Emails to domain not routed to external Server

Discussion in 'DNS Server' started by Anthony Smith, Aug 7, 2007.

  1. Good Morning Everyone,

    I hope everyone is doing well today. We are hosting our website internally
    BUT the email is on an external server outside of our office. I set up the
    DNS records to point the website to our internal webserver(DMZ) BUT I set up
    an MX record to point to our external mail server. Users can access the
    website ok, www.ourdomain.com, but when sending an email to
    comes back 1-2 days later as non-deliverable. It
    doesn't come back immediately but about 1-2 days later it doesn't show up.

    What didn't I set up correctly in DNS. I thought all I needed to set up
    mail on the domain was the MX record pointing to the external server?

    We're running SBS2003 SP1 Premium with ISA 2004. Thanks!

    Sincerely,
    Anthony Smith
    In God We Trust!
     
    Anthony Smith, Aug 7, 2007
    #1
    1. Advertisements

  2. Anthony Smith

    Costas Guest

    Anthony,

    I assume you setup the MX record to an external DNS server. First go to the
    following link http://www.mxtoolbox.com/index.aspx and put in the name of
    your domain. When the results come back you should see a list of the MX
    records for you domain. Pick the primary MX record and click 'Diagnostics'.
    Then click 'Test Email Server'.

    Do you get a successful reply?

    Costas
     
    Costas, Aug 7, 2007
    #2
    1. Advertisements

  3. Thanks for the reply. Yes the MX record is to an external DNS server. User's
    outside the company can successfully email our domain. It's when users
    inside of our company try to send an email to our domain that it returns as
    no deliverable. It's something I haven't set up on our internal DNS server
    I'm assuming. I've got entries in DNS for www(internal), owa(internal), and
    the MX record for mail which is an outside mail server.

    I went to that mxtoolbox.com website and tested the email server and the
    last two responses said...
    relaying denied. proper authentication required
    mydomain.com closing connection

    I did see a "Pleased to meet you" ...Not sure if that's what you meant by
    reply.
     
    Anthony Smith, Aug 7, 2007
    #3
  4. Anthony Smith

    Costas Guest

    If external users can successfully send you emails, then the public DNS was
    setup properly. Internally there is no need to setup an MX record. All
    requests from your internal network will be send to external DNS servers,
    assuming you have setup forwarders. I assume you are running Exchange with
    the POP3 connector. Do you have problems receiving mails also?

    Costas
     
    Costas, Aug 7, 2007
    #4
  5. I don't understand. Users couldn't access the website via www.ourdomain.com
    until I set up another Forward Lookup Zone with our domain name. I was
    informed I had to set all the entries up in that zone to appear just like
    the entries on our nameserver (host, ie Network Solutions). I put those
    entries in DNS to allow users to type in the web browser www.ourdomain.com
    and also for mail to be routed to the external server. I'll try removing
    that MX record from our internal DNS and see if that resolves the issue.
     
    Anthony Smith, Aug 7, 2007
    #5
  6. Anthony Smith

    Steve Guest

    Did you name your internal domain "ourdomain.com instead of .local or .lan
    etc.?" That's the only time you would need to add those DNS entries
    internally.
     
    Steve, Aug 7, 2007
    #6
  7. Thanks for the reply. Yes it's ourdomain.com
    The internal Exchange Server does NOT handle email for this particular
    domain. The mail server is an external one with a totally different ip
    address.

    I tried removing the MX record in DNS that points to the external mail
    server but the mail we send to it isn't getting to it. Anyone that's not in
    this office building is basically able to send mail to ourdomain.com but
    inside the office it can't be done.
     
    Anthony Smith, Aug 7, 2007
    #7
  8. Anthony Smith

    Costas Guest

    How do your clients connect to the mail server? It starts getting
    confusing... You have SBS running (what is the domain name? ) and then in
    the DMZ you have your web server (does the DMZ contain a DNS server too?)
    The mail server is external (Where is the DNS that has the MX record that
    points to that server)?

