Relay Smarthost (DynDNS) configuration not working

[Candidog]

I also am forwarding all of my email to another server outside of my network (dyndns outbound mailhop). It seems that that is causing email to be queued up in my smtp connector and then eventually the original sender is receiving an NDR that states:
This is an automatically generated Delivery Status Notification.

THIS IS A WARNING MESSAGE ONLY.

YOU DO NOT NEED TO RESEND YOUR MESSAGE.

Delivery to the following recipients has been delayed.

It sits in the smtp queue like it cannot be sent for some reason and it attempts to retry from the queue but still sits in the queue.

Any Ideas on what I can change on my smtp smart host or smtp connector to ensure that my forwarding is also working?

This is how I configured it my SMTP Relay Connector:


Went to "Start/All Programs/Microsoft Exchange" and click on "System Manager".

Expand the "Connectors" item.

By default, Exchange uses SMTP for outbound connections, so you should find an "Internet Mail SMTP Connector" already there. Right click on it and select "Properties".

On the "General" tab, select "Forward all mail through this connector to the following smart hosts" and enter "Smart Host IP" in the field below.

On the "Advanced" tab, click on the "Outbound Security" button to get to "Outbound Security" dialog box.

By default, exchange sets up security to use "Anonymous Access". So I changed this to "Basic authentication (password is sent in clear text)" then click the "Modify" button, enter my DynDNS username and password, and click "OK".

Back at the "Outbound Security" dialog box, I enabled "TLS Encryption" and click "OK".


Restarted the Exchange Routing Services and sent a test email. They all my messages get queued up. I'm recieving email fine but unable to send?

Help!

Greg

 

[Candidog]

Okay I resolved my problem and wrote a document how this configuration is done. So other techs can configure Exchange to use a Dynamic IP address:


Enjoy Greg

================


How to configure Exchange 2003 Server with a Dynamic IP Address.

This document was created to assist you in setting up your Exchange server to uses a Dynamic Address. If you have a small office that is using a cable/DSL modem which receives dynamic IP from their ISP and you’re looking to host an Exchange 2003 Server, then this document is for you.

Domain Name Hosting: First you will need to rely on a company such as DynDNS to do this. You need to setup your domain name or have your domain name moved to DynDNS Custom DNS Service. This server is h is about $24 a year. Ensure you configured your domain name DNS information is using DynDNS Name Servers (ns1.mydyndns.org and ns2.mydyndns.org). Then you must create your MX and A records for your domain. Propagation is pretty quick with DynDNS and can be done as quickly as an hour.

Dynamic DNS Client Configuration: You must install a Dynamic DNS client on your Windows Server, this client will ensure your hostnames and records will always point to your IP Address. DynDNS has its own Dynamic DNS client and it’s pretty easy to setup and configure.

Smart Host Information: Now you will need to purchase DynDNS Mail Outbound Hop. Since we have a Dynamic IP we can’t just send email out from the Exchange server. When you send an email out, the receiving email server with do a reverse lookup of your IP Address and will denied your incoming email because you have a dynamic IP in a dynamic DNS range. So to get around this shortcoming we must relay all our outgoing mail to a Smart Host. In this our case the Smart Host is DynDNS. DynDNS then will send the email out on our behalf and will be able to hand off our email and handle any reverse lookups for our domain name.
You will need to purchase a minimum of 300 Hops from DynDNS. I think this is a sufficient for a small office. But you might need to purchase more if you have a lot of mailboxes on your Exchange server. But an office under 12 users 300 hops is enough for the most. These hops cost about $20 a year or $10 for every 150 Hops. DynDNS has a nice reporting tool that keeps track how many hops you used every day. So with this report you can determine if you need more or less hops.

Configuring our Exchange Server to use a Smart Host: In Exchange 2000 and Exchange 2003, the Simple Mail Transfer Protocol (SMTP) connector replaces the Internet Mail Service in earlier versions of Exchange for mixed mode environments. However, it should be noted that in pure Exchange 200x environments, a connector is not a requirement for Internet mail flow. You can simply use the Default SMTP Virtual Server. This document explains how to configure the SMTP connector rather the configuring the SMTP Virtual Server. Quick note, when relaying mail you should use an SMTP connector because if you have more then one Exchange server all mail then should be routed through the connector. Although if you only have one Exchange server, you could technically configure the Default SMTP Virtual Server to do this relay. But I believe its best practice to do all mail relaying via a connector.

