Exchange Server Forums
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Set up to the outside world...
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
 Limited time MSExchange.org offer! -- 1.Sep.2008 1:00:00 PM
|
|
TechGenix and SolarWinds have partnered to provide free copies of SolarWinds Exchange Monitor to all visitors who join the MSExchange.org Forums. SolarWinds Exchange Monitor is a handy desktop dashboard that continuously monitors Microsoft Exchange to deliver real-time insight into Exchange services, mail queue sizes, and host server health. Learn more about Exchange Monitor and the free offer!
|
Set up to the outside world... - 30.Jan.2008 1:58:43 PM
|
|
|
cwallace
Posts: 84
Joined: 31.Jul.2007
Status: offline
|
I have a fresh install of Exchange 2003 on a Win 2k3 box. That box is a member of the domain controlled by a Win 2k box.
I have a domain name to use and the DC has an established outside IP address.
I am trying to figure out how I make the Exchange box live to the outside world...Not sure really how to even explain it, but it is probably something really stupid simple.
Should I point the domain name to the IP of the DC and then somehow route through the DC to the Exchange box?
I am trying to trace how traffic flows though here...I am new to exchange and the more advanced internal routing with Windows Servers, but eager and willing to learn...
Any help at this point would be awesome...
Chris
|
|
|
|
|
RE: Set up to the outside world... - 30.Jan.2008 2:49:57 PM
|
|
|
a.grogan
Posts: 1887
Joined: 12.Apr.2005
From: London
Status: offline
|
Hey Chris a couple of q's to clarify if you don't mine chap;
You say that "you have a domain name to use" and the "DC has an External IP address" - do you mean that you have an external domain such as "chris.com" and you wish to point e-mail access to it. - you should not (under any circumstances) have a DC with an external IP address to the internet.
What you are looking to do is create an MX record (mail exchanger) for your domain which points to an IP address on your Firewall (in the outside world).
This IP address should then have an access list that translates and routes port 25 traffic to the internal IP address of the SMTP virtual server of your Exchange server.
Lets us know,
Cheers
A
_____________________________
Andy Grogan
MSExchange.org Forums Moderator
For my general ramblings about Exchange please visit my blog:
W: http://telnetport25.wordpress.com/
M: manifoldmaster@gmail.com
|
|
|
|
|
RE: Set up to the outside world... - 30.Jan.2008 3:13:13 PM
|
|
|
cwallace
Posts: 84
Joined: 31.Jul.2007
Status: offline
|
Hmm...let me think this one through.
Well...our DC has an outside IP address that is assigned through a firewall...so no it isn't actually ON the DC...so that is no worry...I understand what you mean there...heh...
It is the MX record that controls the mail routing? I have an A record set up that points mail.fwmlive.com through to my Exchange box (INTWEB).
I have an MX record set up at my DNS host that points an MX record at mail.fwmlive.com to our outside IP address...
Does this clarify or make some sense? hehe...
Chris
|
|
|
|
|
RE: Set up to the outside world... - 30.Jan.2008 3:19:36 PM
|
|
|
a.grogan
Posts: 1887
Joined: 12.Apr.2005
From: London
Status: offline
|
Hiya chap, mail.fmlive.com points to 65.23.65.30 do you recognise this address?
Cheers
A
_____________________________
Andy Grogan
MSExchange.org Forums Moderator
For my general ramblings about Exchange please visit my blog:
W: http://telnetport25.wordpress.com/
M: manifoldmaster@gmail.com
|
|
|
|
|
RE: Set up to the outside world... - 30.Jan.2008 5:03:49 PM
|
|
|
cwallace
Posts: 84
Joined: 31.Jul.2007
Status: offline
|
That is our public IP address...
So I think I need to now set up an MX record to point to the internal server that has exchange on it...
Chris
|
|
|
|
|
RE: Set up to the outside world... - 30.Jan.2008 7:02:48 PM
|
|
|
Sembee
Posts: 3583
Joined: 17.Jan.2008
From: Somewhere near London, UK
Status: offline
|
Why is the external IP address pointing to the domain controller? (Presuming that the domain controller and the Exchange server are seperate machines).
You need to either have the external IP address pointing to the Exchange server, or forward the relevant ports on the firewall. You need at least port 25 (SMTP). If you want OWA access then you need port 80 (http) and/or 443 (https).
MX records point to hosts, not IP addresses.
Simon.
