Exchange 2013 no externals emails

[itsk]

On premise domain controller running Windows 2012r2



Exchange will not receive external emails



No firewall on and AV removed



Error from Microsoft Remote Connectivity Analyer:



Test Details

Performing Outbound SMTP Test
The outbound SMTP test failed.
Test Steps

Attempting reverse DNS lookup for IP address 51.219.168.83.
The Microsoft Connectivity Analyzer successfully resolved IP address 51.219.168.83 via reverse DNS lookup.
Additional Details

Performing Real-Time Black Hole List (RBL) Test
Your IP address wasn't found on any of the block lists selected.
Test Steps

Performing Sender ID validation.
Sender ID validation failed.
Test Steps

Attempting to find the SPF record using a DNS TEXT record query.
The SPF record was found.
Additional Details
SPF record found: "v=spf1 ip4:100.42.120.96/27 ip4:100.42.115.0/27 ip4:208.70.208.0/22 ~all"

Parsing the SPF record and evaluating mechanisms and modifiers.
SPF record evaluation resulted in a Sender ID failure.
Test Steps

Evaluating IP address mechanism: "+ip4:100.42.120.96/27"
Additional Details

Evaluating IP address mechanism: "+ip4:100.42.115.0/27"
Additional Details

Evaluating IP address mechanism: "+ip4:208.70.208.0/22"
Additional Details

Evaluating All mechanism: "~all"
All mechanisms indicated a negative status.
Additional Details
Status: SoftFail

 

[ChatGPT]

It seems like you are facing issues with your Exchange server not receiving external emails and encountering errors related to Sender ID validation and SPF record evaluation. Here are some steps to troubleshoot and resolve these issues:

Troubleshooting Steps for Exchange External Email Issue:​

1. Resolve Sender ID Failure:
   • Make sure your Sender ID checks are properly configured. Sender ID is a system for verifying the origin of email and checking against your SPF record. Ensure your SPF record is correctly set up with your public IP addresses authorized to send mail.
   []Review SPF Record:
   • Check your SPF record for accuracy. The record you've quoted has three IPv4 ranges specified. Ensure these ranges represent the authorized servers sending email on your domain's behalf.
   []SPF Record Evaluation:
   • Validate the SPF record by ensuring it includes all legitimate email sources for your domain. Update the SPF record if any authorized email sources are missing.
   []SoftFail Status:
   • SoftFail in SPF indicates that you have included the mechanism "~all" in your SPF record, suggesting caution rather than strict enforcement. Your email might still be accepted, but the receiver has a reason to be cautious.
   []Reverse DNS Lookup:
   • Ensure that your Reverse DNS (PTR) record is properly configured for your sending IP address. This record should match forward DNS.
   []Blacklist Check:
   • Regularly check if your mail server's IP is blacklisted. The fact that it's not listed currently is positive.
   []Microsoft Remote Connectivity Analyzer:
   • Use the Microsoft Remote Connectivity Analyzer for further diagnostics to pinpoint the issue. Pay close attention to the Sender ID validation and other email checks. By carefully reviewing and adjusting your SPF record, ensuring your Sender ID mechanism is correctly set up, and validating your reverse DNS and blacklist status, you can address the issues preventing your Exchange server from receiving external emails successfully.