Unable to reach POP server

My boss has been having trouble checking email while out of the office.
We're not yet running exchange (migration is about 1 month away), so our
clients currently POP their mailbox using the Outlook 2000 client with the
all the latest Office 2000 patches. Internally, it works fine. Externally,
we have troubles. Here's some background:

I inherited this network 3 months ago when I took over as IT manager. The
previous admin had set up an Outlook profile for use when connected in the
office that used the internal LAN IP of the mail server, and a totally
separate Outlook profile for use when out of the office that used our
registered MX record (mail.companyname.com). Until recently we weren't
running DNS within our network. Now that we are, I decided not long ago to
create internal DNS records for our mail server with the same name we use
externally (mail.companyname.com). After some initial hiccups, it worked
fine. I've been sending and receiving mail from my work desktop using our
DNS name for 6 weeks now. I have also successfully set up Outlook Express
at home to POP my mailbox on the mail server thru our SonicWall firewall
(although I finally disabled that account a while back because I never used
work email at home).

So far, so good. I recently configured my boss to use the DNS name of our
mail server instead of the internal IP. It works internally. But when my
boss takes his laptop out of the office and tries to check via any available
internet connection, Outlook says the mail server cannot be reached, and
pops up the box to verify/change the POPs server name/IP. I've been with
him when it happens, and here's the wild part: if I ping our mail server's
registered DNS name (mail.companyname.com), it promptly, correctly resolves
the name to our external IP, and successfully pings it. But I still can't
connect.

I've done ipconfig /flushdns, and still had the problem. He's normally
booting fresh, logging onto his domain account using cached credentials,
connecting to the internet, and launching Outlook. Our firewall is (as far
as I can determine) correctly set to forward all WAN traffic on port 110 to
the internal IP of our mail server (TCP only).

I'm running out of places to look, and my boss is running out of patience.
I finally presumed that his installation of Windows 2000 and Outlook were
just old and messed up (2-3 years old, as far as I can determine), so I did
a fresh, clean install of XP Pro today. The only things that haven't
changed are his domain user account, and his PST file. Still having the
same problem.

Sorry for the long post...any takers?

Thanks in advance,

Bryan

p.s. -- Since my Outlook Express at home seemed to have no trouble, I will
set up Outlook 2000 with my work POP account and do further testing, then
post the results here.

Hi Bryan,

While out on the internet do the following from command line:

telnet mail.companyname.com 110

What do you get? You should get something like "+OK InterMail POP3 server
ready." -- it depends on POP3 server.

For test you can also run

telnet mail.companyname.com 25

Were you able to connect? You should get something like "220 ESMTP
server" -- again depending on SMTP server...

Mike

"Bryan Linton" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
> My boss has been having trouble checking email while out of the office.
> We're not yet running exchange (migration is about 1 month away), so our
> clients currently POP their mailbox using the Outlook 2000 client with the
> all the latest Office 2000 patches. Internally, it works fine.
Externally,
> we have troubles. Here's some background:
>
> I inherited this network 3 months ago when I took over as IT manager. The
> previous admin had set up an Outlook profile for use when connected in the
> office that used the internal LAN IP of the mail server, and a totally
> separate Outlook profile for use when out of the office that used our
> registered MX record (mail.companyname.com). Until recently we weren't
> running DNS within our network. Now that we are, I decided not long ago
to
> create internal DNS records for our mail server with the same name we use
> externally (mail.companyname.com). After some initial hiccups, it worked
> fine. I've been sending and receiving mail from my work desktop using our
> DNS name for 6 weeks now. I have also successfully set up Outlook Express
> at home to POP my mailbox on the mail server thru our SonicWall firewall
> (although I finally disabled that account a while back because I never
used
> work email at home).
>
> So far, so good. I recently configured my boss to use the DNS name of our
> mail server instead of the internal IP. It works internally. But when my
> boss takes his laptop out of the office and tries to check via any
available
> internet connection, Outlook says the mail server cannot be reached, and
> pops up the box to verify/change the POPs server name/IP. I've been with
> him when it happens, and here's the wild part: if I ping our mail server's
> registered DNS name (mail.companyname.com), it promptly, correctly
resolves
> the name to our external IP, and successfully pings it. But I still can't
> connect.
>
> I've done ipconfig /flushdns, and still had the problem. He's normally
> booting fresh, logging onto his domain account using cached credentials,
> connecting to the internet, and launching Outlook. Our firewall is (as
far
> as I can determine) correctly set to forward all WAN traffic on port 110
to
> the internal IP of our mail server (TCP only).
>
> I'm running out of places to look, and my boss is running out of patience.
> I finally presumed that his installation of Windows 2000 and Outlook were
> just old and messed up (2-3 years old, as far as I can determine), so I
did
> a fresh, clean install of XP Pro today. The only things that haven't
> changed are his domain user account, and his PST file. Still having the
> same problem.
>
> Sorry for the long post...any takers?
>
> Thanks in advance,
>
> Bryan
>
> p.s. -- Since my Outlook Express at home seemed to have no trouble, I
will
> set up Outlook 2000 with my work POP account and do further testing, then
> post the results here.
>
>

Thanks Mike. To test, I disconnected from our LAN and established a dial-up
to the internet (which is also how I tested on his machine yesterday). I
was able to successfully telnet in thru both ports and got your messages
almost verbatim. It should be noted that I did this from my computer...not
his (he's actually in the office and using it now...yesterday was a holiday
so I took advantage. :-) ) The only significant difference I can think of
between our machines is that mine still uses a static IP on our LAN, while I
have his assigned dynamically. Shouldn't make a difference as far as I can
tell, but I'll mention it just in case.

