've already established that fact. >FIrewall ALL disabled So you cannot connect from your firewall to your Exchange server???? >ISP Always says port is open And they've demonstrated that to you in what way? Have you seen an inbound connection on port 25 in your firewall logs? If you have, what do your firewall logs tell you happened to the connection? Was it dropped? Was it forwarded to another IP address/port? --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP

Hello, WAN inbound connection does not work Firewall disabled means that firewall is disabled on the DC/Exchange server and there are no other firewalls. The gateway is an adsl modem with port forwarding set up to the DC/Exchange server machine Since I have the adsl modem and then my DC/Exchange server how can I monitor incoming packets on port 25 ( so I phone my ISP ) Does wireshark works fine or is there anything else I can use

On Tue, 12 Oct 2010 18:31:49 +0000, acmsoft wrote: >WAN inbound connection does not work You already said that. :-) >Firewall disabled means that firewall is disabled on the DC/Exchange server and there are no other firewalls. The gateway is an adsl modem with port forwarding set up to the DC/Exchange server machine You're a brave man. Or maybe I should say "foolish". Exposing your network to the Internet is not a good thing to do. >Since I have the adsl modem and then my DC/Exchange server how can I monitor incoming packets on port 25 ( so I phone my ISP ) You should be able to see if there are any inbound connections that were successful by looking at the SMTP protocol logs on your server. >Does wireshark works fine or is there anything else I can use WireShark will work just fine. --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP

Altough I said that it was still not clear for you >WAN does not work I'm not sure of your definition of a WAN. If you mean that it doesn't work when you try to connect to it from, say, some other site, well, I think we've already established that fact. :) You're a brave man. Or maybe I should say "foolish". Exposing your network to the Internet is not a good thing to do. Who told you that I will leave everything as it is, did it not pass through your mind that this has been done temporary for testing purposes. Please let's try to keep comments to a certain level not like you are doing.

On Tue, 12 Oct 2010 20:30:52 +0000, acmsoft wrote: > > >Altough I said that it was still not clear for you And it's clear that you're not going to clarify it, either. :-) > > >WAN does not work I'm not sure of your definition of a WAN. If you mean that it doesn't work when you try to connect to it from, say, some other site, well, I think we've already established that fact. :) You're a brave man. Or maybe I should say "foolish". Exposing your network to the Internet is not a good thing to do. Who told you that I will leave everything as it is, did it not pass through your mind that this has been done temporary for testing purposes. Please let's try to keep comments to a certain level not like you are doing. --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP

On Tue, 12 Oct 2010 21:07:12 +0000, Rich Matheisen [MVP] wrote: >Who told you that I will leave everything as it is, did it not pass through your mind that this has been done temporary for testing purposes. Testing or not (and I don't believe you said anything about "testing"), it's still a foolish thing to do. >Please let's try to keep comments to a certain level not like you are doing. I think the "level" is just fine the way it is. You obviously have a problem between your Exchange server and your ISP, or the ISP is the problem. You seem unable to confirm whether you're receiving connections at whatever device is at your network perimeter, so there's not much more that can be done by anyone except you and the ISP. --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP