SMTP Diagnostics : Outbound Email
To accurately diagnose SMTP delivery problems, you need to gather the evidence. Once you have collected the evidence, you can start to look at why email is not going out.
Failure for outbound email to be delivered falls in to two broad categories.
- Cannot find or connect to the remote server.
This will include DNS errors, blocked ports, badly configured servers etc.
The key question here is whether the problem is happening to all email or just some.
If you can send email to other email addresses then the problem is most likely not at your end.
If no email is going out then the problem is probably local to your server or network.
- The remote server refuses the connection.
A remote server will refuse to accept the email message for a number of reasons.
- A problem with the recipient - the mailbox (email address) doesn't exist, the server that you are connecting to isn't responsible for the domain, the mailbox is full, etc. The SMTP error message should say what the problem is, and in the case of mailbox errors, what the message says it means. In many cases the email administrator doesn't even see these errors as the senders recognise that they have made a mistake and send the message again.
- One of the many anti-spam measures are being used.
This could include presence on a blacklist, reverse DNS isn't correct, your domain cannot be resolved on the Internet, your server announces itself as an invalid name or a name that is different to the RDNS.
Cannot find, or cannot connect to the remote server
All Messages - Blocked Ports
If all the messages are sitting in the queues, then you may have connection problems.
Verify if you can connect to any remote servers...
- Open a command prompt and enter the following text:
telnet maila.microsoft.com 25
You should get a banner back similar to this:
220 mail01.microsoft.com Microsoft ESMTP MAIL Service ready at Sun, 15 Feb 2009 10:57:46 -0800
If the cursor just sits there, then outbound port 25 is blocked, but you need to find out where.
- Next, repeat the test with your ISP.
telnet mail.isp.net 25
(where mail.isp.net is their SMTP Server. If you cannot find their SMTP server listed on their web site, look for their instructions for configuring Outlook Express)
That should connect. If it doesn't, then see the resolutions below
Resolutions to Connection Problems.
- If you cannot connect to either the ISP or Microsoft, then port 25 is blocked to the Internet - most likely at the firewall. It is highly unusual to find an ISP that blocks port 25 for all of their customers, as that would stop anyone from using Outlook Express.
It may also be your antivirus software - ensure that any port blocking or Internet email protection features have been disabled.
- If you can connect to the ISP but not Microsoft, then the problem is that your ISP is blocking port 25 to the Internet. Use an SMTP Connector to route email via your ISPs SMTP Server - Exchange 2003 SMTP Connector - Exchange 2007 Send Connector
Connection Problems - Some Email
If only some email is flowing, but others are staying in the queue, then you will need to diagnose more carefully.
If the server can resolve the correct host, it may not be able to connect to the recipient's email server to deliver the message.
Testing whether this is possible or not is very simple, using a telnet test. You do not have to complete a full telnet test as you are simply testing connection.
- Open a command prompt (start, run and type cmd)
- Enter the following text:
telnet mail.domain.com 25
Replace "mail.domain.com" with the full address of the server that you are trying to connect to. Use the nslookup information below to find the server address.
- You should get a connection and then the SMTP banner, which will look something like this:
220 mail.domain.net Microsoft ESMTP MAIL Service, Version: 6.0.3790.1830 ready at
Mon, 1 Jan 2005 00:00:00 +0100
The exact text will vary depending on what email server the remote site is using, but it should start with "220".
Failure of this test will usually mean that there is no email server on the address that you are connecting to.
Use ping and NSLOOKUP to diagnose the problem locally.
- First, use nslookup to find the MX record:
- nslookup <enter>
- set type=mx <enter>
- domain.com <enter>
This should give you a result similar to below (which is microsoft.com at the time of writing)
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
Default Server: server.domain.com
> set type=mx
microsoft.com MX preference = 10, mail exchanger = mailc.microsoft.com
microsoft.com MX preference = 10, mail exchanger = maila.microsoft.com
microsoft.com MX preference = 10, mail exchanger = mailb.microsoft.com
maila.microsoft.com internet address = 188.8.131.52
maila.microsoft.com internet address = 184.108.40.206
mailb.microsoft.com internet address = 220.127.116.11
mailb.microsoft.com internet address = 18.104.22.168
mailc.microsoft.com internet address = 22.214.171.124
mailc.microsoft.com internet address = 126.96.36.199
- Now you have the information on the MX host, ping the host by name to see if:
- it is alive
- the correct IP address is resolved and pinged.
Failure of the ping isn't unusual as many people will not respond to ping.
If that is the case, do a telnet test to port 25 of the server instead. (See above)
- Compare your results with those of an external source (http://www.dnscolos.com/free-dns-report.html) to check on the Internet.
If the results are different between your results and those from the Internet, then you need to check your DNS settings and flush out cached information.
Connection Refused Errors
If your users start getting Non Delivery Reports (NDRs) where the connection was refused, then that could be a problem with your server configuration. Most common problems include
- Lack of reverse DNS
- On a dynamic or residential IP address
- SMTP banner is not correct or invalid.
If you start getting connection refused then the text of the NDR is usually the best clue to the source of the problem. That will often say if you are blacklisted or on a dynamic IP address (often referred to as DUL - Dial Up List).
The first thing you should do is put your own domain in to http://www.dnscolos.com/free-dns-report.html and see whether anything is flagged in the mail server section. Ignore DNS server errors as those are often out of your control.
If DNS errors are shown, or the SMTP banner is in correct, then you need to get those corrected. Our guide to DNS configuration for Exchange explains what you need to do and can be found here.
If you suspect that you are blacklisted, then you need to use one of the many online blacklist tools that are available. One such site is http://www.robtex.com/ .
Remember that it is always IP addresses that are blacklisted, not domains. When you are running the tests, use your external IP address.
If you are blacklisted then go to the blacklist site and see if they give you are a reason for listing and instructions on how to get delisted. However ensure that you have fixed the problem first.
If you are listed on a dynamic IP address then you will not be able to get delisted. The dynamic IP address blocks are provided tot he blacklist operators by the ISPs. If you have paid for a static IP address then contact your ISP and ask for an address that is not part of their dynamic block.
If you are blacklisted by dynamic IP address, or are waiting for DNS changes to propagate or to be delisted from a blacklist, then you can use an SMTP Connector to send email via your ISPs SMTP Server. You can choose whether to send all or just some email via the ISPs SMTP Server. For Exchange 2003 you will need an SMTP Connector, for Exchange 2007/2010 you will need a Send Connector.