As an interim solution, I've set up a VPN connection on his laptop and
instructed him always to connect to the internet *and* establish the VPN
connection before he launches Outlook. As far as I can tell, that'll work
okay; it went fine in testing yesterday. Also, to take DNS completely out
of the picture, I again set up Outlook with the internal IP of our mail
server.

So...what now?

Bryan

"Miha Pihler" <mihap-(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hi Bryan,
>
> While out on the internet do the following from command line:
>
> telnet mail.companyname.com 110
>
> What do you get? You should get something like "+OK InterMail POP3 server
> ready." -- it depends on POP3 server.
>
> For test you can also run
>
> telnet mail.companyname.com 25
>
> Were you able to connect? You should get something like "220 ESMTP
> server" -- again depending on SMTP server...
>
> Mike
>
> "Bryan Linton" <(E-Mail Removed)> wrote in message
> news:%(E-Mail Removed)...
> > My boss has been having trouble checking email while out of the office.
> > We're not yet running exchange (migration is about 1 month away), so our
> > clients currently POP their mailbox using the Outlook 2000 client with
the
> > all the latest Office 2000 patches. Internally, it works fine.
> Externally,
> > we have troubles. Here's some background:
> >
> > I inherited this network 3 months ago when I took over as IT manager.
The
> > previous admin had set up an Outlook profile for use when connected in
the
> > office that used the internal LAN IP of the mail server, and a totally
> > separate Outlook profile for use when out of the office that used our
> > registered MX record (mail.companyname.com). Until recently we weren't
> > running DNS within our network. Now that we are, I decided not long ago
> to
> > create internal DNS records for our mail server with the same name we
use
> > externally (mail.companyname.com). After some initial hiccups, it
worked
> > fine. I've been sending and receiving mail from my work desktop using
our
> > DNS name for 6 weeks now. I have also successfully set up Outlook
Express
> > at home to POP my mailbox on the mail server thru our SonicWall firewall
> > (although I finally disabled that account a while back because I never
> used
> > work email at home).
> >
> > So far, so good. I recently configured my boss to use the DNS name of
our
> > mail server instead of the internal IP. It works internally. But when
my
> > boss takes his laptop out of the office and tries to check via any
> available
> > internet connection, Outlook says the mail server cannot be reached, and
> > pops up the box to verify/change the POPs server name/IP. I've been
with
> > him when it happens, and here's the wild part: if I ping our mail
server's
> > registered DNS name (mail.companyname.com), it promptly, correctly
> resolves
> > the name to our external IP, and successfully pings it. But I still
can't
> > connect.
> >
> > I've done ipconfig /flushdns, and still had the problem. He's normally
> > booting fresh, logging onto his domain account using cached credentials,
> > connecting to the internet, and launching Outlook. Our firewall is (as
> far
> > as I can determine) correctly set to forward all WAN traffic on port 110
> to
> > the internal IP of our mail server (TCP only).
> >
> > I'm running out of places to look, and my boss is running out of
patience.
> > I finally presumed that his installation of Windows 2000 and Outlook
were
> > just old and messed up (2-3 years old, as far as I can determine), so I
> did
> > a fresh, clean install of XP Pro today. The only things that haven't
> > changed are his domain user account, and his PST file. Still having the
> > same problem.
> >
> > Sorry for the long post...any takers?
> >
> > Thanks in advance,
> >
> > Bryan
> >
> > p.s. -- Since my Outlook Express at home seemed to have no trouble, I
> will
> > set up Outlook 2000 with my work POP account and do further testing,
then
> > post the results here.
> >
> >
>
>

Try to telnet to those from his computer while computer is connected to the
internet.

