Set up to the outside world... (Full Version)

All Forums >> [Microsoft Exchange 2003] >> Installation



Message


cwallace -> Set up to the outside world... (30.Jan.2008 1:58:43 PM)

I have a fresh install of Exchange 2003 on a Win 2k3 box. That box is a member of the domain controlled by a Win 2k box.

I have a domain name to use and the DC has an established outside IP address.

I am trying to figure out how I make the Exchange box live to the outside world...Not sure really how to even explain it, but it is probably something really stupid simple.

Should I point the domain name to the IP of the DC and then somehow route through the DC to the Exchange box?

I am trying to trace how traffic flows though here...I am new to exchange and the more advanced internal routing with Windows Servers, but eager and willing to learn...

Any help at this point would be awesome...

Chris




a.grogan -> RE: Set up to the outside world... (30.Jan.2008 2:49:57 PM)

Hey Chris a couple of q's to clarify if you don't mine chap;

You say that "you have a domain name to use" and the "DC has an External IP address" - do you mean that you have an external domain such as "chris.com" and you wish to point e-mail access to it. - you should not (under any circumstances) have a DC with an external IP address to the internet.

What you are looking to do is create an MX record (mail exchanger) for your domain which points to an IP address on your Firewall (in the outside world).
This IP address should then have an access list that translates and routes port 25 traffic to the internal IP address of the SMTP virtual server of your Exchange server.

Lets us know,

Cheers
A




cwallace -> RE: Set up to the outside world... (30.Jan.2008 3:13:13 PM)

Hmm...let me think this one through.

Well...our DC has an outside IP address that is assigned through a firewall...so no it isn't actually ON the DC...so that is no worry...I understand what you mean there...heh...

It is the MX record that controls the mail routing? I have an A record set up that points mail.fwmlive.com through to my Exchange box (INTWEB).

I have an MX record set up at my DNS host that points an MX record at mail.fwmlive.com to our outside IP address...

Does this clarify or make some sense? hehe...

Chris




a.grogan -> RE: Set up to the outside world... (30.Jan.2008 3:19:36 PM)

Hiya chap, mail.fmlive.com points to 65.23.65.30 do you recognise this address?

Cheers

A




cwallace -> RE: Set up to the outside world... (30.Jan.2008 5:03:49 PM)

That is our public IP address...

So I think I need to now set up an MX record to point to the internal server that has exchange on it...

Chris




Sembee -> RE: Set up to the outside world... (30.Jan.2008 7:02:48 PM)

Why is the external IP address pointing to the domain controller? (Presuming that the domain controller and the Exchange server are seperate machines).

You need to either have the external IP address pointing to the Exchange server, or forward the relevant ports on the firewall. You need at least port 25 (SMTP). If you want OWA access then you need port 80 (http) and/or 443 (https).

MX records point to hosts, not IP addresses.

Simon.




cwallace -> RE: Set up to the outside world... (8.Feb.2008 11:53:11 AM)

OK...what we have is the MX record is pointing to our ASA...at IP 65.23.65.29 using the domain name of fwmlive.com

The MX record is set up with mail.fwmlive.com handling the mail for fwmlive.com

The ASA has port 25 and 110 open for SMTP traffic and then points it internally to our exchange box that is on the internal IP of 192.168.188.210.

I can send out perfectly fine, but I get nothing BACK when I do a reply to the e-mail that is received.

Do I need to define that host somewhere internally? Do I need an internal MX record set up on our DC?

Suggestions?

Chris




uemurad -> RE: Set up to the outside world... (8.Feb.2008 12:11:29 PM)

The FQDN named in your MX record does not respond to TCP port 25 (SMTP) communications.  You need to either forward the port 25 traffic through to your Exchange server, or configure the ASA to accept the traffic and deal with it appropriately (assuming you are using the ASA to filter).

Your internal DNS server only responds to queries directed at it.  Typically that means only your other internal systems (and not public requests).  You normally do not need MX records configured there.




cwallace -> RE: Set up to the outside world... (8.Feb.2008 12:27:21 PM)

ok...now we had to change the IP to 65.23.65.26 from the other posted .29

Our CISCO guy had something wrong there...I am waiting on it to propagate and can test again.

Chris




cwallace -> RE: Set up to the outside world... (8.Feb.2008 3:50:17 PM)

It has propagated and now is coming back as 65.23.65.26 (as it should) but still no success on e-mail coming in.

