Solved

Masquerading on the Exchange 5.5 server?

Posted on 2002-07-21
12
320 Views
Last Modified: 2006-11-17
I have a RS6000 (UNIX type system)IP:200.0.0.1 setup to direct all generated email to be sent to an Exchange 5.5 SBS Server on IP 200.0.0.2.
The Exchange 5.5 Server relays the email to the internet addresses as specified in the routing / Relay tab OK. However the email header is messy and is in the format of emailID@[200.0.0.2] (Some systems do not like this, invalid "from address" in header.
I wish to have the email from header written as emailID@domainname.ab.xy
How do I accomplish this function (Masquerading) on the Exchange 5.5 server?

Please Help... First time user all my points are on this one :-(
0
Comment
Question by:compuit
  • 7
  • 2
  • 2
  • +1
12 Comments
 
LVL 8

Accepted Solution

by:
steinmto earned 100 total points
Comment Utility
This feature was added in exchange 2000.  The only way I can think to do this is to set up another server to use for smtp mail.  You could setup another machine with IIS 4 or 5 on it and set the Masquerade Domain to what you want and foward all of your mail through that smtp server.  I have also read that sendmail will do this.

Tom
0
 
LVL 1

Expert Comment

by:ErikKruijswijk
Comment Utility
This can be done..
It was hard to find out, but i did.
This is from my knowledgebase:

SUMMARY

In a previous article the following was stated:

(Title: How to use Internet Mail Service to reroute messages)
"Administrators of Microsoft Exchange server 5 and higher have the ability to reroute internet mail messages with the originating 821 header intact, or rewritten to the site associated to the host where the IMS is homed."

However, when implementing the solution as despribed in the article, messages will not be rerouted in case of the secondary mail server/domain being in the same internal network.



CAUSE

To resend incoming messages on a communications computer to another mail server on the internal network (this setup is commonly used to increase connection security), the original rcpt-to header of the message needs to be preserved so that a proper reply can be generated bij de mail client software. To keep the RFC-821 rcpt-to header messages need to be forwarded. Exchange server is capable to do that using the forwarding rule. It is defined using the 'Specify by email Domain'-button on the 'Connection'-tabsheet, define which domain to forward an to which IP-address to forward to.

However, when an incoming message is to be forwarded to the defined domain and the domain is on the same network (the domain name is the same), the mesage will not be handled as an outbound message. Because it is not an outboud message to the internet, the forwarding rule will not be applied.



RESOLUTION

You have to make clear to Exchange server that the inbound domain is actually the same as the outbound domain. Then Exchanger server wil handle the messaged as real outbound messages and will apply the forwarding rule.

To do that you will have to enter a routing rule (this is different then what is mentioned in the original article). Open the IMC-properties and choose the 'Routing'-tab.

- activate 'Reroute incoming messages'
- delete the default <inbound> rule.
- add a new rule that reroutes all messages for 'DOMAIN.XXX' to 'DOMAIN.XXX' (they must be identical)
- confirm the entry.
- close the IMC-configuration and restart the IMC-service.

Now all inbound messages for 'DOMAIN.XXX' will be forwarded to the mail server at the IP-address mentioned in the forwarding rule.

Hope this helps you..
0
 
LVL 1

Author Comment

by:compuit
Comment Utility
Erik,

The proposed solution you described.... Would it have any impact on the clients currently connecting to the Exchange server?
As I understand the following changes will need to take place on the exchange 5.5 server.

1.  'Specify by email Domain'-button on the 'Connection'-tabsheet, define which domain to forward an to which IP-address to forward to
(Currently this step 1 has no email domain or IP defined)

2. - activate 'Reroute incoming messages'
3. - delete the default <inbound> rule.
4. - add a new rule that reroutes all messages for 'DOMAIN.XXX' to 'DOMAIN.XXX' (they must be identical)
5. - confirm the entry.
6. - close the IMC-configuration and restart the IMC-service.
0
 
LVL 1

Expert Comment

by:ErikKruijswijk
Comment Utility
Oh, damn..sorry, this is the way to forward messages WITH exchange server 5.5

Well, you reroute the messages to other email adressen right ?