Mike

"Bryan Linton" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Thanks Mike. To test, I disconnected from our LAN and established a
dial-up
> to the internet (which is also how I tested on his machine yesterday). I
> was able to successfully telnet in thru both ports and got your messages
> almost verbatim. It should be noted that I did this from my
computer...not
> his (he's actually in the office and using it now...yesterday was a
holiday
> so I took advantage. :-) ) The only significant difference I can think
of
> between our machines is that mine still uses a static IP on our LAN, while
I
> have his assigned dynamically. Shouldn't make a difference as far as I
can
> tell, but I'll mention it just in case.
>
> As an interim solution, I've set up a VPN connection on his laptop and
> instructed him always to connect to the internet *and* establish the VPN
> connection before he launches Outlook. As far as I can tell, that'll work
> okay; it went fine in testing yesterday. Also, to take DNS completely out
> of the picture, I again set up Outlook with the internal IP of our mail
> server.
>
> So...what now?
>
> Bryan
>
> "Miha Pihler" <mihap-(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> > Hi Bryan,
> >
> > While out on the internet do the following from command line:
> >
> > telnet mail.companyname.com 110
> >
> > What do you get? You should get something like "+OK InterMail POP3
server
> > ready." -- it depends on POP3 server.
> >
> > For test you can also run
> >
> > telnet mail.companyname.com 25
> >
> > Were you able to connect? You should get something like "220 ESMTP
> > server" -- again depending on SMTP server...
> >
> > Mike
> >
> > "Bryan Linton" <(E-Mail Removed)> wrote in message
> > news:%(E-Mail Removed)...
> > > My boss has been having trouble checking email while out of the
office.
> > > We're not yet running exchange (migration is about 1 month away), so
our
> > > clients currently POP their mailbox using the Outlook 2000 client with
> the
> > > all the latest Office 2000 patches. Internally, it works fine.
> > Externally,
> > > we have troubles. Here's some background:
> > >
> > > I inherited this network 3 months ago when I took over as IT manager.
> The
> > > previous admin had set up an Outlook profile for use when connected in
> the
> > > office that used the internal LAN IP of the mail server, and a totally
> > > separate Outlook profile for use when out of the office that used our
> > > registered MX record (mail.companyname.com). Until recently we
weren't
> > > running DNS within our network. Now that we are, I decided not long
ago
> > to
> > > create internal DNS records for our mail server with the same name we
> use
> > > externally (mail.companyname.com). After some initial hiccups, it
> worked
> > > fine. I've been sending and receiving mail from my work desktop using
> our
> > > DNS name for 6 weeks now. I have also successfully set up Outlook
> Express
> > > at home to POP my mailbox on the mail server thru our SonicWall
firewall
> > > (although I finally disabled that account a while back because I never
> > used
> > > work email at home).
> > >
> > > So far, so good. I recently configured my boss to use the DNS name of
> our
> > > mail server instead of the internal IP. It works internally. But
when
> my
> > > boss takes his laptop out of the office and tries to check via any
> > available
> > > internet connection, Outlook says the mail server cannot be reached,
and
> > > pops up the box to verify/change the POPs server name/IP. I've been
> with
> > > him when it happens, and here's the wild part: if I ping our mail
> server's
> > > registered DNS name (mail.companyname.com), it promptly, correctly
> > resolves
> > > the name to our external IP, and successfully pings it. But I still
> can't
> > > connect.
> > >
> > > I've done ipconfig /flushdns, and still had the problem. He's
normally
> > > booting fresh, logging onto his domain account using cached
credentials,
> > > connecting to the internet, and launching Outlook. Our firewall is
(as
> > far
> > > as I can determine) correctly set to forward all WAN traffic on port
110
> > to
> > > the internal IP of our mail server (TCP only).
> > >
> > > I'm running out of places to look, and my boss is running out of
> patience.
> > > I finally presumed that his installation of Windows 2000 and Outlook
> were
> > > just old and messed up (2-3 years old, as far as I can determine), so
I
> > did
> > > a fresh, clean install of XP Pro today. The only things that haven't
> > > changed are his domain user account, and his PST file. Still having
the
> > > same problem.
> > >
> > > Sorry for the long post...any takers?
> > >
> > > Thanks in advance,
> > >
> > > Bryan
> > >
> > > p.s. -- Since my Outlook Express at home seemed to have no trouble, I
> > will
> > > set up Outlook 2000 with my work POP account and do further testing,
> then
> > > post the results here.
> > >
> > >
> >
> >
>
>

Is there any personal firewall software installed on this computer that is
having problems with POP3 connections?

