CF9 Web Server relay to Exchange 2010

Report · Mar 08, 2011

I am in process of migrating our Exchange 2003 server to Exchange 2010 SP1. We have two CF servers (version 6.1 and 9). Currently we use the native mail settings within the CFIDE administration pointing to our Exchange 2003 server and email works fine. I changed the mail settings to the IP address of our Exchange 2010 server and although the settings were verified, emails were not being sent out. As far as I can tell, Exchange never receives them (Using the Queue Viewer and Message Tracking Tools). The default receiver connector has already been configured to accept any connection from within our network with "arms wide open" and that was not good enough. I then created another connector. Using the EMC wizard, I selected internal, adding the IP address for the CF servers. Under Authentication, TLS, Basic, Exchange, and Windows authentication is selected as available security mechanisms. Under Permission Groups, everything is selected, including anonymous (again for security reasons, only the IP address of the CF is allowed to use this connector).

I cannot trace the problem. As far as CF is concerned the message was "successfully sent using [server IP]" but yet the message does not seem to hit Exchange and therefore get sent to the internal user or external user (depending on the situation). Emails routing is fine for everything else. I have tried with a username and password and without, tried with SSL or without and even changed the port (not that it should matter as port 25 and 587 works for other services).

Any advise? I need to resolve this issue, so I can offiically shutdown the Exchange 2003 server. As far as the configuration on 2003, we had to add the IP address to the Relay list under the SMTP protocol (which is now the receiver connector in 2010, if I understand it correctly.

FYI, Exchange 2003 and 2010 is in co-existance mode. I have a routing group currently that allows for communication between 2003 and 2010. All users have been moved to 2010, PF moved, GAB moved, MX record, lists goes on. Really this is the last piece of the puzzle to pull the plugged. Of course, it did not help matters when CF states that messages were successful even the verification works yet, it really does not. Major headache when today it was determined that emails were not being sent out to our clients. UGH!

Thanks in Advance!

Report · Mar 08, 2011

Hi Jeff,

I usually find helpful connecting from the CF server to the exchange server and keying in the SMTP commands. Sometimes you get an error eg Relay deny or such and can then debug the exchange connector rules. EG:

From CF server telnet (or PUTTY some other telnet tool) exchange 25

220 domain Microsoft ESMTP MAIL Service, Version: 7.5.7600.16544 ready at Wed, 9 Mar 2011 10:52:10 +1000
helo
250 domain Hello [127.0.0.1]
mail from:sender@domain
250 2.1.0 sender@domain....Sender OK
rcpt to:recipient@domain
250 2.1.5 recipient@domain
data
354 Start mail input; end with <CRLF>.<CRLF>
subject:test mail
message text
.
250 2.6.0 <gACiXeRbD00000001@domain> Queued mail for delivery

HTH, Carl.

Report · Mar 09, 2011

Was able to successfully send a test message using putty and port 25 from the web server (CF9) to the mail server (Exchange 2010). Message was queued and delivered to my mail box. ?confused? why CF is not sending emails now since that ruled out permissions issues on the Exchange server (figured as I followed the steps to set that up).

Report · Mar 09, 2011

Hi Jeff,

Any files being created in CF\Mail\Undelivr folder?

HTH, Carl.

Report · Mar 10, 2011

No files there. logs state the message was sent successfully, but Exchange does not show it ever received it; however the new message tracker in Exchange 2010 seems stripped from previous versions as I can only look at an individual mailbox for messages and the queue viewer is only valid outgoing messages.

Report · Mar 10, 2011

Sorry Jeff not much more I can add. Something "out of the box" any spam or junk agent getting in the way and sensing the CFMAIL as malicious?

Report · Mar 10, 2011

Nothing else installed on the exchange server that is mail related. Oddly enough on the old server we did. We had GFI Mail Essentials. Exchange 2010 is out of box with SP1 and all of the normal updates for Windows 2008 R2. Even disabled the firewall just in case.

Has anyone had success with CF9 and Exchange 2010 SR1?

Here is the complete list per Programs and Features:

CA ArcServe Backup

Messaging API and Colleboration Data Objects 1.2.1 (needed for ArcServe)

Microsoft .NET Frameworks 4 Client Profile and Extended

Microsoft Exchange Pre-Deployment Analyer

Microsoft Exchange Server 2010 (version 14.1.218.15)

Microsoft Filter Pack 2.0 (Indexing Service installed by Windows Update)

Microsoft Silverlight

Microsoft Visaul C++ 2005

VMware Tools

Features:

GPM

PowerShell

RPC over HTTP Proxy

Remote Server Admin Tools

Windows Process Activiation Service

Windows Server Backup Features

.NET Framework 3.5.1

Roles:

File Services

Web Services

Report · Mar 11, 2011

If it helps in, I created a CFM file using cfmail pointing to both the old server and the new server. Emails go out fine until I add an external email address (ex: @gmail.com). From there no messages are sent nor received by Exchange. If I remove the external address, the email is sent and received by Exchange and therefore accessible on the client. Emails are able to be sent externally from any other client (Outlook 2007/2010). It is as if CFMAIL does not seem to want or understand how to handle external addresses with Exchange 2010.

Report · Mar 11, 2011

Problem has been resolved.

Short answer:

"Externally Secured Authenication" is a required setting under Authentication. Anonymous Users selected on Permission Group IS NOT enough.

Detail Answer:

Under Exchange 2010 EMC, goto Server Configuration > Hub Transport. Create a new Receiver Connector. Add the IP address of your Coldfusion server or just except everything in your subnet by adding /24. Under Authenication select ONLY "Externally Secured (for example, with IPsec)" <--- IMPORTANT deselecting everything else. Dont worry if you forget that as it will not let you select any other combination. Under Permission Group select everything (may not be required, but I know it works that way). Click OK and you should be good to go.

Some notes:

First and foremost, the paramater debug for cfmail writes all of the information needed to troubleshoot this issue into the log file \runtime\logs\coldfusion-out. Second, do not rely on the "verify server" option. Maybe the only thing that does is checks if the server is pingable but it does not actually send message or anything that is particularly useful. Adobe, please take a page out of other programs rule book and actual do something with this feature to make it worth while (ex: Server Alert software I use for monitoring system temps, sends an actual message and displays the complete event below the test connection button).

Next, like above, do not rely on the regular logs as "message was successfully sent" means nothing, with the debug logs say otherwise.

When the actual message is blocked by Exchange due to a relay issue, and the actual debug logs shows this information, how is the message sent success? That gives false hopes and send people on a wild goose chase!

Mine you the issue was Exchange, but the feature to verify server and normal mail logs should provide actual details instead of assuming.

Report · Mar 11, 2011

This is great information to have - thanks for all the details! One question - how did you go about turning on "debug" in cfmail?

thanks

reed

Report · Mar 11, 2011

http://help.adobe.com/en_US/ColdFusion/9.0/CFMLRef/WSc3ff6d0ea77859461172e0811cbec22c24-7f8e.html

just a parameter for cfmail.

Report · Jun 04, 2011

So where did the emails go before the fix? Is there a way to recover those that went into limbo?

Report · Jun 06, 2011

From what I could gather; oblivion. Luckily it was only a few hours into the problem, so it was not that big of a deal for us...