_____________________________
Simon Butler,
Exchange MVP
Blog: http://www.sembee.co.uk/
Web: http://www.amset.info/
In the UK? Hire me: http://www.amset.co.uk/
|
|
|
|
|
RE: Set up to the outside world... - 8.Feb.2008 11:53:11 AM
|
|
|
cwallace
Posts: 84
Joined: 31.Jul.2007
Status: offline
|
OK...what we have is the MX record is pointing to our ASA...at IP 65.23.65.29 using the domain name of fwmlive.com
The MX record is set up with mail.fwmlive.com handling the mail for fwmlive.com
The ASA has port 25 and 110 open for SMTP traffic and then points it internally to our exchange box that is on the internal IP of 192.168.188.210.
I can send out perfectly fine, but I get nothing BACK when I do a reply to the e-mail that is received.
Do I need to define that host somewhere internally? Do I need an internal MX record set up on our DC?
Suggestions?
Chris
|
|
|
|
|
RE: Set up to the outside world... - 8.Feb.2008 12:11:29 PM
|
|
|
uemurad
Posts: 5485
Joined: 7.Jan.2004
From: California, USA
Status: online
|
The FQDN named in your MX record does not respond to TCP port 25 (SMTP) communications. You need to either forward the port 25 traffic through to your Exchange server, or configure the ASA to accept the traffic and deal with it appropriately (assuming you are using the ASA to filter).
Your internal DNS server only responds to queries directed at it. Typically that means only your other internal systems (and not public requests). You normally do not need MX records configured there.
_____________________________
Regards,
Dean T. Uemura
Microsoft MVP - Exchange
exchangeguy.blogspot.com
uemurad@yahoo.com
|
|
|
|
|
RE: Set up to the outside world... - 8.Feb.2008 12:27:21 PM
|
|
|
cwallace
Posts: 84
Joined: 31.Jul.2007
Status: offline
|
ok...now we had to change the IP to 65.23.65.26 from the other posted .29
Our CISCO guy had something wrong there...I am waiting on it to propagate and can test again.
Chris
|
|
|
|
|
RE: Set up to the outside world... - 8.Feb.2008 3:50:17 PM
|
|
|
cwallace
Posts: 84
Joined: 31.Jul.2007
Status: offline
|
It has propagated and now is coming back as 65.23.65.26 (as it should) but still no success on e-mail coming in.
Toss another test at it and see what you get back..
What command or tool should I use to test something like this?
Chris
|
|
|
|
|
RE: Set up to the outside world... - 8.Feb.2008 4:10:04 PM
|
|
|
Sembee
Posts: 3583
Joined: 17.Jan.2008
From: Somewhere near London, UK
Status: offline
|
If you have access to an external machine then you can test connectivity by opening a command prompt and typing:
telnet 65.23.65.26 25
note the space 25 at the end.
That will either show a banner or fail to connect.
At the time of writing I do not get a response on that IP address.
Simon.
_____________________________
Simon Butler,
Exchange MVP
Blog: http://www.sembee.co.uk/
Web: http://www.amset.info/
In the UK? Hire me: http://www.amset.co.uk/
|
|
|
|
|
RE: Set up to the outside world... - 8.Feb.2008 4:35:08 PM
|
|
|
cwallace
Posts: 84
Joined: 31.Jul.2007
Status: offline
|
Well I know that telnet wont work at all...that is locked down pretty hard...or damn well better be...:) Not my job..heh...
tracert times out a lot...
Of course the exchange logs won't tell me anything since the messages never even get there to log a failure..
This is all around sucky...:)
Chris
|
|
|
|
|
RE: Set up to the outside world... - 8.Feb.2008 4:48:53 PM
|
|
|
Sembee
Posts: 3583
Joined: 17.Jan.2008
From: Somewhere near London, UK
Status: offline
|
Telnet is just simulating what SMTP does, it isn't telnet in the traditional sense. You also have to do it from OUTSIDE the firewall. I usually remote back to my home PC to do tests like that.
Simon.
_____________________________
Simon Butler,
Exchange MVP
Blog: http://www.sembee.co.uk/
Web: http://www.amset.info/
In the UK? Hire me: http://www.amset.co.uk/
|
|
|
|
|
RE: Set up to the outside world... - 8.Feb.2008 5:02:24 PM
|
|
|
cwallace
Posts: 84
Joined: 31.Jul.2007
Status: offline
|
Failure all around..my CISCO guy says I need to have port 25 and 110 open to make exchange work.