Mike

"Miha Pihler" <mihap-(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Try to telnet to those from his computer while computer is connected to
the
> internet.
>
> Mike
>
> "Bryan Linton" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> > Thanks Mike. To test, I disconnected from our LAN and established a
> dial-up
> > to the internet (which is also how I tested on his machine yesterday).
I
> > was able to successfully telnet in thru both ports and got your messages
> > almost verbatim. It should be noted that I did this from my
> computer...not
> > his (he's actually in the office and using it now...yesterday was a
> holiday
> > so I took advantage. :-) ) The only significant difference I can think
> of
> > between our machines is that mine still uses a static IP on our LAN,
while
> I
> > have his assigned dynamically. Shouldn't make a difference as far as I
> can
> > tell, but I'll mention it just in case.
> >
> > As an interim solution, I've set up a VPN connection on his laptop and
> > instructed him always to connect to the internet *and* establish the VPN
> > connection before he launches Outlook. As far as I can tell, that'll
work
> > okay; it went fine in testing yesterday. Also, to take DNS completely
out
> > of the picture, I again set up Outlook with the internal IP of our mail
> > server.
> >
> > So...what now?
> >
> > Bryan
> >
> > "Miha Pihler" <mihap-(E-Mail Removed)> wrote in message
> > news:(E-Mail Removed)...
> > > Hi Bryan,
> > >
> > > While out on the internet do the following from command line:
> > >
> > > telnet mail.companyname.com 110
> > >
> > > What do you get? You should get something like "+OK InterMail POP3
> server
> > > ready." -- it depends on POP3 server.
> > >
> > > For test you can also run
> > >
> > > telnet mail.companyname.com 25
> > >
> > > Were you able to connect? You should get something like "220 ESMTP
> > > server" -- again depending on SMTP server...
> > >
> > > Mike
> > >
> > > "Bryan Linton" <(E-Mail Removed)> wrote in message
> > > news:%(E-Mail Removed)...
> > > > My boss has been having trouble checking email while out of the
> office.
> > > > We're not yet running exchange (migration is about 1 month away), so
> our
> > > > clients currently POP their mailbox using the Outlook 2000 client
with
> > the
> > > > all the latest Office 2000 patches. Internally, it works fine.
> > > Externally,
> > > > we have troubles. Here's some background:
> > > >
> > > > I inherited this network 3 months ago when I took over as IT
manager.
> > The
> > > > previous admin had set up an Outlook profile for use when connected
in
> > the
> > > > office that used the internal LAN IP of the mail server, and a
totally
> > > > separate Outlook profile for use when out of the office that used
our
> > > > registered MX record (mail.companyname.com). Until recently we
> weren't
> > > > running DNS within our network. Now that we are, I decided not long
> ago
> > > to
> > > > create internal DNS records for our mail server with the same name
we
> > use
> > > > externally (mail.companyname.com). After some initial hiccups, it
> > worked
> > > > fine. I've been sending and receiving mail from my work desktop
using
> > our
> > > > DNS name for 6 weeks now. I have also successfully set up Outlook
> > Express
> > > > at home to POP my mailbox on the mail server thru our SonicWall
> firewall
> > > > (although I finally disabled that account a while back because I
never
> > > used
> > > > work email at home).
> > > >
> > > > So far, so good. I recently configured my boss to use the DNS name
of
> > our
> > > > mail server instead of the internal IP. It works internally. But
> when
> > my
> > > > boss takes his laptop out of the office and tries to check via any
> > > available
> > > > internet connection, Outlook says the mail server cannot be reached,
> and
> > > > pops up the box to verify/change the POPs server name/IP. I've been
> > with
> > > > him when it happens, and here's the wild part: if I ping our mail
> > server's
> > > > registered DNS name (mail.companyname.com), it promptly, correctly
> > > resolves
> > > > the name to our external IP, and successfully pings it. But I still
> > can't
> > > > connect.
> > > >
> > > > I've done ipconfig /flushdns, and still had the problem. He's
> normally
> > > > booting fresh, logging onto his domain account using cached
> credentials,
> > > > connecting to the internet, and launching Outlook. Our firewall is
> (as
> > > far
> > > > as I can determine) correctly set to forward all WAN traffic on port
> 110
> > > to
> > > > the internal IP of our mail server (TCP only).
> > > >
> > > > I'm running out of places to look, and my boss is running out of
> > patience.
> > > > I finally presumed that his installation of Windows 2000 and Outlook
> > were
> > > > just old and messed up (2-3 years old, as far as I can determine),
so
> I
> > > did
> > > > a fresh, clean install of XP Pro today. The only things that
haven't
> > > > changed are his domain user account, and his PST file. Still having
> the
> > > > same problem.
> > > >
> > > > Sorry for the long post...any takers?
> > > >
> > > > Thanks in advance,
> > > >
> > > > Bryan
> > > >
> > > > p.s. -- Since my Outlook Express at home seemed to have no trouble,
I
> > > will
> > > > set up Outlook 2000 with my work POP account and do further testing,
> > then
> > > > post the results here.
> > > >
> > > >
> > >
> > >
> >
> >
>
>

No firewall software; XP's built-in firewall was not even activated, as far
as I know. I'll double-check it when I test again. I have to wait 'till
he's out of his office for a few minutes. Hopefully will be able to within
the next couple of hours.

