Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Simple NAT question 1

Status
Not open for further replies.
danomac

danomac

IS-IT--Management
Aug 2, 2002
731
AM
We are running Exchange 2007 behind a NAT. Everything is working fine.

I recently had to change our public IP address. While Exchange is happily chugging along, I had to enter the new IP in our Spam filter. For the life of me, I can't remember if I have to change this in Exchange.

I've looked in the Server Configuration->Hub Transport, but don't see anything for a public IP.

Does it exist, and if it does, where is it in the configuration? If it's set it has the wrong address.
 
Sort by date Sort by votes
I don't believe you need to put the external IP address in your exchange configuration. I'm assuming you're natting on your firewall, have a translation rule and an access rule allowing smtp traffic to the internal address?

Are you able to send/receive external mail on the new server?
 
Upvote 0 Downvote
I can send receive mail, but Exchange keeps putting our local IP address (192.168.x.x) in the headers. We have a SPF record set up for our domain, and this is not one of them.

I'm actually just investigating it right now, what are the odds that a reply would get posted now!

I've found the Send connector, which allows me to specify a FQDN - but there's no space for the IP address.
 
Upvote 0 Downvote
How is your network connected to the internet? Are you doing any address translation?
 
Upvote 0 Downvote
We forward all outgoing mail to a smart host, which is our spam filter. The spam filter's public IP was updated ages ago, I can see in the error logs that it is registering correctly.

It looks like the receiver's filter is checking all the IP addresses until it hits the originating server (with the private IP address) and then failing:

Code: 
207.x.x.x failed after I sent the message.
Remote host said: 550 domain of <email>@<our domain> does not designate 192.168.x.x as permitted sender

--- Below this line is a copy of the message.

Return-Path: <email>@<our domain>
Received: (qmail 32147 invoked by uid 110); 16 Dec 2009 10:11:01 -0800
Delivered-To: <email>@<dest.address>
Received: (qmail 32114 invoked from network); 16 Dec 2009 10:10:58 -0800
Received: from <our mail server> (207.x.x.x)  ##This is correct, is our external "smart" host/spam filter
  by 107045-[URL unfurl="true"]www1.circle.bc.ca[/URL] with (DHE-RSA-AES256-SHA encrypted) SMTP; 16 Dec 2009 10:10:58 -0800
Received: from 192.168.x.x [192.168.x.x]  ##This is not - it's our internal exchange server
        by <our mail server>
        with XWall v3.44 ;
        Wed, 16 Dec 2009 10:10:56 -0800
Received: from <local dns name> ([192.168.x.x]) by  <local dns name> ([192.168.x.x]) with mapi; Wed, 16 Dec 2009
 10:10:54 -0800

I've noted my comments with ##. It seems that exchange isn't using our public IP address.

Is it possible that it doesn't like the smart-host setup? I could just have exchange go directly through the firewall to the internet (right now that's explicitly blocked), but I don't think that would solve the underlying issue.
 
Upvote 0 Downvote
I think if the address of the spam filter server is the same as the MX record for your external mail domain, this won't happen, but I may be wrong. Since you're relaying outgoing mail, you might be adding an additional header with your internal info on it.

If that's the case, you might try this:
I'm receiving mail on a spam server then relaying it to my Exchange server. Outgoing mail is sent directly through our firewall. The outgoing address is the MX record for mail.mydomain.com and that's what shows up in our headers.

You could also call whoever is hosting your spam server. I'm sure they'll have the answer.
 
Upvote 0 Downvote
I think if the address of the spam filter server is the same as the MX record for your external mail domain, this won't happen, but I may be wrong.
Click to expand...

Our spam filter server is set to the MX record. The rDNS points to it as well.

This is hosted internally, which is why I'm posting in here. I've not seen an error like this one. I suspect the mail recipient (qmail in this case) is not scanning the message and applying the SPF record properly - but there's not much I can do about that.

I am in contact with our spam filter tech support. Maybe they have a patch to remove that header information for our internal server. We'll see.
 
Upvote 0 Downvote
You had to get me going, heheheh. I did some testing and I also had my internal server name with the address 127.0.0.1 showing in the header right before my external information, just never noticed it. I did the following command in the Exchange Management Shell, and presto, it's gone.

Get-SendConnector "Connector Name" | Remove-ADPermission -AccessRight ExtendedRight -ExtendedRights "ms-Exch-Send-Headers-Routing" -user "NT AUTHORITY\Anonymous Logon"

Just replace "Connector Name" with whatever you called your SMTP connector.


 
Upvote 0 Downvote
Hah, it works. I saw a mention of that behaviour saying it's there as a default action but nobody had a way to remove it.

Seems to be working OK now.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Edu001
  • Locked
  • Question
Exchange 2016 Installing a simple Second server
Replies
6
Views
752
Edu001
Edu001
Amaksoud396
  • Locked
  • Question
Exchange 2016 sizing questions
Replies
0
Views
66
Amaksoud396
Amaksoud396
jlh1
  • Locked
  • Question
Exchange Hybrid question.
Replies
0
Views
68
jlh1
jlh1
lwhalo
  • Locked
  • Question
Domain Admins - Active Sync/OWA question
Replies
1
Views
98
ntinlin
ntinlin
testman1
  • Locked
  • Question
Anti-Spam Question
Replies
4
Views
108
testman1
testman1

Part and Inventory Search

Sponsor

Back
Top