    Costas
     
    Costas, Aug 7, 2007
    #8
  9. Good Morning,
    The clients connect to the mail server thru a web browser. We have 2
    domains. Ourcompany.com(1) and then our e-commercestore.com(2).
    Ourcompany.com(1) is a tech. website hosted by an ISP, but our SBS handles
    routing of the email. Our ecommercestore.com is what is hosted in house on
    the DMZ server which does NOT have DNS. The SBS is our company's main
    server, it is using Exchange and DMZ & SQL for running our business. Users
    use outlook and has the email address with the 1st domain.

    Let me try to simplify this for you. Domain 1 the email is handled/routed
    through SBS BUT the website is hosted by an ISP. Domain 2 is on our DMZ'd
    server BUT the Email is handled by an ISP. We are the same company BUT we
    trade as different names. So I'd rather keep the interface for emails
    seperate so when we are sending emails we know which company we are working
    for at that time. When users use Outlook, they KNOW they are in Company 1.
    When they open up the web browser to access email they know they are in
    company 2. One day I may do it differently and let Exchange handle all the
    emails but for now we're keeping company 2's email on an external mail
    server(ISP).

    So I set up the DNS to allow users to access company 2's website since it is
    hosted internally. There are only 2 users that primarily use the company
    2's email. So it's easier for those who DON'T use company 2's email to just
    open up outlook and send them an email. I thought having an MX record point
    to the external mail server would fix this but it doesn't. I tried removing
    it as was stated in this post but it still returns as undeliverable. It's
    like the email is not going out but staying in house. We get email
    constantly from customers and spammers so it's working outside of this
    office, but users in-house can't send an email from company 1 to company 2.
    BUT if I log into the external mail server and send an email to company 1,
    it comes through fine! Hope I didn't confuse your more on this issue.
    Thanks again for your help!
     
    Anthony Smith, Aug 8, 2007
    #9
  10. Anthony Smith

    Costas Guest

    Ok.. I think I got it :)

    You have two different domains... ISP is involved in both domains. For the
    internal, it has the website and for the external is hosts the email. I
    assume that you have two different external IP addresses that point to your
    network. One for the internal network and one for the network in the DMZ.
    The DNS needs to be setup at the ISP for both domains.

    For the internal domain (since Exchange is handling the email) the MX record
    should point to the external IP address of the server. For the external
    domain (DMZ) the MX record should point to the mail server of you ISP.

    As far as the internal network is concerned, the mail server at the ISP for
    the second domain is just another server. When the users of the external
    domain use the browser to access their emails, they should be hitting the
    ISP directly using a program like webmail or something similar. They could
    also use Outlook to create a POP connection to the ISP servers. Is your
    setup like that or am I missing something?

    Costas
     
    Costas, Aug 8, 2007
    #10
  11. Your question:
    -->As far as the internal network is concerned, the mail server at the ISP
    for
    the second domain is just another server. When the users of the external
    domain use the browser to access their emails, they should be hitting the
    ISP directly using a program like webmail or something similar. They could
    also use Outlook to create a POP connection to the ISP servers. Is your
    setup like that or am I missing something?

    The answer is yes. It is a webmail program and YES we could pop and get the
    mail that way but then they would have two different domains in outlook and
    I'd rather not do that for now. Two different interfaces, two different
    domain names. It's easier for the users to know which domain it is by how
    they access the email.

    I'm still not sure what entries I need to set up in DNS to get the mail
    working. Here is an example:
    I open up outlook which is hosted by exchange which handles the
    'mycompany.com' domain. And wants to email
    (I'm the same person in both email address, but
    ecommercesite is an external email address at an external mail server)
    The email doesn't reach the ecommercesite domain, it never appears to go OUT
    to the external mail server. Because I set up a 2nd forward lookup zone for
    ecommercesite.com, I guess it thinks the mail should be local since the
    website is but it's not.

    I have 2 forward lookup zones in the SBS DNS. domains.local and
    ecommersite.com. I had put 3 entries in there, www, owa, and an MX record
    pointing to the external mail server. But that didn't work. It looks like
    there are two more entries in there that state (same as parent folder) one
    is Start of Authority(SOA) server.domains.local, hostmaster.domains.local
    AND Name Server (NS) server.domains.local.
     
    Anthony Smith, Aug 8, 2007
    #11
  12. Anthony Smith

    Costas Guest

    I think you made it more complex than it needs to be (unless I'm missing
    something of course). It would be easier to have all DNS related work being
    taken care by the ISP DNS server. One for the internal domain and one for
    the external domain. Other than the SBS domain, I wouldn't put anything
    else on the internal DNS. Is there any particular reason you setup the SBS
    DNS server?