B

"Miha Pihler" <mihap-(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Try to telnet to those from his computer while computer is connected to
the
> internet.
>
> Mike
>
> "Bryan Linton" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> > Thanks Mike. To test, I disconnected from our LAN and established a
> dial-up
> > to the internet (which is also how I tested on his machine yesterday).
I
> > was able to successfully telnet in thru both ports and got your messages
> > almost verbatim. It should be noted that I did this from my
> computer...not
> > his (he's actually in the office and using it now...yesterday was a
> holiday
> > so I took advantage. :-) ) The only significant difference I can think
> of
> > between our machines is that mine still uses a static IP on our LAN,
while
> I
> > have his assigned dynamically. Shouldn't make a difference as far as I
> can
> > tell, but I'll mention it just in case.
> >
> > As an interim solution, I've set up a VPN connection on his laptop and
> > instructed him always to connect to the internet *and* establish the VPN
> > connection before he launches Outlook. As far as I can tell, that'll
work
> > okay; it went fine in testing yesterday. Also, to take DNS completely
out
> > of the picture, I again set up Outlook with the internal IP of our mail
> > server.
> >
> > So...what now?
> >
> > Bryan
> >
> > "Miha Pihler" <mihap-(E-Mail Removed)> wrote in message
> > news:(E-Mail Removed)...
> > > Hi Bryan,
> > >
> > > While out on the internet do the following from command line:
> > >
> > > telnet mail.companyname.com 110
> > >
> > > What do you get? You should get something like "+OK InterMail POP3
> server
> > > ready." -- it depends on POP3 server.
> > >
> > > For test you can also run
> > >
> > > telnet mail.companyname.com 25
> > >
> > > Were you able to connect? You should get something like "220 ESMTP
> > > server" -- again depending on SMTP server...
> > >
> > > Mike
> > >
> > > "Bryan Linton" <(E-Mail Removed)> wrote in message
> > > news:%(E-Mail Removed)...
> > > > My boss has been having trouble checking email while out of the
> office.
> > > > We're not yet running exchange (migration is about 1 month away), so
> our
> > > > clients currently POP their mailbox using the Outlook 2000 client
with
> > the
> > > > all the latest Office 2000 patches. Internally, it works fine.
> > > Externally,
> > > > we have troubles. Here's some background:
> > > >
> > > > I inherited this network 3 months ago when I took over as IT
manager.
> > The
> > > > previous admin had set up an Outlook profile for use when connected
in
> > the
> > > > office that used the internal LAN IP of the mail server, and a
totally
> > > > separate Outlook profile for use when out of the office that used
our
> > > > registered MX record (mail.companyname.com). Until recently we
> weren't
> > > > running DNS within our network. Now that we are, I decided not long
> ago
> > > to
> > > > create internal DNS records for our mail server with the same name
we
> > use
> > > > externally (mail.companyname.com). After some initial hiccups, it
> > worked
> > > > fine. I've been sending and receiving mail from my work desktop
using
> > our
> > > > DNS name for 6 weeks now. I have also successfully set up Outlook
> > Express
> > > > at home to POP my mailbox on the mail server thru our SonicWall
> firewall
> > > > (although I finally disabled that account a while back because I
never
> > > used
> > > > work email at home).
> > > >
> > > > So far, so good. I recently configured my boss to use the DNS name
of
> > our
> > > > mail server instead of the internal IP. It works internally. But
> when
> > my
> > > > boss takes his laptop out of the office and tries to check via any
> > > available
> > > > internet connection, Outlook says the mail server cannot be reached,
> and
> > > > pops up the box to verify/change the POPs server name/IP. I've been
> > with
> > > > him when it happens, and here's the wild part: if I ping our mail
> > server's
> > > > registered DNS name (mail.companyname.com), it promptly, correctly
> > > resolves
> > > > the name to our external IP, and successfully pings it. But I still
> > can't
> > > > connect.
> > > >
> > > > I've done ipconfig /flushdns, and still had the problem. He's
> normally
> > > > booting fresh, logging onto his domain account using cached
> credentials,
> > > > connecting to the internet, and launching Outlook. Our firewall is
> (as
> > > far
> > > > as I can determine) correctly set to forward all WAN traffic on port
> 110
> > > to
> > > > the internal IP of our mail server (TCP only).
> > > >
> > > > I'm running out of places to look, and my boss is running out of
> > patience.
> > > > I finally presumed that his installation of Windows 2000 and Outlook
> > were
> > > > just old and messed up (2-3 years old, as far as I can determine),
so
> I
> > > did
> > > > a fresh, clean install of XP Pro today. The only things that
haven't
> > > > changed are his domain user account, and his PST file. Still having
> the
> > > > same problem.
> > > >
> > > > Sorry for the long post...any takers?
> > > >
> > > > Thanks in advance,
> > > >
> > > > Bryan
> > > >
> > > > p.s. -- Since my Outlook Express at home seemed to have no trouble,
I
> > > will
> > > > set up Outlook 2000 with my work POP account and do further testing,
> > then
> > > > post the results here.
> > > >
> > > >
> > >
> > >
> >
> >
>
>

Ok, update. I screwed up the previous test. I thought I'd disabled my LAN
connection when I established the dial-up, but apparently I did not, so my
connection was established internally. I tested his and re-tested mine over
dial-up, and both failed to telnet in on those ports. Windows firewall was
disabled on both.


