Welcome to ISAserver.org

SMTP poblems

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [ISA Server 2000 General] >> Server Publishing >> SMTP poblems

Page: [1]

Message

<< Older Topic Newer Topic >>

SMTP poblems - 12.Jun.2003 5:01:00 PM

iwagstaff

Posts: 11
Joined: 13.Feb.2003
Status: offline

I am currently having problems sending email to one domain specifically btinternet.com, messages queuing up!

I have exchange 2000 behind ISA server with all SPs applied.

I have tried telneting to moongate.btinternet.com wich is their SMTP server and I get the banner but it comes up slowly I have tried to type ehlo and helo and I get nothing! I have tried from behind another firewall and and it works fine?

The strange thing is this has just started happening. Any help would be much appreciated.

Ivan

Post #: 1

Featured Links*

RE: SMTP poblems - 12.Jun.2003 8:59:00 PM

spouseele

Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline

Hi Ivan,

can you perform a forward and reverse DNS lookup of the ISA external interface on the Internet?

HTH,
Stefaan

(in reply to iwagstaff)

Post #: 2

RE: SMTP poblems - 12.Jun.2003 9:12:00 PM

iwagstaff

Posts: 11
Joined: 13.Feb.2003
Status: offline

I have multiple external IP addresses on the external interface. How should I perform a reverse lookup? Any reason why it is only not working for one domain

I can't seem to get any SMTP commands to work via telnet now? seems like the ISA server is doing something here?

(in reply to iwagstaff)

Post #: 3

RE: SMTP poblems - 12.Jun.2003 9:35:00 PM

spouseele

Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline

Hi Ivan,

just use the nslookup command! [Big Grin]

You can also post your ISA external IP's and I can check it for you.

HTH,
Stefaan

(in reply to iwagstaff)

Post #: 4

RE: SMTP poblems - 12.Jun.2003 9:38:00 PM

iwagstaff

Posts: 11
Joined: 13.Feb.2003
Status: offline

Thanks! I have the dns internally mapped to the internal ip. My external IP addresses are 12.109.77.194-195 I guess email is coming out of .194 and returning to .195?

(in reply to iwagstaff)

Post #: 5

RE: SMTP poblems - 12.Jun.2003 10:02:00 PM

spouseele

Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline

Hi Ivan,

here are the results:

code:

Header:
   ID=56367, QR=Response, Opcode=QUERY, RCODE=NO ERROR
   Authoritative Answer=No, Truncation=No
   Recursion Desired=No, Recursion Available=No
   QDCOUNT=1, ANCOUNT=1, NSCOUNT=2, ARCOUNT=2
Question:
   Name=194.77.109.12.IN-ADDR.ARPA, QTYPE=A, QCLASS=1
Answer Section:
- Name=194.77.109.12.IN-ADDR.ARPA
    Type=CNAME, Class=1, TTL=172800 (2 Days), RDLENGTH=35
    CNAME=194.192/28.77.109.12.in-addr.arpa
Authority Records Section:
- Name=192/28.77.109.12.in-addr.arpa
    Type=NS, Class=1, TTL=172800 (2 Days), RDLENGTH=20
    Name Server=ns1.dnsmanaged.com
- Name=192/28.77.109.12.in-addr.arpa
    Type=NS, Class=1, TTL=172800 (2 Days), RDLENGTH=6
    Name Server=ns7.dnsmanaged.com
Additional Records Section:
- Name=ns1.dnsmanaged.com
    Type=A, Class=1, TTL=169415 (1 Day 23 Hours 3 Minutes 35 Seconds), RDLENGTH=4
    IP Address=192.5.6.34
- Name=ns7.dnsmanaged.com
    Type=A, Class=1, TTL=169415 (1 Day 23 Hours 3 Minutes 35 Seconds), RDLENGTH=4
    IP Address=192.42.93.34
   
