SMTP connector stopped working after broadband upgrade

[Mark M]

Ive used a SMTP connector in Exchange for years to send emails direct from a specific program, I actually got the advice form here on how to set it up, and its worked ever since occasionally having to change the IP address when the business centre changed broadband supplier. At the business centre I used a Draytek 2920.

Last year we moved into our office and had Virgin Business installed with 1 fixed IP, everything worked fine with the Virgin router once I changed the IP address in the Connectors setting in Exchange.

6 months on Ive had a tennant move into one of the spare offices who asked if they could have their own IP so I spoke to Virgin and upgraded to the 5 fixed IP option which was installed yesterday. Everything is working fine for us and the tennant apart from the SMTP connector.

Because of the multiple IP addresses Ive had to revert back to the Draytek router as the VM router switches to modem only mode. Ive updated the connector settings with the new IP ( I wasnt sure if I should use the gateway IP or one of the range of 5 that I use so Ive added both to Exchange Connector but no joy)

So 2 things have changed, the IP which I think Ive updated correctly as I have done previously, and the draytek router is now being used. Could there be a setting in the Draytek that needs to be updated? It was 6 years ago that I set it up so cant fully remember if there was anything needed to be done to get the connector working. The draytek worked fine last year at the business centre so hopefully its something simple.

Many thanks.

Edit - one other thing that has changed is the Virgin Media router as they took away they old one. Its exactly the same as the old one but pressume they get configured centrally and then sent out for the engineer to connect? Again though, I cant remember changing any settings when we moved here and had VM put in.

 

[Mark M]

Draytec/virgin aint my strong point

Are the 5 address usable? usually you get 5 but only 3 are actually usable.
with the draytec i seemed to remember you had to add them as alias's in the wan config then you could use them in the nat pool.

You need to add them as aliases on a Draytek - highest IP address given is normally the fixed ip address to use, and the one which joins the NAT pool, all others should be added as aliases' and enabled but not joining the NAT pool.

You also likely need a firewall rule adding/changing to allow SMTP to/from the specific fixed IP

Ive just attempted to do this but came accross a problem straight away and the internet stopped working completely. Ive reset everything so hopefully I missed something obvious. This is how I have it set up:

Virgin router IP - x.x.x.145
Our IP x.x.x.146
Tennants IP - x.x.x.147

I went into the Draytek settings and changed the IP to 145 and then into the alias section and set up 146 and 147 but left Join NAT IP Pool unticked. Is there anything else that Im missing?

Not related to exchange but you do realise that the Draytek 2920 only has a WAN throughput of 150 Mb/s. So if your on the 350 or 500 Mb/s Voom package your losing a lot of performance.

I did not know that thanks, the router is an old one that I assumed would work fine but we are on the 350 package so I'll look at an upgrade thanks.

 

[Mark M]

The best way to setup the tenant would be for them to have their own router and then just plug it straight into the Virgin hitron. Give the tenant router the x.x.x.147 IP. Keeps them completely separate from your network that way without needing any config on your Draytek.

Thats what we've done and there is no issues with them, its just this SMPT connector thats stopped working for us.

 

[Mark M]

You don't need to add the tenants IP in your Draytek as an alias. That will mess it up.

If your exchange server has multiple lan ports you could just bypass the Draytek and connect it straight to the hitron and give it x.x.x.148

Ok, tenants alias removed but the same thing happens when I change the IP to x.x.x.145 and nobodt gets any internet.

Were actually using exchange via MS365, sorry I should have said that in the original post.

 

[Mark M]

Is x.x.x.145 the Virgin gateway address of the Hitron ? What is the range that Virgin gave you?

If so the Draytek should be setup in WAN > internet access as:

IP: x.x.x.146
Subnet: 255.255.255.248
GW: x.x.x.145

Then in the WAN IP alias add the ones you want to use like x.x.x.148 etc.

Yes thats correct, the Hitron is set to x.x.x.145 and its set up as aboce with the IP and gateway. We have x.x.x.146 - 150 available so I set ours to .146 on the draytek and the tenant is using .147 on their own router.

I just want to check that Im not sending everyone off on a wild goose chase and that the issue is with the IP alias as I actually only need the one IP address for our office? I only had a single IP address before the upgrade and sending emails via the SMPT connector worked fine.

 

[Mark M]

You should only need to use the x.x.x.146 IP. Do you have the Draytek set as stock with all outgoing ports opened?

I believe the Draytek is set correctly but as you can tell Im no expert. Is it worth factory resetting the Draytek just to rule a rogue setting out? Our requirements are very basic with the exception of this SMPT connector so there is nothing to set up in the Draytek once reset other than the WAN setup.

 

[Mark M]

Draytek go into Firewall > General Setup > Default Rule > Filter set to Pass.

Yes could be worth a factory reset and update to latest firmware if it's not installed.

The filter is already set to pass so I think I'll do a factory reset and also check the firmware.

 

[Mark M]

Ok so I was in early this morning to restore and upgrade the router. Everything is back online but the problem with the SMTP connector persists.

This is what Ive done so far:

Set my WAN IP to x.x.x.146 (When I google whats my IP I get this address)
Gateway x.x.x.145

In O365 I have set up a new connector (deleted the old one) as follows:
From: Your organizations email server
To : O365
Name: Virgin IP
Turn it on - Yes
Retain internal Exchange email headers (recommended) - Yes
IP - x.x.x.146

The settings in the program that I need to send the emails directly from are as follows:

Host - mydomain.mail.protection.outlook.com
Port - 25
Authenticatoin - TLS/SSL

Is there anything else that I need to set up? I havent done anything with port 25 in the router yet?