"Miha Pihler" <mihap-(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Is there any personal firewall software installed on this computer that is
> having problems with POP3 connections?
>
> Mike
>
> "Miha Pihler" <mihap-(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> > Try to telnet to those from his computer while computer is connected to
> the
> > internet.
> >
> > Mike
> >
> > "Bryan Linton" <(E-Mail Removed)> wrote in message
> > news:(E-Mail Removed)...
> > > Thanks Mike. To test, I disconnected from our LAN and established a
> > dial-up
> > > to the internet (which is also how I tested on his machine yesterday).
> I
> > > was able to successfully telnet in thru both ports and got your
messages
> > > almost verbatim. It should be noted that I did this from my
> > computer...not
> > > his (he's actually in the office and using it now...yesterday was a
> > holiday
> > > so I took advantage. :-) ) The only significant difference I can
think
> > of
> > > between our machines is that mine still uses a static IP on our LAN,
> while
> > I
> > > have his assigned dynamically. Shouldn't make a difference as far as
I
> > can
> > > tell, but I'll mention it just in case.
> > >
> > > As an interim solution, I've set up a VPN connection on his laptop and
> > > instructed him always to connect to the internet *and* establish the
VPN
> > > connection before he launches Outlook. As far as I can tell, that'll
> work
> > > okay; it went fine in testing yesterday. Also, to take DNS completely
> out
> > > of the picture, I again set up Outlook with the internal IP of our
mail
> > > server.
> > >
> > > So...what now?
> > >
> > > Bryan
> > >
> > > "Miha Pihler" <mihap-(E-Mail Removed)> wrote in message
> > > news:(E-Mail Removed)...
> > > > Hi Bryan,
> > > >
> > > > While out on the internet do the following from command line:
> > > >
> > > > telnet mail.companyname.com 110
> > > >
> > > > What do you get? You should get something like "+OK InterMail POP3
> > server
> > > > ready." -- it depends on POP3 server.
> > > >
> > > > For test you can also run
> > > >
> > > > telnet mail.companyname.com 25
> > > >
> > > > Were you able to connect? You should get something like "220 ESMTP
> > > > server" -- again depending on SMTP server...
> > > >
> > > > Mike
> > > >
> > > > "Bryan Linton" <(E-Mail Removed)> wrote in
message
> > > > news:%(E-Mail Removed)...
> > > > > My boss has been having trouble checking email while out of the
> > office.
> > > > > We're not yet running exchange (migration is about 1 month away),
so
> > our
> > > > > clients currently POP their mailbox using the Outlook 2000 client
> with
> > > the
> > > > > all the latest Office 2000 patches. Internally, it works fine.
> > > > Externally,
> > > > > we have troubles. Here's some background:
> > > > >
> > > > > I inherited this network 3 months ago when I took over as IT
> manager.
> > > The
> > > > > previous admin had set up an Outlook profile for use when
connected
> in
> > > the
> > > > > office that used the internal LAN IP of the mail server, and a
> totally
> > > > > separate Outlook profile for use when out of the office that used
> our
> > > > > registered MX record (mail.companyname.com). Until recently we
> > weren't
> > > > > running DNS within our network. Now that we are, I decided not
long
> > ago
> > > > to
> > > > > create internal DNS records for our mail server with the same name
> we
> > > use
> > > > > externally (mail.companyname.com). After some initial hiccups, it
> > > worked
> > > > > fine. I've been sending and receiving mail from my work desktop
> using
> > > our
> > > > > DNS name for 6 weeks now. I have also successfully set up Outlook
> > > Express
> > > > > at home to POP my mailbox on the mail server thru our SonicWall
> > firewall
> > > > > (although I finally disabled that account a while back because I
> never
> > > > used
> > > > > work email at home).
> > > > >
> > > > > So far, so good. I recently configured my boss to use the DNS
name
> of
> > > our
> > > > > mail server instead of the internal IP. It works internally. But
> > when
> > > my
> > > > > boss takes his laptop out of the office and tries to check via any
> > > > available
> > > > > internet connection, Outlook says the mail server cannot be
reached,
> > and
> > > > > pops up the box to verify/change the POPs server name/IP. I've
been
> > > with
> > > > > him when it happens, and here's the wild part: if I ping our mail
> > > server's
> > > > > registered DNS name (mail.companyname.com), it promptly, correctly
> > > > resolves
> > > > > the name to our external IP, and successfully pings it. But I
still
> > > can't
> > > > > connect.
> > > > >
> > > > > I've done ipconfig /flushdns, and still had the problem. He's
> > normally
> > > > > booting fresh, logging onto his domain account using cached
> > credentials,
> > > > > connecting to the internet, and launching Outlook. Our firewall
is
> > (as
> > > > far
> > > > > as I can determine) correctly set to forward all WAN traffic on
port
> > 110
> > > > to
> > > > > the internal IP of our mail server (TCP only).
> > > > >
> > > > > I'm running out of places to look, and my boss is running out of
> > > patience.
> > > > > I finally presumed that his installation of Windows 2000 and
Outlook
> > > were
> > > > > just old and messed up (2-3 years old, as far as I can determine),
> so
> > I
> > > > did
> > > > > a fresh, clean install of XP Pro today. The only things that
> haven't
> > > > > changed are his domain user account, and his PST file. Still
having
> > the
> > > > > same problem.
> > > > >
> > > > > Sorry for the long post...any takers?
> > > > >
> > > > > Thanks in advance,
> > > > >
> > > > > Bryan
> > > > >
> > > > > p.s. -- Since my Outlook Express at home seemed to have no
trouble,
> I
> > > > will
> > > > > set up Outlook 2000 with my work POP account and do further
testing,
> > > then
> > > > > post the results here.
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>

Check your corporate firewall (firewall that protects your LAN and server)
and make sure that it allows connection to POP3 service from the Internet
(it looks like it doesn't). You should also check firewall log files.
If you use NAT device, make sure that is forwards connection from public IP
address (NAT device) to internal POP server.