    Costas
     
    Costas, Aug 8, 2007
    #12
  13. Well the SBS DNS server only resolves local dns stuff but forwards anything
    not in Active Directory to the ISP DNS to resolve. That's the only DNS
    server we have in-house and that was setup with the installation of SBS. The
    only thing extra I had to do with DNS is add the forward lookup zone for our
    newly hosted website (DMZ'd W2003 webserver).

    I thought almost every SBS user uses DNS for Active Directory resolves?
    We're no different just adding the web domain name in addition to
    domains.local so that users don't have to type in the local ip address of
    the web server. I did have hosts files set up on the users before I entered
    another lookup zone for our website, but in MS& Isaserver.org reading it's
    better to set up the DNS server the way I had it. But something is missing
    because the emails are getting through.

    Sorry for complicating the whole thing. I thought it was a simple thing
    missing from DNS that I had to set up besides the MX record. I'm sure
    others have a website on 1 server and a mail server on a different server.
    If so, how to set up DNS to send mail to the different/external server is
    the question? (smile)
     
    Anthony Smith, Aug 8, 2007
    #13
  14. Anthony Smith

    Costas Guest

    Other than setting up the MX record to point to the mail server there isn't
    anything else you need to do. I don't think the problem is in the DNS. If
    it was, nobody would be able to send email to the ISP mail server. I
    re-read all the posts from the beginning of the thread and I still think I
    must be missing something :) You wrote that the SBS handles the DMZ... what
    do you mean by that. Isn't the W2k3 server in the DMZ zone a standalone
    server?

    Costas
     
    Costas, Aug 8, 2007
    #14
  15. Anthony Smith

    Joe Guest

    The difficulty you have is that you've given the SBS domain not only a
    real, existing Internet domain name, but specifically a domain that you
    definitely don't want to accept mail for. This does underline the reason
    for using a 'fake' domain name internally.

    I have a feeling that what you're seeing isn't a DNS issue. If it was,
    I think Exchange would immediately complain that it couldn't find the
    relevant mail server. In fact, it tries for a couple of days to deliver
    to it, which means it has what it considers a valid mail server name.

    What is in the recipient policies? I assume your users don't have the
    addresses, only . But how about
    Exchange itself? Presumably the company2.com address is primary, but
    is company1.com there at all? If it is, it would be worth removing it.
    I believe you probably can remove it as long as it isn't primary,
    which it can't possibly be if your users can send from company2.com.
    I wouldn't actually swear to it, as SBS contains some hard coding of
    items which are configurable in Server 2003, which occasionally causes
    unexpected behaviour. I've never heard of someone removing the SBS
    domain from the list of policies, and I'm not about to try it.

    If not, I think you have to find out where Exchange is trying to send
    the mail, and tell it to stop. I'm afraid that will involve dealing
    with unfriendly log files. (Yes, I know, I always recommend that. I
    find it more rewarding than guessing). The first port of call is the
    Message Tracking Center in Tools in the Exchange Manager. You might
    hit the jackpot there, as if Exchange is sending mail outside it will
    name the server it is sending to. Something I don't think you posted
    so far was the exact error message when Exchange gave up trying to
    deliver, which may also be a clue.

    I don't really know where you go from there. I'd normally recommend
    the SMTP log files next, but I think the problem here is that Exchange
    isn't actually trying to use SMTP to deliver the offending mail. I'd
    hope the Tracking Center results would suggest where to go next.
     
    Joe, Aug 8, 2007
    #15
  16. The returned message doesn't have any codes that I can determine:
    Your message did not reach some or all of the intended recipients.

    Subject: Test Email Findparts

    Sent: 8/7/2007 2:39 PM

    The following recipient(s) could not be reached:

    on 8/9/2007 2:47 PM

    Could not deliver the message in the time limit specified. Please retry or
    contact your administrator.

    <peconet.com #4.4.7>

    Now I opened up the message Tracking in ESM. And I see about 6 lines for
    SMTP events,
    the last one states:
    SMTP: Message Routed and Queued for Remote Delivery
    That's the last event I see for the message.

