Configuring exchange - port forwards
-
i have configured exchange, configured it for my enviroment and I can receive but cannot send, any ideas why?
I have done the exchange analyzer test my results are -
activesync connection- all good apart from the ssl cert (as i use self assigned SSL as its just for home use)
Inbound - succeeded
outbound - all good apart from I'm on the spam lists as its probably a dynamic address
Is this why I cannot send out, if so is there anyway in trying to get it to work?
I would have thought if my inbound is good my outbound should be good as its all going out in the same port the smtp port or mx record
Many thanks
Rob
-
Does your ISP block outbound port 25?
(Also, see startssl.com for a free cert. No need for self-signed.)
-
This is the thing when I try and telnet to port 25 to my mail.server it doesn't let me but when I change the send connector to 587 and try a telnet to my smtp server again I get a response saying 220 ready for service
I'm with virgin media and they say they don't block.port 25 but this obviously isnt the case as I cant send using 25 I can just recieve
-
Almost all ISPs block outbound port 25 on residential service. Sorry.
About the only thing you can do is configure your mail server to send all mail to your ISPs mail server. Usually called a "Smart Host." You might also configure it to connect to an arbitrary smart host on 587 and provide authentication. Something like smtp.google.com might be a good choice for that.
Then there are thinks like SPF records, etc you'll want to get right in your DNS.
-
Great thanks for your help much appreciated
So theres no way to send my emails out port 587?
-
If you can configure exchange to connect to a specific mail server on 587, authenticate, and send all your mail, sure.
But you can't do it the same as port 25 because, by convention, servers listening on 587 have to require authentication before accepting mail submissions. You can define a smart host on 587, authenticate to it, and send all outbound mail. Then you rely on them to forward it to the appropriate SMTP host.
You might also have a specific mail server at your ISP that will accept unauthenticated connections on 25 and deliver your mail. They would specifically pass traffic from you to that server on 25.
In a nutshell, if you can't go out on tcp/25, your mail server can't be used to look up MX records and send outbound mail to the correct host. You have to send it all to one server and let them do the MX lookups and deliver it.
You might run into restrictions on what domains can be used as From: addresses, etc. It really all depends. Some don't care, some are real jerks and do stupid stuff.
Some might even block inbound port 25 which is just plain brainless.
-
As when I used hmail server I could send and receive on port 587 SMTP so I really don't understand why exchange wont send out using port 587 as hmail worked perfectly using that port
-
What happens when you telnet from your exchange server to the mail server on port 587?
Note that outbound connections such as sending mail don't require a port forward. They only need outbound NAT (if NAT is necessary).
-
As when I used hmail server I could send and receive on port 587 SMTP so I really don't understand why exchange wont send out using port 587 as hmail worked perfectly using that port
If you are saying you could send mail to arbitrary mail servers on 587, things weren't working like you think they were. Most mail servers on the internet require authentication before you can send ANY mail through them - even to the local domains they serve.
-
when i have my exchange server on at home, from work i can telnet in on port 587 (my new SMTP send connector) and i get a reply back (220 mail server ready at your service) but when i had my exchange using port 25 (SMTP send connector) i didn't get a response so i can safely say virgin media block port 25 for outgoing emails
i can receive emails when i make my send connector SMTP port 25 but when i make it port 587 i cant even receive nor even send but i can telnet into it which i dont understand atall
-
I'm going to have to step back and let you decide what ports you want open from where to where. When you figure that out, I'll be happy to help you get pfSense doing the right thing.
-
thank you Derelict,
i do want to make my SMTP send connector port 587 as virgin media block outbound port 25
-
Then do that. It should require no configuration in pfSense. I can't help you with configuring exchange. exim/sendmail/postfix maybe, but not exchange. good luck.
-
thank you, you have been very helpful
rob
-
as virgin media block outbound port 25
Hi,
Sorry for maybe putting the cat amongst the pigeons but I am on virginmedia cable and they do not block port 25, I have my test exchange 2010 box running fine with minimal configuration and on port 25
-
mmm…
reason why i am asking if 25 is blocked if i run a telnet command from the internet i cant connect to my mail server using 25 but i can when i change it to 587, it says 220 my mail server is ready
obviously i port forward the correct ports 25/587 to my exchange server at the time im testing the above command
as every time i make my send connector 25 i cant send but i can receive, guess i will try with exchange 2010
-
mmm…
reason why i am asking if 25 is blocked if i run a telnet command from the internet i cant connect to my mail server using 25 but i can when i change it to 587, it says 220 my mail server is ready
obviously i port forward the correct ports 25/587 to my exchange server at the time im testing the above command
as every time i make my send connector 25 i cant send but i can receive, guess i will try with exchange 2010
But what you're saying is contradictory. If you change to port 25 and "can receive" that means other mail servers can make the connection to you on 25. Which is the opposite of your telnet test experience.
-
Hi all
Good news its working, i will quickly describe what i did
I found out one of the services "MS EXCH Mailbox Transport Submission" wasnt running when i listed in order of automatic services
I made my send connector back in using port 25 instead of 587 as mails would not send
Once i did that my messages went one by one to my sent items in OWA and i had about 23 emails in my gmail inbox
Also i did this -
http://exchangekb.com/2014/03/19/exchange-2013-emails-stuck-in-drafts
I added for internal dns my domain controller ip and in external dns my isp's dns and google's dns
http://exchangemaster.wordpress.com/2014/06/10/mails-stuck-in-the-draft-folder
http://technet.microsoft.com/en-us/library/cc816856(v=ws.10).aspx
I added my isp's dns and google's dns
Really grateful for everones input so much appreciated all pointed me in the right direction and so glad got it sorted, only taken me a week!!!
Rob
