Professional Documents
Culture Documents
Best Practices & Troubleshooting Domino SMTP Mail Routing - 25 April 2012
Best Practices & Troubleshooting Domino SMTP Mail Routing - 25 April 2012
Agenda
Additional resources
Q&A
Relay hosts
Smart hosts
Firewalls
MX Record
DNS server
10
11
Mail1/Acme
INTERNET
Mail2/Acme
Mail3/Acme
12
Mail1/Acme
INTERNET
Mail2/Acme
Mail3/Acme
13
INTERNET
SMTP2/Acme
Mail2/Acme
14
15
16
17
18
19
Using NSLookup:
NSLookup is necessary to resolve a domain name's MX (Mail Exchange) record
To use NSLOOKUP, enter in the following at a command prompt:
-Nslookup (enter)
-Set type=mx (enter)
-Type the domain name (e.g., xyz.com)(enter)
Valid MX records for the specified domain will be displayed.
Use the the hostname or IP address returned for the mail exchange record.
Sample ouput of nslookup:
MX record: acme.com IN MX 5 mail1.acme.com
MX record: acme.com IN MX 5 mail2.acme.com
MX record: acme.com IN MX 10 mail3.acme.com
MX record: acme.com IN MX 10 mail4.acme.com
20
21
MxToolBox:
Mxtoolbox is an integrated tool gives users the ability to do different types of lookups
(MX record, DNS, blacklist and SMTP diagnostics ) from one common location.
To use this tool go to www.mxtoolbox.com.
22
23
Issue Sh task command on Domino console. If you see SMTP Server: Listening for requests on port 25,
verify if Mx records are exists for your Domain in DNS Configuration. If not contact ISP Provider and obtain.
If SMTP server not running Go to the, Basics tab of the Server document and verify SMTP Listener Task is
enabled or not.
SMTP Server listening for requests on a different port than 25,reset the Domino Inbound SMTP port
back to 25 in the Server document, Ports, Internet Ports, Mail Tab
Check for any error message on the console or gather if any DFR is received.
If SMTP listener task is enabled then perform Telnet to Domino server on port 25 to check connectivity
from Outside Firewall. If telnet is successful domino can accept mail.
But If Telnet fails with 4XX or 5XX error message during the exchange of commands,
gather the error message and call Lotus Support.
If telnet fails from Outside firewall, find a workstation inside firewall and again perform telnet test.
If Telnet is successful inside Firwall inbound mail routing problem likely to be caused by firewall blocking.
If telnet fails inside firewall also Telnet directly from the physical server to itself
24
25
26
27
28
[1348:000E-2708] SMTPClient: Attempting to Connect: Host IN.mail2.acme.com, Port 25, SSL Port 0, Connecting Domain divnotes2.laminex.com
[1348:000E-2708] SMTPClient: Connection successful
[1348:000E-2708] SMTPClient: ReceiveResponse: 220 IN.mail2.acme.com ESMTP Sendmail 8.14.4/8.13.1/NCO v10.0 AVin; Tue, 17 Apr 2012 0
[1348:000E-2708] SMTPClient: CommandEHLO: EHLO divnotes2.laminex.com
[1348:000E-2708] SMTPClient: ReceiveResponse: 250- IN.mail2.acme.com Hello ralagari.acme.com [9.124.240.189], pleased to meet you
[1348:000E-2708] SMTPClient: ReceiveResponse: 250-ENHANCEDSTATUSCODES
[1348:000E-2708] SMTPClient: ReceiveResponse: 250-PIPELINING
[1348:000E-2708] SMTPClient: ReceiveResponse: 250-8BITMIME
[1348:000E-2708] SMTPClient: ReceiveResponse: 250-SIZE 20000000
[1348:000E-2708] SMTPClient: ReceiveResponse: 250-DSN
[1348:000E-2708] SMTPClient: ReceiveResponse: 250-STARTTLS
[1348:000E-2708] SMTPClient: SMTP Authentication is not required by local server. Username: -blank[1348:000E-2708] SMTPClient: Attempting to SubmitMessage:
[1348:000E-2708] SMTPClient: RFC822 message outbound stream saved to C:\WINDOWS\TEMP\notes58B59F\st598255.TMP
[1348:000E-2708] SMTPClient: Pipelined commands:
[1348:000E-2708] SMTPClient: MAIL FROM:<Notes.admin@laminex.com> SIZE=1682
[1348:000E-2708] SMTPClient: RCPT TO:<james.smith@acme.com>
[1348:000E-2708] SMTPClient: DATA
[1348:000E-2708] SMTPClient: End of pipelined commands
[1348:000E-2708] SMTPClient: ReceiveResponse: 250 2.1.0 <Notes.admin@laminex.com>... Sender ok
[1348:000E-2708] SMTPClient: ReceiveResponse: 250 2.1.5 <james.smith@acme.com>... Recipient ok
[1348:000E-2708] SMTPClient: ReceiveResponse: 354 Please start mail input.
