Windows Server 2012 R2 IIS SMTP Server Will Not Send Emails
It ended up being a DNS issue. The new server had a total of 5 IP addresses assigned to it. Even though we specified the IP address for the SMTP server to use, when the connection was being made it would resolve back using the computer name and a different IP address than the one we specified.
We added outbound SMTP rules on the firewall for all of the IP addresses on the server and it is working now.
Related videos on Youtube
NinjaBomb
Updated on September 18, 2022Comments
-
NinjaBomb over 1 year
I have an existing SMTP server on our network that is used to send emails from a variety of printers, applications, etc... I have installed the IIS SMTP Server on a new Windows Server 2012 R2 server to replace the current SMTP server in use. To set it up, I copied the settings from the existing SMTP server almost exactly, except for the change in internal IP address.
We have an SPF record so that we can send emails without the use of a smarthost or routing through our mail provider. We have had no problems with it. To avoid updating our SPF record, we set up our Sonicwall rules to route both SMTP servers' outgoing email to appear to be from the same external address, smtp.domain.com.
This what our NAT rules look like:
Internal (smtp.domain.com) 192.168.1.2 -> 68.68.68.68 (smtp.domain.com)
Internal (primarysmtp.domain.com) 192.168.1.3 -> 68.68.68.68 (smtp.domain.com)
We changed a printer to use the new SMTP server (primarysmtp.domain.com) for testing. The emails are received by the SMTP server and put in the Queue folder, which is good. Now, we cannot get these emails to send.
I downloaded the SMTPDIAG tool for testing. At first I thought it was a DNS issue, but that checks out on the test. It will not connect to the target email provider.
We thought it was the windows advanced firewall, but it is turned completely off on the server.
Then we thought it was our Sonicwall rules, but they are almost exactly the same as the existing one we use. We cannot find any place that is blocking port 25. The new NAT rule also has ZERO traffic statistics, so it doesn't look like anything is even getting off of the new server to use the NAT rule.
We have tried IISRESET and stopping and starting the SMTP server multiple times.
The test always fails with the error 10061. My Google fu has gotten me nowhere. Is it possible that Windows Server 2012 R2 could still be blocking outgoing traffic on port 25, even though the firewall is turned off? What are we missing?
-
HopelessN00b over 9 yearsDoes your ISP block port 25 traffic, perhaps?
-
NinjaBomb over 9 yearsWe thought of that too, but we are already sending emails through port 25 using our existing SMTP server without any issues, so I think we are safe there.
-
HopelessN00b over 9 yearsUse telnet to troubleshoot - connect on port 25 to one of those Gmail hosts and see what you get back. Error 10061 means that the connection is being refused - so something along the way is recieving the connect request and rejecting it.
-
NinjaBomb over 9 yearsTo test the SMTPDIAG tool and the port, I went on our current SMTP server and ran the exact same test and it was 100% successful, using almost the exact same smtp servers.
-
joeqwerty over 9 yearsConnect using telnet from the new server to the old server (to port 25 naturally). If that's successful then you can likely rule out the new server as the problem and start looking at your firewall. Also, use smtpdiag to test a number of other external domains (microsoft.com, aol.com, ibm.com, etc., etc.) to see if you get the same results as with gmail.com.
-
NinjaBomb over 9 yearsI didn't think of that :o) I can telnet from the new to old server, so it must be something to do with the firewall and getting to the WAN. It gives me the same error not matter what recipient email address I put in the SMTPDIAG tool.
-
joeqwerty over 9 yearsDoes your firewall have a traffic log? If so, you should look there for SMTP traffic from the new server and see what's happening to it. Also, check what network profile the new server is using and make sure the appropriate outbound SMTP rules are enabled on the new server for that network profile.
-
NinjaBomb over 9 years@joeqwerty - we will look into the traffic logs. When you refer to the network profile, do you mean the profile on the Windows Server, such as domain, private, public? If the firewall is off, would we still need to make sure the rules are applied to them?
-
joeqwerty over 9 yearsYes, that's what I meant. If the Windows Firewall is turned off then you can disregard that and focus on analyzing your network firewall logs.
-