Little drawing:

Server A           Exchange5.5              Popbox1
200.0.0.1          200.0.0.2                x.x.x.x
e-mail to PB1      forward to PB1           e-mail from ID@200.0.0.2

Is this the way it is now ??
0
 
LVL 13

Expert Comment

by:hstiles
Comment Utility
When you say internet clients, do you mean those outside of your organisation or SMTP recipients inside of your organisation.

If you mean outside, then would it not be possible for you to implement domain masquerading at the firewall level, provided of course it has SMTP proxy capabilities?
0
 
LVL 1

Author Comment

by:compuit
Comment Utility
Erik,

I carried out the operation and found that the header remained unchanged for mail sent from the RS6000. Also inbound mail created a "loop" where incoming mail to 'DOMAIN.XXX' from internet was routed straight to the outbound que. I appologise, as my senario may not be so clear. The Exchange5.5 has a dialup connection to the 'DOMAIN.XXX' ETRN mail que.

Server A on LAN to Exchange5.5 to dialup

Server A [Unix]         Exchange5.5              Popbox1
200.0.0.1               200.0.0.2                x.x.x.x
e-mail to internet      forward to PB1           e-mail from ID@[200.0.0.2]

Note : All Outlook clients connecting to Exchange5.5 server have no problem and all headers as desired.

hstiles,

Yes, recipients outside the organization. Basically any mail sent from Server A places the "[200.0.0.2]" instead of 'DOMAIN.XXX'

To implement domain masquerading at the firewall level provided it has SMTP proxy capabilities. What product do you recommend? However I am hoping this can be implemented with what I have currently.

The comment placed earlier in this call that Exchange 2000 has addressed this is great but I do not have this product.

Thanks for the feedback so far, really appreciate it. Back to the drawing board.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 13

Expert Comment

by:hstiles
Comment Utility
If you're using dial-up for mail, then an SMTP proxy is of little or no use.  Otherwise I'd have suggested something simple like a Firebox or PIX.

Do you have any plans to move away from using ETRN for mail in the near future?

Is there no way you can configure sendmail on the RS6000 with it's own SMTP connector that in turns forwards onto your Exchange server as some kind of Smarthost.  This would force sendmail to add a valid domain to outbound mail.
0
 
LVL 1

Author Comment

by:compuit
Comment Utility
hstiles,

The only developements planned in next 2 months is replacing the dialup connection with DSL (Broad Band) and possibly the addition of a Linux based system.
The RS6000 is simply setup to fire its out going mail at the exchange server's IP address 200.0.0.2 Now from there exchange relays it internally or to the outside world depending on email address. In fact I notice when the email is sent internally the header reads as ID@[200.0.0.2] as well, so you may have a point there that some work needs to be done on the RS6000??
Would the problem be the way the RS6000 presents the smtp header to exchange or is the exchange system do something crazy?
0
 
LVL 1

Author Comment

by:compuit
Comment Utility
hstiles,

The only developements planned in next 2 months is replacing the dialup connection with DSL (Broad Band) and possibly the addition of a Linux based system.
The RS6000 is simply setup to fire its out going mail at the exchange server's IP address 200.0.0.2 Now from there exchange relays it internally or to the outside world depending on email address. In fact I notice when the email is sent internally the header reads as ID@[200.0.0.2] as well, so you may have a point there that some work needs to be done on the RS6000??
Would the problem be the way the RS6000 presents the smtp header to exchange or is the exchange system do something crazy?
0
 
LVL 1

Author Comment

by:compuit
Comment Utility
Can someone help? Or is this operation not possible without upgraqding to Exchange 2000 or introducing another smtp server?
0
 
LVL 1

Author Comment

by:compuit
Comment Utility
Well it appears that steinmto has the answer to this senario.

Thanks
0
 
LVL 1

Author Comment

by:compuit
Comment Utility
Thanks RED Hat Linux 7.3 on its way.
0

Featured Post

Do email signature updates give you a headache?

Do you feel like you are constantly making changes to email signatures? Are the images not formatting how you want them to? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today.

Join & Write a Comment

We are happy to announce a brand new addition to our line of acclaimed email signature management products – CodeTwo Email Signatures for Office 365.
Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now