email problem, ruling out mx/dns

[wowhead]

I've currently got an unsolved email mystery:

There are 2 servers (A & B)

Server A relays all mail off of Verisign's servers for filtration.

Server B is new and SHOULD be functional but the only way we can get it to send mail to the outside world is if we use Server A as a relay.

Ideally, we want Server B to function like Server A.

I don't know why but I suspect DNS/MX, I guess it's because its part of what controls end to end communication.

 

[ShackDaddy]

Explain more about how server A interacts with Verisign, and what sort of arrangement you have with Verisign.

Does Verisign need to be configured to accept ServerB's connections? Does ServerB need to be configured to authenticate against Verisign's smarthost?

The external DNS/MX settings will have little bearing on whether SERVERB can send outbound email (although they do affect whether remote hosts will accept it). As long as ServerB can resolve an external DNS name, it should be able to send outbound mail. But if ServerB needs to send the mail out via VeriSign, there may be specific things that have to be in place, thus my first question.

ShackDaddy
Shackelford Consulting

 

[wowhead]

We are subscirbed to Verisign's email security service which means we use them as a relay. All our mail inbound/outbound comes and goes through them. Verisign is configured to accept mail from both of our servers.

We've been having issues w/ Server B and so at this point we are just trying to get it to send mail to the outside world which also will not work.

 

[ShackDaddy]

Your firewall may be configured to only allow port 25 outbound traffic to Verisign's servers. And the firewall may actually be configured to only allow ServerA. That's what it sounds like to me at this point, since it doesn't make sense that its a DNS problem.

ShackDaddy
Shackelford Consulting

 

[wowhead]

Everything is allowed out. SMTP inbound to Server A is limited to Verisign's list of IP's while Server B is currently allowing all hosts talking on SMTP port.

 

[ShackDaddy]

How is ServerB configured for DNS? Does it point to another internal server to resolve queries? An external? Does it have the DNS service running locally? Are you running Exchange or SendMail?

ShackDaddy
Shackelford Consulting

 

[lgarner]

The first thing I'd try is to manually send a message. From Server B, telnet to Verisign on port 25 and create a simple test message. If they're blocking you you'll find out right away.

If that works and the message goes through, check the mail log on server B. It might indicate where there's a problem. If it says that Verisign accepted the messages for delivery, then it's probably not DNS-related. The log file should indicate the nature of the failure if it's actually failing for Server B.

 

[wowhead]

Telnet to 69.7.36.15 25 and tell me what happens. I've been trying to test remote connectivity (inbound).

 

[ShackDaddy]

Can't connect.

ShackDaddy
Shackelford Consulting