Post permalink

• Mike Dimmick
  Mar 19, 2006 at 12:41 PM

  khgiese wrote:

  I have the firewall on the exchange server truned of, i do not have any extra installed software such as groupshield, anti-virus or anything other then Windows 2003 server std sp2 and exchange 2003 sp1. I used netstat -an to verify that port 25 has nothing else using the port and the status is listening.
  Can anyone help me here?

  
  
  I'm going to assume that you've got those two service pack numbers the wrong way round, since the current Exchange Server 2003 service pack is SP2, while there isn't yet an SP2 for Windows Server 2003.
  
  You must have some kind of firewall switched on. Did you run the Security Configuration Wizard from Windows Server 2003 SP1? See this Exchange team blog post for information on using SCW with Exchange Server.
  
  The only other alternative I can think of is that DNS resolution between the client you tried and the DC is broken, which typically means that you don't have the right DNS configuration on the client. For AD to work, your clients - indeed all computers on your network including member servers and domain controllers - should only have internal DNS servers listed, so that all DNS queries go to your domain DNS servers. Your domain DNS servers should have forwarders set up (normally your ISP's DNS servers) to forward DNS queries for external sites.
  
  If that's the case, the failure to connect to port 25 from a client computer is a red herring. Firstly, you need to tell the world where to send email. This is done by setting up MX records in your public DNS zone, to point to the appropriate server. Then you need to ensure that the SMTP server is exposed to the internet - if you have a hardware firewall you need to allow communication to port 25 on your SMTP server, and if you're using NAT you need to ensure port 25 on the external interface is mapped to port 25 on your server.
  
  Normally I'm not a fan of Steve Gibson but he does have an end-user accessible port scanner. See ShieldsUp on his homepage. Enter port 25, then choose User Specified Custom Port Probe. The service is intended to tell you that ports are closed, therefore you want it to tell you that the probe failed and that port 25 is open.

See more posts in thread…