Toss another test at it and see what you get back..

What command or tool should I use to test something like this?

Chris




Sembee -> RE: Set up to the outside world... (8.Feb.2008 4:10:04 PM)

If you have access to an external machine then you can test connectivity by opening a command prompt and typing:

telnet 65.23.65.26 25

note the space 25 at the end.
That will either show a banner or fail to connect.
At the time of writing I do not get a response on that IP address.

Simon.




cwallace -> RE: Set up to the outside world... (8.Feb.2008 4:35:08 PM)

Well I know that telnet wont work at all...that is locked down pretty hard...or damn well better be...:) Not my job..heh...

tracert times out a lot...

Of course the exchange logs won't tell me anything since the messages never even get there to log a failure..

This is all around sucky...:)

Chris




Sembee -> RE: Set up to the outside world... (8.Feb.2008 4:48:53 PM)

Telnet is just simulating what SMTP does, it isn't telnet in the traditional sense. You also have to do it from OUTSIDE the firewall. I usually remote back to my home PC to do tests like that.

Simon.




cwallace -> RE: Set up to the outside world... (8.Feb.2008 5:02:24 PM)

Failure all around..my CISCO guy says I need to have port 25 and 110 open to make exchange work.

I have them both open. I cannot for some reason start the POP3 service in Exchange either. It says it did not open in a timely fashion and fails.

Chris




blaine -> RE: Set up to the outside world... (9.Feb.2008 3:35:27 PM)

I'm in the same boat as you, cwallace.  I'm able to send but not recieve any email.  I just switched from DSL to a T1 connection and switched ISP.  So I changed my MX records and reverse DNS and still not able to recieve any emails.  I have a GFI server in between my firewall and exchange but it seems just to work only with the DSL.  I removed the GFI trying to isolate the problem but still it wouldn't recieve any emails so I'm kind of in the same posistion as you.  I also checked all my port 25 to ensure its opened and it is so I'm puzlled?  I just started with this company and just getting to know all the "ropes" but still learning how exchange works. 




Sembee -> RE: Set up to the outside world... (9.Feb.2008 5:32:04 PM)

You don't need port 110 open if you aren't going to use POP3. Email will come in and go out through port 25 open. In an ideal world the only ports you need are 25 and 443. No other ports required.

The POP3 service is disabled by default. If you want to start it then you need to change the service in Services in Computer Management from Disabled to Manual or Automatic, then you will be able to start it. However you don't need it to use Exchange.

Verify that you can connect to the SMTP port internally, if you can then the firewall is the source of the problem.

Simon.




cwallace -> RE: Set up to the outside world... (11.Feb.2008 11:30:26 AM)

Ok...I have done:   telnet 192.168.188.210 25 and 110 from the exchange box, the PDC, and my desk machine and had no issue whatsover connecting...

Now...of course using an outside IP address to connect fails...

So I am assuming FW then at this point? This CISCO guy is NOT an ASA guy for some reason...no frickin' clue why he would even suggest using a FW that he has no clue about...

Chris




Sembee -> RE: Set up to the outside world... (11.Feb.2008 12:12:24 PM)

If you can connect completely inside then it is either the firewall or the ISP blocking the ports. If there are concerns over the skill set of the firewall guy then that is probably the source of the problem.

Simon.




cwallace -> RE: Set up to the outside world... (11.Feb.2008 12:50:34 PM)

quote:

ORIGINAL: Sembee

If there are concerns over the skill set of the firewall guy then that is probably the source of the problem.



Thank you for the laugh...I literally laughed out loud at that line...:)

I have questioned his 'skill set' as well as that of my Boss's since the first week I started this job...but who am I to bring things to their attention...:) I am just the lowly network technician/PC technician...heh...

I will be on him like stink about getting this figured out...if I have to bring someone in independent and pass along the bill to him...

I will keep you posted...thank you for all of the help...

Chris




Sembee -> RE: Set up to the outside world... (11.Feb.2008 1:26:18 PM)

Should have revised what I wrote, as it should have said something like

"If there are concerns over the skill set of the firewall guy then the firewall is probably the source of the problem. "

I wasn't saying the firewall guy is directly, just that if he hasn't configured correctly (because he doesn't know how) then the firewall is the likely cause.

Simon.




Page: [1] 2 3   next >   >>