Using Exchange to handle Internet Email

[dsflee]

Hi There,

Completely new to Exchange but have been given the task of getting our server up and running.

Bascially we have an Exchange 2000 server sitting on our LAN for the domain foldermatic.com which is currently being hosted by an isp. All is well sending mails from the exchange server but my problem is receiving mails to the foldermatic.com domain

I have pointed the DNS A record on the foldermatic.com ISP to the exhange server public ip address and set the MX record to the exchange server. e.g. server3.activedirectorydomain.com

my active directory domain is not foldermatic.com but exchange has been configured and all active directory users have a @foldermatic.com domain

can anyone give any tips/advice as to what i need to do so that foldermatic.com emails actually come to my exchange server?

Many Thanks.

 

[Zelandakh]

This has been covered to death in all Exchange forums.

Your ISP MX record needs to have the public IP of your Exchange server.

The Exchange server needs to have the SMTP virtual server running.

From inside, telnet to the Exchange server on port 25. Should get a response.
From outside, repeat. Should get the same response.

 

[dsflee]

ok cheers for that. i've had a good look around the forums but am still a little bit stuck.

I have pointed my domain foldermatic.com's MX record to a subdomain mail.foldermatic.com - this subdomain points to the public ip address of my exchange server and in the MX record for the subdomain, I have put in the name of the exchange server e.g. server3.stlhd.com (stlhd.com being the name of our windows 2000 domain)

now when i test sending mails for @foldermatic I don't get any error messages and I'm not sure where the emails are ending up. Anyone got any pointers?

 

[Marcs41]

the IP of your MX record (the one known to your ISP etc.) has to point to where the server is, your WAN Ip, if there is a router/firewall in between, and ther better be, then you need to forward port 25 to the internal Ip of the Exchange Server. Done. No more, no less.
What the names are does not really matter, as long as the IP is correct.

Marc
[sub]If 'something' 'somewhere' gives 'some' error, expect random guesses or no replies at all.
Free Tip: The F1 Key does NOT destroy your PC![/sub]
Have a look at the shop @

http://www.cafepress.com/tektips

!

 

[petaverde]

Hi, I have attempted to telnet onto your mail server, no connection... Also unable to ping mail server... Are you sure that your firewall is correctly configured to allow traffic through to your mail server?

 

[dsflee]

Cheers Marcs41

The ISP's MX Record points to our address 212.34.x.180 (which is the public IP address of the exchange server).

Our firewall sits on the public IP 212.34.x.177 and I have set up a rule to point all traffic on port 25 to the internal IP address of the exchange server.

However, still no joy? should the MX record point to the firewall address directly? and from there forward to the internal IP of the exchange server?

Many Thanks.

 

[dsflee]

Hi Geoff.

Yep the firewall is configured to forward all Send Email and Retrieve email traffic to port 25. do I need to point my MX record to the firewall IP address in order for the rule to invoke? Or will the firewall apply the rule even if the MX record points to the exchange server?

firewall IP: 217.34.8.177
exchange: 217.34.8.180

 

[petaverde]

Hi.. Have checked your DNS records at dnsstuff.com the MX record still points to 217.*.*.180, check that the NameServer has been configured to point to your firewall...

 

[dsflee]

Many Thanks Geoff. I'll update the records and let you know how I get on...

 

[Marcs41]

Your MX has to point to your WAN IP, that is the EXTERNAL IP of your Firewall (177).
Check the records while trying, it can take a while for them to update.
But, you should not keep your Exchange on a public address, directly accesible from the net!

Marc
[sub]If 'something' 'somewhere' gives 'some' error, expect random guesses or no replies at all.
Free Tip: The F1 Key does NOT destroy your PC![/sub]
Have a look at the shop @

http://www.cafepress.com/tektips

!

 

[dsflee]

ok Marcs41 - will take off the public IP on the exchange. Cheers.

 

[dsflee]

ok guys. Here is the scenario

foldermatic.com's MX record is a subdomain: mail.foldermatic.com

the A record for mail.foldermatic.com points to the EXTERNAL IP of my Firewall 217.34.8.177

(for the MX record i have put the FQDN of the exchange server)

My sonicwall firewall has been configured with a rule that all port 25 traffic from WAN has a destination of my Exchange servers local IP.

Still no joy when trying to send mail to the exchange server. On the sender side, I am getting no delivery errors and when i request delivery receipts nothing received.

Any other pointers? Many Thanks.

 

[petaverde]

Hi,

DNS records now look fine... However still cannot telnet onto your server... Would suggest problem now lies with your firewall setup...

 

[dsflee]

Cheers Geoff - I'll take a look at the firewall..

 

[dsflee]

geoff - how are you trying to telnet on to the server? telnet 217.34.8.177 25 ?

 

[Marcs41]

http://support.microsoft.com/default.aspx?scid=kb;en-us;Q153119

Marc
[sub]If 'something' 'somewhere' gives 'some' error, expect random guesses or no replies at all.
Free Tip: The F1 Key does NOT destroy your PC![/sub]
Have a look at the shop @

http://www.cafepress.com/tektips

!

 

[petaverde]

Yes... get error message'could not open connection to the host, on port 25'

 

[Marcs41]

You may want to check with your ISP too, if they don't block port 25 or SMTP.

Marc
[sub]If 'something' 'somewhere' gives 'some' error, expect random guesses or no replies at all.
Free Tip: The F1 Key does NOT destroy your PC![/sub]
Have a look at the shop @

http://www.cafepress.com/tektips

!

 

[dsflee]

Hi Guys - still no joy!

-foldermatic.com mx records points to mail.foldermatic.com
-mail.foldermatic.com points to my public ip on the firewall
all the dns settings look to be good.

-firewall has an allow rule for allow all traffic from outside on port 25 and the destination for this traffic is the lan ip address of my exchange server.

-spoke to my firewall guys and they were under the impression that all was well although i did have to make some changes etc e.g. allow fragmented packets

-ISP is not blocking any port 25 or smtp traffic

-when i send a test mail to foldermatic.com no delivery errors received. However i notice that there is no log in my firewall when i send myself test messages. does this mean that the messages are not actually reaching the firewall? the firewall has been configured to log all SMTP communications.

any other ideas guys? much appreciated for all your help so far.

 

[dsflee]

Update:

My firewall guys have proven that connections are actually passing through the firewall to the exchange server. However when any request gets to the exchange server e.g. a mail or a telnet request, the exchange server just drops these requests. Cojld it be that my exchange server is configured for LAN access only? as no problem with internal mail and telnet from within the LAN. If so, could anyone let me know where I configure the access to the server with the Exchange system manager? or anywhere I can configure the security sessions for the Exchange server?

Cheers.