There are a lot of variables in my question, so I'll try to be as concise as possible:
Objective: To setup a local SMTP server for our other servers to connect to a local IP address to mail out. We're moving to Google Apps email, and smtp.gmail.com won't work for us for the applications we're running.
Progress so far: Followed these instructions to setup a Windows Server 2008 x64 to run SMTP. SMTP is setup to allow all connections from anyone, and relay restrictions are set to allow all IPs to relay through it, with anonymous access (I'll play with tightening down security later, not sure how it will affect our applications). This server does NOT have MX records setup for our domain, as they have been setup for our new domain to Google. Our old mail server (Groupwise) is still running on our network, with our old domain's MX records pointing to it. All traffic that is going out of our network is not blocked by our firewall, traffic coming in to the network to the SMTP server I setup is blocked on all ports, but that can easily be changed. I also have access to several public static IPs I can use.
Problems: When sending an email using telnet to test, it works to our internal mail server on our old domain (my feeling is that it never leaves our LAN and goes out to the internet, so obviously it works). When I try to email outside our domain to, say, Gmail or Yahoo email address, I get the following error in event logs: "Message delivery to the host '67.195.168.31' failed while delivering to the remote domain 'yahoo.com' for the following reason: The remote server did not respond to a connection attempt." The emails show up in C:\inetpub\mailroot\Queue, but they are stuck there and never go anywhere. I turned on SMTP logging, and there are absolutely no messages in there that are related to the emails I'm trying to send out to Gmail/Yahoo, although ones to our internal domain/mail server do.
Questions:
- Do I have to setup an MX record for our domain in order to run an SMTP server–all this is for is just emailing out? (My mom always told me there are no such things as stupid questions, although I'm wondering about this one….)
- Do I have to open up port 25 to the outside world on an specific static IP for SMTP to work (or, perhaps to word it differently, is SMTP more than just a one-way street)?
- Perhaps I'm not even asking the right questions. All I'm trying to do is setup a simple SMTP server to just shoot emails out, with no authentication if possible (because of the way our applications work). Am I on the right track?
Best Answer
Sounds like the remote side of the SMTP conversation is not even allowing a connection. To me that sounds like your firewall isn't allowing TCP/25 out of the network for the IP address of your new SMTP server, or possibly the remote SMTP server is blocking your connection for some reason. You'd get a different error message if the problem happened during SMTP negotiation.
If it's your firewall doing the blocking, not an uncommon step to prevent botnets from using corporate networks as spam-farms, then set an exception for your server.
If it is the remote side doing the blocking, that gets trickier. A lot of the fancier anti-spam systems use IP reputation systems as their first step in blocking spam. If your IP is on one of those lists (and it may not show up on any of the RBL checks, since private companies now manage their own rep lists), getting it off can be a major pain.