Hi guys

we are having issues getting some customer emails to our office. we have no spam filters or anything and get plenty of spam at our

info@ email address. i just dont know where to start, is it us or them? we get so much spam it seems odd that its us that are

refusing the emails - but how can i find out where the problem is??? this is really annoying and we have no idea how many other

people arent reaching us

the domains we know that cannot send to us are:
@flooringbyhenton.co.uk
@carrgrange.co.uk
@uniqueplastics.ltd.uk

our email domain is:
@delmargroup.co.uk

our mail comes via:
mail.delmargroup.co.uk

and we use ms exchange as our email, installed on our only server (sbs2003)

this is a failure notice i had sent to my home address, then forwarded (just in case its confusing):

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

From: MAILER-DAEMON@s15212786.onlinehome-server.info [mailto:MAILER-DAEMON@s15212786.onlinehome-server.info]
Sent: 08 June 2010 13:07
To: YYYYYYYY
Subject: failure notice

Hi. This is the qmail-send program at s15212786.onlinehome-server.info.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.

<XXXXX@delmargroup.co.uk>:
TLS connect failed; connected to 217.45.138.121.
I'm not going to try again; this message has been in the queue too long.

--- Below this line is a copy of the message.

Return-Path: <YYYYYY@flooringbyhenton.co.uk>
Received: (qmail 23272 invoked from network); 1 Jun 2010 12:06:32 +0100
Received: from hentonsflooring.pndsl.co.uk (HELO remote.flooringbyhenton.co.uk) (80.229.21.93)
by s15212786.onlinehome-server.info with (AES128-SHA encrypted) SMTP; 1 Jun 2010 12:06:32 +0100
Received: from SBSERVER.fbh.local ([fe80::30bf:1171:2240:83a2]) by
SBSERVER.fbh.local ([fe80::30bf:1171:2240:83a2%10]) with mapi; Tue, 1 Jun
2010 12:06:31 +0100
From: YYYYYY <YYYYYYYY@flooringbyhenton.co.uk>
To: XXXXXXX <XXXXXXXX@delmargroup.co.uk>
Date: Tue, 1 Jun 2010 12:05:24 +0100
Subject: Read: can you....
Thread-Topic: can you....
Thread-Index: AcsBeaBdX0NuXXk/SjyglHJzRA4xxAAALUte
Message-ID: <807C75C824AE3C43B8CFF32BF1DFEF0F0313779AB3@SBSERVER.fbh.local>
In-Reply-To: <41C8997975A46541BCABBCE4284169FB1DB842@delmarserver.DelmarFlooring.local>
Accept-Language: en-US, en-GB
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Content-Type: multipart/report;
boundary="_000_807C75C824AE3C43B8CFF32BF1DFEF0F0313779AB3SBSERVERfbhlo_";
report-type=disposition-notification
MIME-Version: 1.0

--_000_807C75C824AE3C43B8CFF32BF1DFEF0F0313779AB3SBSERVERfbhlo_
Content-Type: multipart/alternative;
boundary="_002_807C75C824AE3C43B8CFF32BF1DFEF0F0313779AB3SBSERVERfbhlo_"

--_002_807C75C824AE3C43B8CFF32BF1DFEF0F0313779AB3SBSERVERfbhlo_
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Your message was read on Tuesday, June 01, 2010 12:05:24 PM (GMT) Greenwich=
Mean Time : Dublin, Edinburgh, Lisbon, London.

--_002_807C75C824AE3C43B8CFF32BF1DFEF0F0313779AB3SBSERVERfbhlo_
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<html><head><meta http-equiv=3D"Content-Type" content=3D"text/html; charset=
=3Diso-8859-1">
<meta name=3D"Generator" content=3D"Microsoft Exchange Server">
<!-- converted from text -->
<style><!-- .EmailQuote { margin-left: 1pt; padding-left: 4pt; border-left:=
#800000 2px solid; } --></style></head>
<body>
<font size=3D"2"><div class=3D"PlainText">Your message was read on Tuesday,=
June 01, 2010 12:05:24 PM (GMT) Greenwich Mean Time : Dublin, Edinburgh, L=
isbon, London.</div></font>
</body>
</html>

--_002_807C75C824AE3C43B8CFF32BF1DFEF0F0313779AB3SBSERVERfbhlo_--

--_000_807C75C824AE3C43B8CFF32BF1DFEF0F0313779AB3SBSERVERfbhlo_
Content-Type: message/disposition-notification

Final-recipient: RFC822; xxxxxxxx@flooringbyhenton.co.uk
Disposition: automatic-action/MDN-sent-automatically; displayed
X-MSExch-Correlation-Key: 0LX0d62IXEi1rUATVEunFQ==
X-Display-Name: XXXXXXXX

--_000_807C75C824AE3C43B8CFF32BF1DFEF0F0313779AB3SBSERVERfbhlo_--
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

any help greatly appreciated, or even if you point me in the right direction!