Header:
   ID=56253, QR=Response, Opcode=QUERY, RCODE=NO ERROR
   Authoritative Answer=No, Truncation=No
   Recursion Desired=No, Recursion Available=No
   QDCOUNT=1, ANCOUNT=1, NSCOUNT=2, ARCOUNT=2
Question:
   Name=195.77.109.12.IN-ADDR.ARPA, QTYPE=A, QCLASS=1
Answer Section:
- Name=195.77.109.12.IN-ADDR.ARPA
    Type=CNAME, Class=1, TTL=172800 (2 Days), RDLENGTH=35
    CNAME=195.192/28.77.109.12.in-addr.arpa
Authority Records Section:
- Name=192/28.77.109.12.in-addr.arpa
    Type=NS, Class=1, TTL=172800 (2 Days), RDLENGTH=20
    Name Server=ns1.dnsmanaged.com
- Name=192/28.77.109.12.in-addr.arpa
    Type=NS, Class=1, TTL=172800 (2 Days), RDLENGTH=6
    Name Server=ns7.dnsmanaged.com
Additional Records Section:
- Name=ns1.dnsmanaged.com
    Type=A, Class=1, TTL=169273 (1 Day 23 Hours 1 Minute 13 Seconds), RDLENGTH=4
    IP Address=192.5.6.34
- Name=ns7.dnsmanaged.com
    Type=A, Class=1, TTL=169273 (1 Day 23 Hours 1 Minute 13 Seconds), RDLENGTH=4
    IP Address=192.42.93.34

That looks rather a strange naming convention.

What is your external domain name?
On which IP address is the SMTP server published?
Is 12.109.77.194 your primary external IP address?

HTH,
Stefaan

(in reply to iwagstaff)

Post #: 6

RE: SMTP poblems - 12.Jun.2003 10:04:00 PM

iwagstaff

Posts: 11
Joined: 13.Feb.2003
Status: offline

.194 is the primary ip address of the email server. the exchange is published on .195. our domain is christelhouse.org

did the reverse lookup work?

(in reply to iwagstaff)

Post #: 7

RE: SMTP poblems - 12.Jun.2003 10:26:00 PM

spouseele

Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline

Hi Ivan,

when I do an MX record lookup I got:

code:

  Header:
   ID=57023, QR=Response, Opcode=QUERY, RCODE=NO ERROR
   Authoritative Answer=Yes, Truncation=No
   Recursion Desired=No, Recursion Available=No
   QDCOUNT=1, ANCOUNT=2, NSCOUNT=4, ARCOUNT=2
Question:
   Name=christelhouse.org, QTYPE=MX, QCLASS=1
Answer Section:
- Name=christelhouse.org
    Type=MX, Class=1, TTL=7200 (2 Hours), RDLENGTH=13
    Preference=5, Mail Exchange=exchange.christelhouse.org
- Name=christelhouse.org
    Type=MX, Class=1, TTL=7200 (2 Hours), RDLENGTH=9
    Preference=0, Mail Exchange=mail.christelhouse.org
Authority Records Section:
- Name=christelhouse.org
    Type=NS, Class=1, TTL=7200 (2 Hours), RDLENGTH=20
    Name Server=ns1.dnsmanaged.com
- Name=christelhouse.org
    Type=NS, Class=1, TTL=7200 (2 Hours), RDLENGTH=6
    Name Server=ns7.dnsmanaged.com
- Name=christelhouse.org
    Type=NS, Class=1, TTL=7200 (2 Hours), RDLENGTH=6
    Name Server=ns6.dnsmanaged.com
- Name=christelhouse.org
    Type=NS, Class=1, TTL=7200 (2 Hours), RDLENGTH=6
    Name Server=ns4.dnsmanaged.com
Additional Records Section:
- Name=exchange.christelhouse.org
    Type=A, Class=1, TTL=7200 (2 Hours), RDLENGTH=4
    IP Address=12.109.77.195
- Name=mail.christelhouse.org
    Type=A, Class=1, TTL=7200 (2 Hours), RDLENGTH=4
    IP Address=12.109.77.195

So, 'exchange.christelhouse.org' and 'mail.christelhouse.org' are pointing to the same IP address 12.109.77.195. Now, doing a reverse lookup on 12.109.77.195 gives me '195.192/28.77.109.12.in-addr.arpa'. Quite another name. I would configure the DNS it returns the same names 'exchange.christelhouse.org' and 'mail.christelhouse.org'. Also, trying to resolve further '195.192/28.77.109.12.in-addr.arpa' gives me no results.

Now, all depends what checks are implemented on the remote domain 'btinternet.com'. Must the forward and reverse DNS lookup give the same result or do they only accept SMTP connections from IP addresses for which an MX record exist? It's hard to tell from here. Your best option is to call them and ask them to look at this particular problem.

