Outward bound emails stalled in queue
I have just gone through the painful process of rebuilding my W2K server after a v nasty trojan trashed myregistry and forced me to perform a freshserver re-install. I have setupW2K Serverwith Exchange 2000 and all services packs & updates are installed. I was able to successfully recover all my emails etc from the old system thanks to a very recent full backup done- HOWEVER - all is not working as it should: Following the installation of Exchange Server 2000 I find that incoming mail is working fine but all outgoing SMTP mail is stalled or refused. I have read all the documentation onlinethat I can find and everything seems to be setup the way it should be but no mail gets out. I installed and ran SMTPDIAG.exe (results below) and also ran NSLOOKUP. Note: I use a POP client to get inward bound email which delivers this to my SMTP connector. NSLookup reported as follows: Default server: w2kserver.simnet.local Address: 192.168.0.1 The SMTPDiag.exe command was SMTPDIAG admin@simnet.local somebody@externalsite.com The results were: Searching for Exchange external DNS settings. Computer name is W2KSERVER. VSI 1 has the following external DNS servers: 203.134.64.66, 203.134.65.66 Checking SOA for externalsite.com Checking external DNS servers. Checking TCP/UDP SOA serial number using DNS server [203.134.64.66]. TCP test succeeded. UDP test failed. Serial number: 2006072802 Checking TCP/UDP SOA serial number using DNS server [203.134.65.66]. TCP test succeeded. UDP test failed. Serial number: 2006072802 Checking internal DNS servers. Checking TCP/UDP SOA serial number using DNS server [192.168.0.1]. TCP test succeeded. UDP test failed. Serial number: 2006072802 Checking TCP/UDP SOA serial number using DNS server [203.134.64.66]. TCP test succeeded. UDP test failed. Serial number: 2006072802 Checking TCP/UDP SOA serial number using DNS server [203.134.65.66]. TCP test succeeded. UDP test failed. Serial number: 2006072802 SOA serial number match: Passed. Checking local domain records. Starting TCP and UDP DNS queries for the local domain. This test will try to validate that DNS is set up correctly for inbound mail. This test can fail for 3 reasons. 1) Local domain is not set up in DNS. Inbound mail cannot be routed to local mailboxes. 2) Firewall blocks TCP/UDP DNS queries. This will not affect inbound mail, but will affect outbound mail. 3) Internal DNS is unaware of external DNS settings. This is a valid configuration for certain topologies. Checking MX records using TCP: simnet.local. A: simnet.local [192.168.0.1] A: simnet.local [192.168.1.100] Checking MX records using UDP: simnet.local. A: simnet.local [192.168.0.1] A: simnet.local [192.168.1.100] Both TCP and UDP queries succeeded. Local DNS test passed. Checking remote domain records. Starting TCP and UDP DNS queries for the remote domain. This test will try to validate that DNS is set up correctly for outbound mail. This test can fail for 3 reasons. 1) Firewall blocks TCP/UDP queries which will block outbound mail. Windows 2000/NT Server requires TCP DNS queries. Windows Server 2003 will use UDP queries first, then fall back to TCP queries. 2) Internal DNS does not know how to query external domains. You must either use an external DNS server or configure DNS server to query external domains. 3) Remote domain does not exist. Failure is expected. Checking MX records using TCP: externalsite.com MX: mx1.externalsite.com (10) MX: mx2.externalsite.com (20) A: mx1.externalsite.com [220.240.226.162] A: mx2.externalsite.com [202.7.81.135] Checking MX records using UDP: externalsite.com MX: mx1.externalsite.com (10) MX: mx2.externalsite.com (20) Both TCP and UDP queries succeeded. Remote DNS test passed. Checking MX servers listed for somebody@externalsite.com Connecting to mx1.externalsite.com [220.240.226.162] on port 25. Connecting to the server failed. Error: 10060 Failed to submit mail to mx1.externalsite.com. Connecting to mx2.externalsite.com [202.7.81.135] on port 25. Connecting to the server failed. Error: 10060 Failed to submit mail to mx2.externalsite.com. System setup. There are two NICs installed. NIC 1 [connected to my internal (local) area network] IP number is 192.168.0.1 Mask 255.255.255.0 Default gateway is open DNS Server is set at 192.168.0.1 NIC 2 [connected to my DSL router] IP Number is 192.168.1.100 Mask 255.255.255.0 Default Gateway 192.168.1.1 [which is the IP of the DSL router itself] DNS links aregiven as 203.134.64.66 and 203.134.65.66 Note: I can surf the web fine with these settings no errors. I can ping any external website without problem I can traceroute to any external site without problem Outward bound mail fails. Note: I have tried routing outgoing mail to a smart host and that fails I have tried direct delivery and that fails too. I don't know what else to try to do to resolve this. Note: At this point I am NOT runninng any firewall software but I will install ISA Serv once I have mail flowing properly Therefore there is nothing running that should block port 25. Help please (before I pull out what's left of my hair!!!!)
August 9th, 2006 6:21am
ok... sounds to me like something isn't listening or is blocking you from getting you through to port 25.
It's possible that your ISP is blocking you from sending mail precisely because it detected you had a virus and was working to contain you from infecting other customers. If this is the case, you're going to have to call them up, there's no way around this issue. Some ISPs also have strict policies on how they will take oubound port 25 traffic, some forbid it completely while others require some form of authentication.
To diagnose this problem further I would look in the event logs, attempt to telnet into port 25 to the IP in question and see what errors are reported, and look in the queue viewer to see what the diagnostic string reports on the queue that is retry.
If this doesn't get you towards the answer, I'd repost this question in the "Transports" forum, there's a lot of folks there that will be able to help you more quickly and better.
Good luck!
Free Windows Admin Tool Kit Click here and download it now
August 17th, 2006 10:26am
I'd also follow up with...
Is this a business, or a home? Is your external IP (DSL router) a static IP, or dynamic IP? In any case, you may have previously set up an SMTP Connector on your Exchange server to send all outbound mail out via your ISP's mail server as a SmartHost. If you have a dynamic IP, this is almost always required, not to mention that there are RBL's that are configured with known dynamic IP ranges, and will block connections from them.
I'd agree with Greg here that it sounds like your ISP is blocking port 25 outbound, either administratively (simply don't allow it), or because they know you had a virus (was it a mass-mailing worm?).
August 17th, 2006 8:50pm