Mike

"Bryan Linton" <(E-Mail Removed)> wrote in message
news:u$(E-Mail Removed)...
> Ok, update. I screwed up the previous test. I thought I'd disabled my
LAN
> connection when I established the dial-up, but apparently I did not, so my
> connection was established internally. I tested his and re-tested mine
over
> dial-up, and both failed to telnet in on those ports. Windows firewall
was
> disabled on both.
>
>
> "Miha Pihler" <mihap-(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> > Is there any personal firewall software installed on this computer that
is
> > having problems with POP3 connections?
> >
> > Mike
> >
> > "Miha Pihler" <mihap-(E-Mail Removed)> wrote in message
> > news:(E-Mail Removed)...
> > > Try to telnet to those from his computer while computer is connected
to
> > the
> > > internet.
> > >
> > > Mike
> > >
> > > "Bryan Linton" <(E-Mail Removed)> wrote in message
> > > news:(E-Mail Removed)...
> > > > Thanks Mike. To test, I disconnected from our LAN and established a
> > > dial-up
> > > > to the internet (which is also how I tested on his machine
yesterday).
> > I
> > > > was able to successfully telnet in thru both ports and got your
> messages
> > > > almost verbatim. It should be noted that I did this from my
> > > computer...not
> > > > his (he's actually in the office and using it now...yesterday was a
> > > holiday
> > > > so I took advantage. :-) ) The only significant difference I can
> think
> > > of
> > > > between our machines is that mine still uses a static IP on our LAN,
> > while
> > > I
> > > > have his assigned dynamically. Shouldn't make a difference as far
as
> I
> > > can
> > > > tell, but I'll mention it just in case.
> > > >
> > > > As an interim solution, I've set up a VPN connection on his laptop
and
> > > > instructed him always to connect to the internet *and* establish the
> VPN
> > > > connection before he launches Outlook. As far as I can tell,
that'll
> > work
> > > > okay; it went fine in testing yesterday. Also, to take DNS
completely
> > out
> > > > of the picture, I again set up Outlook with the internal IP of our
> mail
> > > > server.
> > > >
> > > > So...what now?
> > > >
> > > > Bryan
> > > >
> > > > "Miha Pihler" <mihap-(E-Mail Removed)> wrote in message
> > > > news:(E-Mail Removed)...
> > > > > Hi Bryan,
> > > > >
> > > > > While out on the internet do the following from command line:
> > > > >
> > > > > telnet mail.companyname.com 110
> > > > >
> > > > > What do you get? You should get something like "+OK InterMail POP3
> > > server
> > > > > ready." -- it depends on POP3 server.
> > > > >
> > > > > For test you can also run
> > > > >
> > > > > telnet mail.companyname.com 25
> > > > >
> > > > > Were you able to connect? You should get something like "220 ESMTP
> > > > > server" -- again depending on SMTP server...
> > > > >
> > > > > Mike
> > > > >
> > > > > "Bryan Linton" <(E-Mail Removed)> wrote in
> message
> > > > > news:%(E-Mail Removed)...
> > > > > > My boss has been having trouble checking email while out of the
> > > office.
> > > > > > We're not yet running exchange (migration is about 1 month
away),
> so
> > > our
> > > > > > clients currently POP their mailbox using the Outlook 2000
client
> > with
> > > > the
> > > > > > all the latest Office 2000 patches. Internally, it works fine.
> > > > > Externally,
> > > > > > we have troubles. Here's some background:
> > > > > >
> > > > > > I inherited this network 3 months ago when I took over as IT
> > manager.
> > > > The
> > > > > > previous admin had set up an Outlook profile for use when
> connected
> > in
> > > > the
> > > > > > office that used the internal LAN IP of the mail server, and a
> > totally
> > > > > > separate Outlook profile for use when out of the office that
used
> > our
> > > > > > registered MX record (mail.companyname.com). Until recently we
> > > weren't
> > > > > > running DNS within our network. Now that we are, I decided not
> long
> > > ago
> > > > > to
> > > > > > create internal DNS records for our mail server with the same
name
> > we
> > > > use
> > > > > > externally (mail.companyname.com). After some initial hiccups,
it
> > > > worked
> > > > > > fine. I've been sending and receiving mail from my work desktop
> > using
> > > > our
> > > > > > DNS name for 6 weeks now. I have also successfully set up
Outlook
> > > > Express
> > > > > > at home to POP my mailbox on the mail server thru our SonicWall
> > > firewall
> > > > > > (although I finally disabled that account a while back because I
> > never
> > > > > used
> > > > > > work email at home).
> > > > > >
> > > > > > So far, so good. I recently configured my boss to use the DNS
> name
> > of
> > > > our
> > > > > > mail server instead of the internal IP. It works internally.
But
> > > when
> > > > my
> > > > > > boss takes his laptop out of the office and tries to check via
any
> > > > > available
> > > > > > internet connection, Outlook says the mail server cannot be
> reached,
> > > and
> > > > > > pops up the box to verify/change the POPs server name/IP. I've
> been
> > > > with
> > > > > > him when it happens, and here's the wild part: if I ping our
mail
> > > > server's
> > > > > > registered DNS name (mail.companyname.com), it promptly,
correctly
> > > > > resolves
> > > > > > the name to our external IP, and successfully pings it. But I
> still
> > > > can't
> > > > > > connect.
> > > > > >
> > > > > > I've done ipconfig /flushdns, and still had the problem. He's
> > > normally
> > > > > > booting fresh, logging onto his domain account using cached
> > > credentials,
> > > > > > connecting to the internet, and launching Outlook. Our firewall
> is
> > > (as
> > > > > far
> > > > > > as I can determine) correctly set to forward all WAN traffic on
> port
> > > 110
> > > > > to
> > > > > > the internal IP of our mail server (TCP only).
> > > > > >
> > > > > > I'm running out of places to look, and my boss is running out of
> > > > patience.
> > > > > > I finally presumed that his installation of Windows 2000 and
> Outlook
> > > > were
> > > > > > just old and messed up (2-3 years old, as far as I can
determine),
> > so
> > > I
> > > > > did
> > > > > > a fresh, clean install of XP Pro today. The only things that
> > haven't
> > > > > > changed are his domain user account, and his PST file. Still
> having
> > > the
> > > > > > same problem.
> > > > > >
> > > > > > Sorry for the long post...any takers?
> > > > > >
> > > > > > Thanks in advance,
> > > > > >
> > > > > > Bryan
> > > > > >
> > > > > > p.s. -- Since my Outlook Express at home seemed to have no
> trouble,
> > I
> > > > > will
> > > > > > set up Outlook 2000 with my work POP account and do further
> testing,
> > > > then
> > > > > > post the results here.
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>