HTH,
Stefaan

(in reply to iwagstaff)

Post #: 8

RE: SMTP poblems - 12.Jun.2003 10:31:00 PM

iwagstaff

Posts: 11
Joined: 13.Feb.2003
Status: offline

Thanks so much for you help. One more questions should I be able to telnet to port 25 from the exchange server behind isa to the external smtp host and type commands and get an answer? I am only getting the banner and then nothing at the moment.

(in reply to iwagstaff)

Post #: 9

RE: SMTP poblems - 12.Jun.2003 10:36:00 PM

spouseele

Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline

Hi Ivan,

yes, you should! That's how I determine all sort of problems by emulating a client with a simple Telnet.

HTH,
Stefaan

(in reply to iwagstaff)

Post #: 10

RE: SMTP poblems - 12.Jun.2003 10:58:00 PM

iwagstaff

Posts: 11
Joined: 13.Feb.2003
Status: offline

then my problem might be somewhere else because the telnet connection is eratic! I can't type the helo command and get a response from the external servers only the banners come up!

(in reply to iwagstaff)

Post #: 11

RE: SMTP poblems - 12.Jun.2003 11:14:00 PM

spouseele

Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline

Hi Ivan,

maybe we are on the wrong track! [Frown]

I just tried it and it works. After getting the banner type "HELP<return>". You should get back 214 responses with the supported commands. Then try "HELO christelhouse.org<return>" You should get back a 250 response alluminium Hello DNS_name [IP_address]". To close the connection, type "QUIT<return>".

BTW --- depending on the local echo settings of the telnet, you might not see what you type.

HTH,
Stefaan

[ June 12, 2003, 11:16 PM: Message edited by: spouseele ]

(in reply to iwagstaff)

Post #: 12

RE: SMTP poblems - 12.Jun.2003 11:27:00 PM

iwagstaff

Posts: 11
Joined: 13.Feb.2003
Status: offline

Stefaan you are a genius! to fix this problem.

because I had multiple external addresses it was using the first ip address which was not a registered mx record for outgoing smtp! registered this ip as an mx and things started working!

I guess the questiong people will ask is, is there anyway to configure smtp traffic to exit via any IP other than the default external? I do not care my email is working! :-)

(in reply to iwagstaff)

Post #: 13

RE: SMTP poblems - 12.Jun.2003 11:34:00 PM

spouseele

Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline

Hi Ivan,

WOW! I'm very glad you got it working! [Cool]

For outbound traffic, ISA will always use the primary IP address bound to the external interface. You can't change that behaviour. Therefore, to avoid such strange problems, we should advise to always publish the internal mail server on the primary external IP address, not a secondary one!

Thanks,
Stefaan

[ June 12, 2003, 11:40 PM: Message edited by: spouseele ]

(in reply to iwagstaff)

Post #: 14

RE: SMTP poblems - 13.Jun.2003 6:46:00 PM

iwagstaff

Posts: 11
Joined: 13.Feb.2003
Status: offline

The problem is back!

Can anyone out there who is behind an ISA firewall please try telneting to moongate.btinternet.com and stargate.btinternet.com and let me know if you are successful!

(in reply to iwagstaff)

Post #: 15

RE: SMTP poblems - 13.Jun.2003 8:31:00 PM

spouseele

Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline

Hi Ivan,

just tried both servers from behind an ISA server and they work both without any problem. [Smile]

Do you see some errors/warnings in the event log?
What is the ISA firewall log telling you?
Can you take a Network Monitor trace at the ISA external interface?

Of course, I assume your basic ISA server is perfectly configured. If you have any doubts, check out Jim's excellent article http://www.isaserver.org/tutorials/Configuring_ISA_Server_Interface_Settings.html .

HTH,
Stefaan

(in reply to iwagstaff)

Post #: 16

RE: SMTP poblems - 14.Jun.2003 6:19:00 PM

tshinder

Posts: 47413
Joined: 10.Jan.2001
From: Texas
Status: online

quote:
Originally posted by IvanW:
Stefaan you are a genius! to fix this problem.

because I had multiple external addresses it was using the first ip address which was not a registered mx record for outgoing smtp! registered this ip as an mx and things started working!

I guess the questiong people will ask is, is there anyway to configure smtp traffic to exit via any IP other than the default external? I do not care my email is working! :-)