    Maybe I don't have the MX record set up properly. Do I create A Host called
    mail.mydomain.com then enter the IP address of my server, then create an MX
    record called mail and the FQDN points to the host record I just create
    mail.burnerparts.com? Or do I just create an MX record called
    mail.burnerparts.com and point it directly to the IP address of the external
    server. I believe I've tried both options. Not sure if a re-start of DNS
    or SBS is required. I have NOT restarted DNS or SBS since making these
    changes.
     
    Anthony Smith, Aug 9, 2007
    #16
  17. Good Morning,

    We are back at it again. Thanks again everyone for your help. From Steve
    and Costas' post, you don't seem to think it has much to do with DNS.
    Before I added the 2nd Forward Lookup Zone for ourecommercesite.com emails
    were being sent ok with no problem. I was using host files on each
    workstation so our users didn't have to type in the IP address of the
    internal webserver to access the website. But in my reading from different
    articles it was a better option to set up the DNS server with an additional
    Forward Lookup Zone.

    That's why I think it's a DNS issue. I must not have it set up properly.
    Network Solutions is the Name Server that handles the DNS for our domain. We
    registered the name with them and are letting them handle the name server.
    I read I had to make our internal server match what Network Solutions server
    said BUT using our internal IP address for the webserver info instead of our
    Comcast IP address which the public has.

    Since I can't get the DNS set up properly, should I just revert back to the
    hosts files and remove the 2nd Forward Lookup Zone?
     
    Anthony Smith, Aug 10, 2007
    #17
  18. Anthony Smith

    Costas Guest

    Anthony,

    What I was trying to say is that it would be better to remove the forward
    lookup zone and have the DNS server at the ISP. No need to setup host files.
    I'm not talking about the internal DNS server. That should remain in place
    and take care of the 'company.local' domain. The internal DNS server should
    have forwarders pointing to the ISP servers. The MX record should be setup
    at the ISP and have it point to their own mail server. When your users use
    webmail to get their emails, they should be using the webmail program from
    the ISP. This way when an internal user sends an email using Exchange
    (internal system) the domain name of your DMZ server will try to be resolved
    by your internal DNS, which will forward it to the ISP DNS for resolution.

    Costas
     
    Costas, Aug 10, 2007
    #18
  19. There are 3 IP addresses that are involved with this particular issue.

    1st IP Address - Our internet Access IP address which is a public address.
    We get this from our hi-speed cable company. (I'll use IP address:
    69.26.106.34 as an example)
    2nd IP Address - Our internal DMZ server Private Address. (IP 168.117.0.6,
    as example)
    3rd IP address - Our external mail server with Public Address (IP
    206.13.44.22, as example)

    When I had 1 Forward Lookup zone (domains.local) users could NOT access our
    ecommercesite.com
    Because it the Name Server is pointing to us. Users in the office had to
    type in for example 168.117.0.6 to access the website, couldn't access with
    the www.domainname.com. So I set up a host file on each PC to resolve the
    name issue. After I set up the emails to point 168.117.0.6 to
    ecommmercesite.com users could access the website by typing in
    www.ecommercesite.com. Emails still worked from companyemail.com to
    ecommercesite.com.

    But I set up a 2nd Forward Lookup Zone(on SBS) called ecommercesite.com and
    tried to match everything Network Solutions had but instead of using the
    Public IP address for our webserver, I used the private address. But the
    mail server settings were identical to Network Solutions because that is an
    external mail server (206.13.44.22 for example). I then deleted the entries
    in the individual hosts file and users could access the website, but can no
    longer send emails to the ecommercesite.com domain.

    If I take out the 2nd Forward Lookup Zone, users won't be able to access the
    website via www.ecommercesite.com but enter the private IP address of the
    webserver. Unless I set up the hosts files again.

    Thanks again for your help!
     
    Anthony Smith, Aug 10, 2007
    #19
  20. Anthony Smith

    Costas Guest

    Is the DMZ server a standalone server or is it a domain server? I assume it
    has it's own external IP address. Right? Do you have two different
    domains?

    How did you setup the MX record for the external mail server. Did you
    create an A record for the server?

    I ask questions over and over again because I'm still not clear how your
    environment is setup

    Costas
     
    Costas, Aug 10, 2007
    #20
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.