• RSS
  • Twitter
  • FaceBook

Exchange Server Forums

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Email blues

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Microsoft Exchange 2000] >> General >> Email blues Page: [1]
Login
Message << Older Topic   Newer Topic >>
Email blues - 15.Sep.2001 5:11:00 AM   
jskin1

 

Posts: 7
Joined: 15.Sep.2001
Status: offline
I have set up an Exch2K server and sent mail no problem through an old "gatekeeper" firewall. (Input the SMTP Virtual server with the "Gatekeeper" IP for Smart host) All works fine...

We have switched over to ISA server for better firewall protection. I tried using the "Secure Mail Wizard" which went fine. I changed the SMTP Virtual Server to point to the IP (internal NIC)of the ISA server for the Smart Hostand verified the DNS configuration for the external DNS.

I get nothing, ok I get a build up in the SMTP Queue. I try forcing connection but no luck. I can switch back to the "gatekeeper" firewall and send/recieve all day.

ISA is set to use port 25 for exchange. It is part of an all Win2K domain. Running SP1 for exchange and SP2 for Win2K. All users can surf the web no problem. Internal mail is no problem either.

Any suggestions? Thanks.....

Post #: 1
RE: Email blues - 15.Sep.2001 4:48:00 PM   
Digitalcandy

 

Posts: 197
Joined: 2.Jul.2001
From: Orange County, CA
Status: offline
Besides doing the "Secure Mail Wizard" with ISA, you also have to manually open the DNS querry port. I forget which port number it is, I think 53, but the name is DNS querry. That should set you free my friend.

(in reply to jskin1)
Post #: 2
RE: Email blues - 16.Sep.2001 7:46:00 AM   
jskin1

 

Posts: 7
Joined: 15.Sep.2001
Status: offline
Ryan - thanks for the help. But I have already set opened the DNS querry port 53 for TCP and UDP. I know that the TCP is the one most talked about but, I read somewhere that for certain DNS querries UDP is needed. This is still not sending me to the promise land =D .

Think it is in my SMTP smart host or the lack of a "relay" on the internal network?

How does exchange know to send outbound email to the ISA server for external mail?
My network is segmented and the routers are the "Default Gateways" for each computer (including Exchange2K). Since the Exchange and ISA are on the same segment should Exchange use ISA as it's gateway?

Still struggling -

Thx,

Jason


(in reply to jskin1)
Post #: 3
RE: Email blues - 16.Sep.2001 6:09:00 PM   
Digitalcandy

 

Posts: 197
Joined: 2.Jul.2001
From: Orange County, CA
Status: offline
You did not mention your email server's Gateway IP. Make sure it has the internal NIC of ISA configured. This is how the Email server communicates through ISA. It is called SecureNAT.

On the Exchange side, you need to open the Virtural SMTP properties and click on the last of the four tabs to the right, (sorry, I can't remember the name of the tab). You will need to enter the Fully Qualified Domain Name of ISA in one of the fields. For DNS servers click advanced button. Make sure the DNS server IP addresses there are the ones that ISA uses on it's external NIC. Essentially you can use any internet DNS in this field.

You shouldn't need to use a "Smart Host", if your only going through ISA. Empty that field.


That is all you need on the Exchange side. Sounds like you did everthing correct on the ISA side, unless you messed with other settings. Basically if ISA is pretty much running in it's default configuration and then you run the "Secure Mail Wizard" and open TCP 53, your fine.

Very important to have your Email server Gateway IP pointing to internal NIC of ISA.


(in reply to jskin1)
Post #: 4
RE: Email blues - 16.Sep.2001 9:43:00 PM   
jskin1

 

Posts: 7
Joined: 15.Sep.2001
Status: offline
Thanks Ryan -

I will try this on Monday afternoon. I just got back from office trying other options to get it to work but had no luck.

I did however change the default gateway on the Exchange server to point to the ISA server. But I never cleared out the Smart host...will try that.

Also I ran "netstat" on the ISA server to see which ports were in use and it seemed that SMTP:25 was not listed?? It did at one point list exchange and other ports in the 3000 range?? Not sure what this ment but I thought that it should be using port 25.

