Internet Information Services Simple Mail Transfer Protocol Service May Be Unable to Send Mail

The Internet Information Services (IIS) Simple Mail Transfer Protocol (SMTP) service installed on an Internet Security and Acceleration (ISA) Server 2000-based server may not be able to send mail, and the following error may be logged in the event log:

To resolve this behavior, add a second Domain Name System (DNS) packet filter for the outbound Transmission Control Protocol (TCP) port 53:

Name: DNS TCP
Allow Packet Transmission
Custom: Protocol: TCP
Direction: Outbound
Local port: All ports
Remote port: Fixed port
Remote port number: 53
Default Internet Protocol (IP) addresses for each external interface on the ISA Server computer
All remote computers

ISA Server is configured with packet filters for inbound and outbound SMTP traffic. The default DNS client packet filter is also in place. From ISA Server, you can use telnet for the outbound SMTP traffic on port 25 and you can resolve names by means of DNS. The SMTP service receives mail, but outgoing mail remains in the queue.

When you trace how the SMTPSVC service delivers mail, this service uses a TCP DNS query for the mail exchanger (MX) record of the domain to which it is attempting to deliver mail. The default DNS filter in ISA Server is only enabled for User Datagram Protocol (UDP) queries. The addition of a second filter for DNS on TCP port 53 enables the DNS queries to work.