I have an existing SMTP server on our network that is used to send emails from a variety of printers, applications, etc... I have installed the IIS SMTP Server on a new Windows Server 2012 R2 server to replace the current SMTP server in use. To set it up, I copied the settings from the existing SMTP server almost exactly, except for the change in internal IP address.
We have an SPF record so that we can send emails without the use of a smarthost or routing through our mail provider. We have had no problems with it. To avoid updating our SPF record, we set up our Sonicwall rules to route both SMTP servers' outgoing email to appear to be from the same external address, smtp.domain.com.
This what our NAT rules look like:
Internal (smtp.domain.com) 192.168.1.2 -> 68.68.68.68 (smtp.domain.com)
Internal (primarysmtp.domain.com) 192.168.1.3 -> 68.68.68.68 (smtp.domain.com)
We changed a printer to use the new SMTP server (primarysmtp.domain.com) for testing. The emails are received by the SMTP server and put in the Queue folder, which is good. Now, we cannot get these emails to send.
I downloaded the SMTPDIAG tool for testing. At first I thought it was a DNS issue, but that checks out on the test. It will not connect to the target email provider.
We thought it was the windows advanced firewall, but it is turned completely off on the server.
Then we thought it was our Sonicwall rules, but they are almost exactly the same as the existing one we use. We cannot find any place that is blocking port 25. The new NAT rule also has ZERO traffic statistics, so it doesn't look like anything is even getting off of the new server to use the NAT rule.
We have tried IISRESET and stopping and starting the SMTP server multiple times.
The test always fails with the error 10061. My Google fu has gotten me nowhere. Is it possible that Windows Server 2012 R2 could still be blocking outgoing traffic on port 25, even though the firewall is turned off? What are we missing?
It ended up being a DNS issue. The new server had a total of 5 IP addresses assigned to it. Even though we specified the IP address for the SMTP server to use, when the connection was being made it would resolve back using the computer name and a different IP address than the one we specified.
We added outbound SMTP rules on the firewall for all of the IP addresses on the server and it is working now.