Let me fill in some more details about the setup. Exchange is the only mail server, as well as ISA is the only internet gateway.
Exchange has no connectors configured. On the first tab on SMTP virtual server I have the IP address of the Exchange server selected and use port 25. No mail relay setup. On last tab (?) smart host pointed to the ISA (internal NIC) - which I will remove that IP (blank). DNS is configured to use the DNS servers of my ISP. On ISA I have ran the Secure Mail Server wizard and opened the TCP port 53 for DNS querries.

I have a router from Centurytel that connects to the firewall (ISA or Gatekeeper). I was wondering about the external NIC of the ISA server is say 192.168.0.11 this is not however that static IP address issued by Centurytel say 64.x.x.x So when I bind the external NIC to 192.x.x.x
in the Mail Wizard is this causing problems?

What is strange is that I can disconnect the ISA server and connect the "Gatekeeper" computer to the DSL and can send/rec. Internet email all day. The only change that I make is setting the Smart Host on Exchange to point to the Gatekeeper instead of ISA.

Thanks Ryan for all your help,

Jason


(in reply to jskin1)
Post #: 5
RE: Email blues - 17.Sep.2001 6:38:00 PM   
Digitalcandy

 

Posts: 197
Joined: 2.Jul.2001
From: Orange County, CA
Status: offline
Just to confirm things, your setup is the same as mine and many others here. I too have one Exchange 2000 box and a seperate ISA box. ISA is going through my DSL router.


In the SMTP properties sounds like you got things straightened out. The "fourth" tab is the Delivery tab. Once there you will click on the Advanced button. As I said earlier, you don't need a Smart Host. You do need to put in the FQDN of your ISA box right above the Smart Host. Then click the Configure button. This is where you have your internet DNS ip addresses.

That should be all. I think you will find things working once you take out the Smart Host IP address.


(in reply to jskin1)
Post #: 6
RE: Email blues - 17.Sep.2001 6:41:00 PM   
Digitalcandy

 

Posts: 197
Joined: 2.Jul.2001
From: Orange County, CA
Status: offline
quote:
Originally posted by jskin1:
I have a router from Centurytel that connects to the firewall (ISA or Gatekeeper). I was wondering about the external NIC of the ISA server is say 192.168.0.11 this is not however that static IP address issued by Centurytel say 64.x.x.x So when I bind the external NIC to 192.x.x.x
in the Mail Wizard is this causing problems?

Jason



Are you getting internet access from workstations in your environment? If so, then your external ISA settings are fine with the router. The "Secure Mail Wizard" is straight foward and I am sure you set it up correctly.


(in reply to jskin1)
Post #: 7
RE: Email blues - 18.Sep.2001 3:36:00 AM   
jskin1

 

Posts: 7
Joined: 15.Sep.2001
Status: offline
Ryan - Once again thanks for your help.

Although, I tried clearing out the Smart Host and adding the FQDN of the isa server on the delivery/advanced tab. Still having no luck with this.

Let me add some more info: We are running internal web sites through IIS 5.0. I believe that my problem is on the ISA server (because once again when I revert back to the gatekeeper server mail comes and goes). I believe that my server is not listening on port 25 SMTP. I have run netstat on the ISA server and can find NO instance of a port 25. Could one of the IIS servers be binding the port before Exchange? But shouldn't that show up on the netstat display? I have not published any other servers other than Exchange (Secure Mail Server). Could other computers on the network being trying to bind port 25??

I have also heard of people having problems with the Full version of ISA binding to port 25. But when they load the trial version it is corrected? I think I may attempt this next.

Everything looks to be in order with ISA and Exchange. All clients can connect to the web with no problems through ISA.

Thanks again,

Jason


(in reply to jskin1)
Post #: 8
RE: Email blues - 18.Sep.2001 3:49:00 AM   
jskin1

 

Posts: 7
Joined: 15.Sep.2001
Status: offline
Ryan - just found out something else.....

When I switched back over (to the Gatekeeper Firewall) with the Smart Host blank, I was unable to send/recv. external email. I had to add the Exchange server to the FQDN and add the ISA server back to the Smart Host.

Now I am sending again (not through ISA though)........


(in reply to jskin1)
Post #: 9

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Microsoft Exchange 2000] >> General >> Email blues Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts


Follow TechGenix on Twitter