I have them both open. I cannot for some reason start the POP3 service in Exchange either. It says it did not open in a timely fashion and fails.
Chris
|
|
|
|
|
RE: Set up to the outside world... - 9.Feb.2008 3:35:27 PM
|
|
|
blaine
Posts: 2
Joined: 9.Feb.2008
Status: offline
|
I'm in the same boat as you, cwallace. I'm able to send but not recieve any email. I just switched from DSL to a T1 connection and switched ISP. So I changed my MX records and reverse DNS and still not able to recieve any emails. I have a GFI server in between my firewall and exchange but it seems just to work only with the DSL. I removed the GFI trying to isolate the problem but still it wouldn't recieve any emails so I'm kind of in the same posistion as you. I also checked all my port 25 to ensure its opened and it is so I'm puzlled? I just started with this company and just getting to know all the "ropes" but still learning how exchange works.
< Message edited by blaine -- 9.Feb.2008 3:36:49 PM >
|
|
|
|
|
RE: Set up to the outside world... - 9.Feb.2008 5:32:04 PM
|
|
|
Sembee
Posts: 3583
Joined: 17.Jan.2008
From: Somewhere near London, UK
Status: offline
|
You don't need port 110 open if you aren't going to use POP3. Email will come in and go out through port 25 open. In an ideal world the only ports you need are 25 and 443. No other ports required.
The POP3 service is disabled by default. If you want to start it then you need to change the service in Services in Computer Management from Disabled to Manual or Automatic, then you will be able to start it. However you don't need it to use Exchange.
Verify that you can connect to the SMTP port internally, if you can then the firewall is the source of the problem.
Simon.
_____________________________
Simon Butler,
Exchange MVP
Blog: http://www.sembee.co.uk/
Web: http://www.amset.info/
In the UK? Hire me: http://www.amset.co.uk/
|
|
|
|
|
RE: Set up to the outside world... - 11.Feb.2008 11:30:26 AM
|
|
|
cwallace
Posts: 84
Joined: 31.Jul.2007
Status: offline
|
Ok...I have done: telnet 192.168.188.210 25 and 110 from the exchange box, the PDC, and my desk machine and had no issue whatsover connecting...
Now...of course using an outside IP address to connect fails...
So I am assuming FW then at this point? This CISCO guy is NOT an ASA guy for some reason...no frickin' clue why he would even suggest using a FW that he has no clue about...
Chris
|
|
|
|
|
RE: Set up to the outside world... - 11.Feb.2008 12:12:24 PM
|
|
|
Sembee
Posts: 3583
Joined: 17.Jan.2008
From: Somewhere near London, UK
Status: offline
|
If you can connect completely inside then it is either the firewall or the ISP blocking the ports. If there are concerns over the skill set of the firewall guy then that is probably the source of the problem.
Simon.
_____________________________
Simon Butler,
Exchange MVP
Blog: http://www.sembee.co.uk/
Web: http://www.amset.info/
In the UK? Hire me: http://www.amset.co.uk/
|
|
|
|
|
RE: Set up to the outside world... - 11.Feb.2008 12:50:34 PM
|
|
|
cwallace
Posts: 84
Joined: 31.Jul.2007
Status: offline
|
quote:
ORIGINAL: Sembee
If there are concerns over the skill set of the firewall guy then that is probably the source of the problem.
Thank you for the laugh...I literally laughed out loud at that line...:)
I have questioned his 'skill set' as well as that of my Boss's since the first week I started this job...but who am I to bring things to their attention...:) I am just the lowly network technician/PC technician...heh...
I will be on him like stink about getting this figured out...if I have to bring someone in independent and pass along the bill to him...
I will keep you posted...thank you for all of the help...
Chris
|
|
|
|
|
RE: Set up to the outside world... - 11.Feb.2008 1:26:18 PM
|
|
|
Sembee
Posts: 3583
Joined: 17.Jan.2008
From: Somewhere near London, UK
Status: offline
|
Should have revised what I wrote, as it should have said something like
"If there are concerns over the skill set of the firewall guy then the firewall is probably the source of the problem. "
I wasn't saying the firewall guy is directly, just that if he hasn't configured correctly (because he doesn't know how) then the firewall is the likely cause.
Simon.
_____________________________
Simon Butler,
Exchange MVP
Blog: http://www.sembee.co.uk/
Web: http://www.amset.info/
In the UK? Hire me: http://www.amset.co.uk/
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