Exchange 2000 and Exchange 2003 work differently than Exchange Server 5.5. SMTP is an add-on to Exchange Server 5.5 through Internet Mail Service. SMTP is native to Exchange 2000 and Exchange 2003. Everything is SMTP-based. The default SMTP virtual server, by itself, can handle all Internet traffic (inbound and outbound).

Typically, the main reason for an SMTP connector is either to send mail a certain way to a certain domain (for example, to forward messages to a specific smart host for that domain only or to send HELO instead of EHLO) or to take the place of an IMS in an environment that includes Exchange Server 5.5.

NOTE: We will not touch the Default SMTP Virtual Server at all. You don’t need to do any configuration with it. All the configuration need is creating a new SMTP connector.

To create and securely configure the SMTP connectors follow these steps:
1. Start Exchange System Manager.
2. Expand the Administrative Groups container. To do so, click the plus sign (+) to the left of the container.
3. Click the administrative group that you want to work with, and then expand it.
4. Expand the Routing Groups container.
5. Click the routing group that you want to work with, and then expand it.
6. Click the Connectors container. Right-click the Connectors container, and then click New.
7. Click SMTP Connector.
8. On the General tab, provide an appropriate identifying name for the connector. I used the name ‘SMTP Smart Host Relay for DynDNS Connector’.
9. Choose to use DNS or forward to a smart host. Enter ‘outbound.mailhop.org’ or you use the IP address of the smart host in square brackets. [63.208.196.171]. I would enter the FQDN rather then the IP address
10. Under Local Bridgeheads, click Add. Add the server that becomes the bridgehead server for the routing group. Designate an SMTP virtual server as a bridgehead server for the SMTP connector. This can be either the server that you are working on or another server in the same routing group. Alternatively, this duty can be shared by multiple servers.

Important: Make sure proper to this installation that Port 25 is not being blocked by your ISP. You can test if Port 25 is being blocked by Telnet into it. For an example [telnet <Servername> 25] then use the command ELHO TEST.COM. See if you then get a response. SMTP virtual servers can be configured to use a TCP (Listening) port that differs from default SMTP port 25. You must make sure that the SMTP virtual server that you choose as a local bridgehead for the SMTP connector has a TCP (Listening) port that equals 25. When you do this, the SMTP virtual server can be reached by other SMTP virtual servers that have the default TCP (Outgoing) port 25.
For more information, click the following article number to view the article in the Microsoft Knowledge Base: 274842 How to change SMTP port 25 to another port in Exchange 2000 and in Exchange 2003
11. Click the Address Space tab. Under Connector Scope, click either Entire Organization or Routing Group. As in earlier versions of Exchange Server, when you configure the Internet Mail Service, click Add, click SMTP, and then click OK. Accept the default (*) unless you require outbound e-mail domain restriction, and leave the cost as 1. If you have accepted the default of (*), you should never click to select the Allow messages to be relayed to these domains check box. Clicking to select the Allow messages to be relayed to these domains check box would open your server for relay to the world. The Allow messages to be relayed to these domains check box should be for secure domain to domain connections only.
12. If you have chosen forward all mail to a smart host, click the Advanced tab. Click the Outbound Security option, and then select an appropriate authentication method for your relay host. The default is Anonymous Access. You must change this to Basic authentication (password is sent in clear text). Now click the Modify button. Now you must enter your DynDNS user account information. Enter your DynDNS user name and the password. Then confirm the password. Uncheck TLS encryption. I had some customers that need it some that don’t. Later check the Queues under the Server and you will see your Connector we created. If you enabled TLS encryption, highlight the SMTP connector and see below under Additional queue information if there is error information about encryption. If there is an error here then uncheck TLS encryption.
NOTE: If there is an error here under your connector you won’t be able to send email out. Mail will be stuck in the queue.
13. Click OK to exit Outbound Security.
14. Click OK to exit the Advanced tab.
15. Click OK to exit the SMTP connector.
16. You must restart the Microsoft Exchange Routing Engine service and Simple Mail Transfer Protocol (SMTP) Service for these changes to take effect.

NOTE: By restarting the Routing Engine it will take in effect of the new configuration changes. By restarting the SMTP service it will flush out any emails in the connector if your troubleshooting the connector.

So always restart both of these services
17. Now send a test email out and with this configuration it should work properly. Anyways see if anything gets stucked in the queue, under Queues. In the Queues window you will see you connector listed and make sure it does has a green icon not a blue icon. A blue icon will indicate something is wrong with send the email out. Also you can go to DynDNS website and login to your account and click on Mailhop Outbound Page and see if you used any relays today.


Good Luck