[1348:000E-2708] SMTPClient: Data Send Succeeded 476 bytes
[1348:000E-2708] SMTPClient: ReceiveResponse: 250 Mail queued for delivery.
[1348:000E-2708] SMTPClient: Attempting to Disconnect:
[1348:000E-2708] SMTPClient: CommandQUIT:
[1348:000E-2708] SMTPClient: ReceiveResponse: 221 Closing connection. Good bye.
[1348:000E-2708] SMTPClient: Connection terminated successfully
Router: Transferred 1 messages to ACME.COM (host IN.mail2.acme.com) via SMTP
29
30
Case Study 1:
Unable to Route all outbound SMTP mails.
a)
In Lotus Domino, you notice that your outbound SMTP server not routing all the emails but held in the mail.box.
Tell router sh queue task displays the error message 'Waiting for DNS availability' .
> tell router show queue
[05D8:0002-069C]Msgs State Via Destination
[05D8:0002-069C]12 WaitingForDNS Waiting for DNS availability.
[05D8:0002-069C] Transfer Threads: Max = 11; Total = 0; Inactive = 0; Max Concurrent = 5
[05D8:0002-069C] Delivery Threads: Max = 11; Total = 0; Inactive = 0
This Indicates Problem is in your DNS server. contact your Network admin or ISP Provider to resolve DNS related
issues.
Some Known issues reported on Domino SMTP server running on a Windows 2000 or Windows 2003 machine fails
to route outbound SMTP messages, first intermittently, then completely. DNS errors seen.
Contact Microsoft support team for possible patches.
Issue can also be resolved by adding DNSServer=IP address, IP address(where IP is the IP address of the DNS
server that Domino should use) to the notes.ini of the server experiencing the issue for for Domino versions 8.5.1
or earlier. Domino 8.5.2 onwards this parameter no longer used.
31
32
33
Case Study 2:
Unable to Route outbound SMTP mails to Specific Domain.
Check tell router sh queue to understand last error reported by router to this particular domain.
Enable SMTPClientDebug=1 parameter to capture Outgoing SMTP Conversation.
Telnet to Effected Domain on Port 25.If Telnet and SMTPClientdebug Output gives same result then there is no
issue from the Domino End.
Possible reasons:
a)Sending server DNS is unable to resolve or wrong mx records returned for Destination server.
To resolve issue temporarily Create Foreign SMTP domain document to by pass the DNS query.
34
c) Blacklisting IP address.
35
Case Study 3:
Unable to receive messages after moving user to new server
Users Mailfiles are moved to a different server and removed the maifile from the previous server but you notice
that router keeps attempting to deliver mail to the Old location. Why?
Make sure the Person document in the replica located on the server that is showing the problem already
reflects the move .
If Users person document, document properties have fields "NewMailServer" and "NewMailFile".
remove the fields "NewMailServer" and "NewMailFile" & set the correct values for "MailServer" and
"MailFile"
36
Case Study 4:
Unable to relay messages from Blackberry or Application server:
Unable to relay messages from Blackberry server or any application server through Domino SMTP server
with Error message 554 Message rejected for policy reasons.