I've found the problem, but I'm not sure of the best solution.

I looked for a firewall problem previously, but could find no fault with the
way port forwarding was set up. As it turns out, the problem isn't with
port forwarding, but with 1:1 NAT.

Currently, we have 3 public IPs. One class A address (x.x.x.32) is assigned
to the firewall device itself, which is a SonicWall SOHO2. Two additional
IPs have been assigned; x.x.x.33 was set up with 1:1 NAT to our fairly new
SBS 2003, and x.x.x.34 to our mail server. I'm not certain why she (my
predecessor) chose to have multiple public IPs; my understanding has been
that they're unneccessary since traffic can be distinguished and routed
based on the port used. The setup worked, however, since there was never a
need to route traffic coming in on the mail server's IP to different
machines based on the port. Now there is. Why? Because we added a spam
appliance to our network a month ago.

I changed the 1:1 NAT on the SonicWall a month ago to point to the IP of our
new spam firewall appliance instead of the mail server, and then setup the
spam firewall to forward acceptable mail to the IP of our mail server. All
incoming mail flows thru that spam firewall first (running a hardened,
locked-down linux distro) before being forwarded to the mail server.
However, it will only forward SMTP mail received on port 25 (and
technically, it's not simply forwarding...it's receiving, processing, and
then initiating it's own connection). My connection attempts are apparently
all hitting the spam appliance and dying there, including my telnet
connection attempt to port 25.

At this point it seems clear that if a port-forwarding rule is set up that
conflicts with a 1:1 NAT setting, the 1:1 NAT setting wins. I don't want to
break our email by turning off 1:1 NAT until I'm clear of the consequences.
Here's what needs to be accomplished:

-- Incoming SMTP mail needs to be processed by our spam firewall, then
passed along to our mail server. (This is working)
-- Users need to be able to POP their mailboxes on the mail server from
outside the company firewall. (This is not working)
-- Users need to be able to send outgoing SMTP mail thru our mail server
from outside the company firewall. (This is not working).
-- Once we migrate to Exchange 2003 (very shortly), we'll need to accomplish
the same goals, with the exception that they'll no longer be using POP3 to
get mail.

It should be noted that we also have a satellite office with an identical
model SonicWall firewall. Some kind of VPN is set up between the two
firewalls to secure all communications between them, although I'm not clear
if that's actually doing anything, based on how the girl at that office
currently does her work. When I asked my predecesor about the reason for
multiple public IPs she said something about this VPN connection needing a
dedicated IP. Does that seem reasonable?

Sorry for the long post...any takers welcome. Thanks to Mike for his help
thus far.

Bryan

"Miha Pihler" <mihap-(E-Mail Removed)> wrote in message
news:Ol%(E-Mail Removed)...
> Check your corporate firewall (firewall that protects your LAN and server)
> and make sure that it allows connection to POP3 service from the Internet
> (it looks like it doesn't). You should also check firewall log files.
> If you use NAT device, make sure that is forwards connection from public
IP
> address (NAT device) to internal POP server.
>
> Mike

"Bryan Linton" <(E-Mail Removed)> wrote in message
news:Oocw$(E-Mail Removed)...
> I've found the problem, but I'm not sure of the best solution.
>
> I looked for a firewall problem previously, but could find no fault with
the
> way port forwarding was set up. As it turns out, the problem isn't with
> port forwarding, but with 1:1 NAT.
>
> Currently, we have 3 public IPs. One class A address (x.x.x.32) is
assigned
> to the firewall device itself, which is a SonicWall SOHO2. Two additional
> IPs have been assigned; x.x.x.33 was set up with 1:1 NAT to our fairly new
> SBS 2003, and x.x.x.34 to our mail server. I'm not certain why she (my
> predecessor) chose to have multiple public IPs; my understanding has been
> that they're unneccessary since traffic can be distinguished and routed
> based on the port used.

That is actually a good way to do that. I would not criticize her.
Separating "jobs" out to different public IP#s is more flexable and
scaleable then trying do everthing with on one public IP#.

--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com