Or is there anything I can try to rule something out? Could I activate DMZ temporarily to see if the problem lies with the router perhaps?

Thanks for all the help so far

Edit - @visibleman mentioned above about test the connector with telnet so Ive read up on that and activated it etc and then tried the following:

telnet x.x.x.146 25

It came back with connection failed so I assume I need to open that port?

 

[Mark M]

I can update it but it was working previously on port 25. I'll test both out though thanks.

Ive had a potential light bulb moment however! When I spoke to Virgin to get the WAN details they said their router should turn itself into modem mode automatically once a router was connected to one of the IPs. They said I would know this because the IP address would change to 192.168.0.100 rather than the default 192.168.0.1. Ive just tried and I cant access 192.168.0.100 and 192.168.0.1 is still active. Could there be a problem here with essentially 2 routers still be used if it hasnt switched to modem mode properly?

 

[Mark M]

You can't use modem mode with static IP's on Virgin. It only works with a dynamic IP.

With 5 static IP's the hitron IP remains as 192.168.0.1 unless you change it.

Hmmm ok then, must have been duff info from Virgin! Scrap that lightbulb moment then! Is there anything I need to change in the Hitron? I notice it still has the option to open ports etc or does it bypass all of the settings in there?

 

[Mark M]

Also for your telnet test you should be doing:

telnet mydomain.mail.protection.outlook.com 25

Also is there any reason why you don't use option 1 on this guide as it's a lot easier and you don't need to use the connector:

https://docs.microsoft.com/en-us/ex...e-or-application-to-send-email-using-office-3

The telnet on mydomain 25 appears to work but still wont send the emails! I'll check with 587 and 465.

I originally tried option 1 when I set this up years ago but it wouldnt work. Ive just tried it again and it comes back with an error code 554.

 

[Mark M]

I assume you've done a 'Message Trace' just to see if mail in going through the connector (and out)?

I dont think I can use a message trace as the software doesnt seem to be able connect to O365? Ive checked the error log in the software and it says the following - Could not send: Unaccepted server reply from command RCPT TP: [email protected] NOTIFY=NEVER (error code is 550)

And are the FROM/REPLY legit and working addresses (be it a mailbox or a distribution group) within your domain/O365 tenant?
I don't believe it's a requirement for O365 SMTP relay/connector but I've always done it (typically a distribution group) so you get bounce-backs etc.

It was previously set up as a distribution list email when it worked but to rule that out as an issue I set it up with my own email and get the same error for both.

If you haven't, run through this telnet tutorial, https://docs.microsoft.com/en-us/exchange/mail-flow/test-smtp-with-telnet?view=exchserver-2019, as it should send an actual email rather than just testing the connection to the connector.
Test with sending mail to 'inside' (domain/O365 tenant mailboxes) and 'outside' (like Gmail etc; we've had/have problems sending mail to Hotmail through a O365 connector/SMTP relay).

I'll look at that now thanks.

What's generating the '554' error?

As that typically suggests either the TO/FROM header is malformed, so i'd be looking at the application or device that is sending the email and making sure the settings there are correct. Certainly also worth testing the connector with a mail app or another device though.

Its the error from the software when trying to send an email using option 1

 

[Mark M]

If you haven't, run through this telnet tutorial, https://docs.microsoft.com/en-us/exchange/mail-flow/test-smtp-with-telnet?view=exchserver-2019, as it should send an actual email rather than just testing the connection to the connector.
Test with sending mail to 'inside' (domain/O365 tenant mailboxes) and 'outside' (like Gmail etc; we've had/have problems sending mail to Hotmail through a O365 connector/SMTP relay).

Started reading this and noticed it says there is a tool that you can try - https://testconnectivity.microsoft.com/? so thought I would give it a try and used the Outbound SMTP Test. A few things passed the test but it failed on Real Time Black Hole List? Here is what it says:

Performing Real-Time Black Hole List (RBL) Test
The RBL test failed. Your IP address was found on one or more block lists.

Additional Details
Elapsed Time: 12509 ms.

Test Steps

Checking Block List "SpamHaus Block List (SBL)"
The address isn't on the block list.

Additional Details

Checking Block List "SpamHaus Exploits Block List (XBL)"
The address isn't on the block list.

Additional Details

Checking Block List "SpamHaus Policy Block List (PBL)"
The test passed with some warnings encountered. Please expand the additional details.

Additional Details

An unexpected status code was received from RBL: 11
Elapsed Time: 31 ms.

Checking Block List "SpamCop Block List"
The address isn't on the block list.

Additional Details

Checking Block List "NJABL.ORG Block List"
The address isn't on the block list.

Additional Details

Checking Block List "SORBS Block List"
The IP address was found on block list.

Additional Details

The IP address x.x.x.146 was found on the block list.
Status code: 10
Elapsed Time: 1223 ms.

Checking Block List "MSRBL Combined Block List"
The address isn't on the block list.

Additional Details

Checking Block List "UCEPROTECT Level 1 Block List"
The address isn't on the block list.

Additional Details

Might that be the problem?

 

[Mark M]

Definitely do the telnet test above as it should give you some insight to what the issue is

I ran through the telnet test and it turned out Microsoft has blocked the IP and it needed to be verified by visiting https://sender.office.com/ 30 minutes later and everything is working as it should be again.

Many thanks for yours and @pcfarrar help with this, I would never have sorted it otherwise.