When Domino SMTP server is configured as Closed Relay connecting Server IP Addresses should be
excludeded from AntiRelay Checks for Successful relay through Domino SMTP server.
37
Case Study 5:
Unable to send/receive mails to/from Specific domains:
a)Unable to send mails to specific domains:
Enabling SMTPClientdebg=1 displays below few error messages.
SMTPClient: ReceiveResponse: 250 Refused. Your reverse DNS entry does not resolve.
SMTPClient: ReceiveResponse421 Refused. Your reverse DNS entry does not resolve.
SMTPClient: CommandRSET:
SMTPClient: Connection terminated with status: 2562
Router: No messages transferred to ACME.COM (host IN.mail2.acme.com) via SMTP: SMTP Protocol
Returned a Transient Error
SMTPClient: Attempting to Connect: Host IN.mail2.acme.com, Port 25, SSL Port 0,
Connecting Domain divnotes2.laminex.com
SMTPClient: Connection successful
SMTPClient:ReceiveResponse: 421 4.7.1 : (DNS:NR)
Destination server is configured for a Reverse DNS Lookup and sending server do not have PTR
record defined in DNS server.
Contact Network or ISP team to make a proper reverse PTR record for your domain.
b)Unable to receive Mails from Specific domains:
You Domino server is configured for reverse DNS Lookup for all connecting domains in configuration document
Router/SMTP-->Restrictions and controls -->SMTP Inbound Controls-->Verify Sender's domain in DNS .
Disable Verify Sender's domain in DNS or
Add SMTPReverseLookups=1 parameter to Domino server's Notes.ini or
Suggest Connecting domain to have PTR record in DNS Server.
38
Case Study 6:
Mail being delivered to the wrong recipient:
If mail is being delivered to the wrong person, check
-
Person document of the recipient Internet Address & Mail fle name.If it is Wrong Correct the same.
Configuration document, Router/SMTP tab,Address lookup field if its set to Fullname then local part, change It
to Fullname onlymake sure this setting is done on the first server that receives the mail (Incoming SMTPserver).
If Alternate Internet Alias Domains are configured create separate Global domain document for Each alias
internet Domain is recommended. For Eg acme.com is a Primary Internet domain and acmeorg.com is
secondary internet domain then create 2 Global domain document for each alias internet Domain as shown
Below fig.
39
Case Study 7:
Users receive duplicate mails:
Duplicate e-mails are received from the internet for a user if the mail is addressed to the user in the "To" field
and a group's internet address is in the "cc" field, where the user is a member of the group.
This issue is now fixed in Lotus Notes and Domino 8.5.1 and need to add following Notes.ini parameter.
RouterDupElimLookedUpFullName=number
Description: Eliminates duplicate messages to recipients when the recipient is both on the To or Cc field
and in a group on the To or Cc, for messages coming from the internet.
Use the following values to set this variable:
0 - Do not eliminate the recipient's FullName from Router group expansion results
1 - Eliminate the recipient's distinguished FullName from Router group expansion results
2 - Perform another recipient lookup by FullName for verification before eliminating recipient's
distinguished FullName from Router group expansion result.
40
Additional resources
Error: 'Server is not responding' sending SMTP mail to external domains
http://www.ibm.com/support/docview.wss?uid=swg21312913
Understanding SMTP authentication and securing your IBM Lotus Domino 8 server from spam
http://public.dhe.ibm.com/software/dw/lotus/SMTPAuthSpamFinal.pdf
Knowledge Collection: Common Lotus Notes/Domino Mail Routing problems
http://www.ibm.com/support/docview.wss?uid=swg21568008
How to Configure a Domino Server to Send Internet Mail
http://www-01.ibm.com/support/docview.wss?uid=swg21089344
Determining the number of mailboxes required for a server
http://www-01.ibm.com/support/docview.wss?uid=swg21148438
Error: 'No route found to domain' when sending mail to the Internet
http://www.ibm.com/support/docview.wss?uid=swg21417776
Understanding the Global Domain Document
http://www.ibm.com/support/docview.wss?uid=swg21417776
41
Questions?
42