The connection failure may be at 217.45.138.121 as it may or may not be POP3. This is what I got when querying that IP:
Initiating server query ...
Looking up the domain name for IP: 217.45.138.121
The domain name for the IP address is: host217-45-138-121.in-addr.btopenworld.com
Connecting to the server on standard HTTP port: 80
[Connected] Requesting the server's default page.
The server returned the following response headers:
HTTP/1.1 200 OK
Content-Length: 6264
Content-Type: text/html
Content-Location: http://217.45.138.121/Default.htm
Last-Modified: Wed, 23 Feb 2005 19:33:57 GMT
Accept-Ranges: bytes
ETag: "8080c09dde19c51:58c0"
Server: Microsoft-IIS/6.0
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
Date: Sat, 19 Jun 2010 01:29:18 GMT
Connection: close
Query complete.
Might be the way they have "Server: Microsoft-IIS/6.0 MicrosoftOfficeWebServer: 5.0_Pub" set up. Just a guess. Depends on the response for the others. The look-up host was:
Initiating server query ...
Looking up IP address for domain: host217-45-138-121.in-addr.btopenworld.com
The IP address for the domain is: 217.45.138.121
Connecting to the server on standard HTTP port: 80
[Connected] Requesting the server's default page.
The server returned the following response headers:
HTTP/1.1 200 OK
Content-Length: 6264
Content-Type: text/html
Content-Location: http://host217-45-138-121.in-addr.btopenworld.com/Default.htm
Last-Modified: Wed, 23 Feb 2005 19:33:57 GMT
Accept-Ranges: bytes
ETag: "8080c09dde19c51:58c0"
Server: Microsoft-IIS/6.0
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
Date: Sat, 19 Jun 2010 01:33:15 GMT
Connection: close
Query complete. which is also a Microsoft server. Are the other similar?

our email server is an MS exchange server

sorry i dont understand your post... apologies

Your problem is with TLS, which is a secure connection problem. For one if you own your own server that this is on you need to remove your TLS from SMTP server and just leave it for HTTP server.

As you can see they are refusing connection of the secured email client. Do some searching on google, it's your friend ha ha :).

TLS connect failed; connected to 217.45.138.121.
I'm not going to try again; this message has been in the queue too long.

It's trying to make a secure connection to the remote server so it seems. So botch it, just make a regular connection.

thanks mate,

isnt the TLS to stop people using us as a smtp gateway? sorry for my ignorance but im a web dev who just happens to get lumbered with the server too.

where would i change the TLS on MS exchange?

off to google i go :)

ok, just checked.

we dont have a tick in the 'use TLS encryption' for the smtp connector. could it be a problem the other end?

For the second question, yes actually that is what I meant. For some reason your exchange server seems to, based on the email response above, want to connect to the remote system under TLS. So that's what has to be changed, it has to stop trying to connect to the remote system under TLS.

Now the first question, this I am not sure at all man, I don't use exchange at all. I just know what the error means since I own a server I am used to debugging email problems. But that's a starting point for you, you have to dissable TLS somehow. And there is no real easy way to stop people from spamming your STMP other than requiring a username and password to send out through SMTP. This is what all my servers, and most servers in the world, do. Just require a username and password of an email address on the server to be able to use SMTP. No one without one of those will ever be able to use the server for outgoing.

Sorry couldn't be of more help, but I don't do exchange.

but when i check on our server (exchange 2003) it says TLS isnt being used. the checkbox 'TLS encryption' isnt checked.

this is how i got to that properties page:

>exchange system manager
>admin groups
>first admin group
>servers
>connectors
>internal mail smtp connector
>properties
>advanced
>outbound security
>tls encryption

fyi - it also says that we are using anonymous access on the outbound security page. is that right? sorry but im not brilliant on exchange.

should we add in TLS? it seems more likely they are expecting TLS and cannot send to us without it.

its odd as on their old server they could send to us fine (flooringbyhenton) but since they got a new server setup they cannot. maybe their server isnt configured correctly?

i was given a link to an article on M$ wesbite:

To resolve this issue, remove TLS encryption from the default SMTP connector, and then create a dedicated SMTP connector for TLS-encrypted traffic. To do this, follow these steps:
Click Start, point to Programs, point to Microsoft Exchange, and then click System Manager.
Remove TLS encryption from the default SMTP connector. To do this:
Click Connectors, right-click the SMTP connector that you use for TLS-encrypted traffic, and then click Properties.
Click the Advanced tab, click Outbound Security, click to clear the TLS encryption check box, and then click OK two times.
Create a connector for TLS-encrypted traffic. To do this:
With the Connectors branch still selected, right-click the right pane of Exchange System Manager, point to New, and then click SMTP Connector.
In the Name box, type a descriptive name for the new connector. For example, type TLS_Dedicated_Connector.
Click Add, click the name of the SMTP virtual server that you want to use with this connector, and then click OK.
Click the Address Space tab, click Add, and then click SMTP if it is not already selected.
Make sure that the Allow messages to be relayed to these domains check box is cleared, and then click OK.
In the Internet Address Space Properties dialog box, accept the default values, and then click OK.
Click the Advanced tab, click Outbound Security, click to select the TLS encryption check box, and then click OK two times.

i have done this - now lets see if anything happens!

ok, had to remove that as no mail was going out.

this is really doing my head in now :(

all sorted.

it was that the virtual smtp server was trying to use a certificate even tho TLS wasnt enabled

Glad to hear that it was all sorted out for you. Since I don't use Exchange I couldn't get too deep with you on it, but I was positive, as you found out, that a certificate was being used somewhere it wasn't supposed to be used at.

Glad everything's working for you now.

yeah, it was you who pointed me at a TLS error. thanks bud

on a side not ive learnt how to use telnet now too. how exciting lol