Solved

How to configure DNS for my private ip Exchange Svr to get mail from outside

Posted on 2003-12-11
12
866 Views
Last Modified: 2010-08-05
My senario...we're building a brand new network, and I have a new T1 for Internet with HellSouth.  They manage the router and forward everything.  Behind that is my firewall (SonicWall 230).  The firewall does NAT for my network, and I can open up ports for my new Exchange Server 2000.  Internal name resolution is done with Windows 2000, Active Directory integrated DNS. My internal DNS is pointing to internet root servers and works.  I can surf the web, and even send out mail. My internal domain name is like company.local.  My public domain name, say company.com will soon point to bellsouth name servers. Do I get bellsouth to put an MX and A record on their name servers pointing to my WAN address? or do I put those records in my private DNS?  Can I tell hellsouth to just forward all traffic bound for company.com to my WAN address, or should I do something different?

TIA,
Alan Brewer
0
Comment
Question by:brewewa
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 3
12 Comments
 
LVL 2

Expert Comment

by:EjayHire
ID: 9925402
Hi.  Since the Sonicwall is doing address translation, Bellsouth will put the sonicwalls' external ip as the A record for the MX.  That's the easy part.  

Since you are keeping your external dns namespace different than your internal DNS (not a bad idea) you will need to make a change to your recipient policy so exchange will accept mail for your users' @company.com email addresses.

To do this,
Start -> Programs -> Microsoft Exchange -> System Manager -> recipients -> Recipient Policy -> right-click Default Policy -> properties.

On the Email addresses (Policy) folder tab, click NEW, then click smtp address.  In the address box type @company.com.
Check the "This exchange organization is responsible for all mail delivery to this address." and click apply -> ok.

This will take you back to the Email addresses (policy) screen.  Since the internet won't be able to send mail to @company.local, you'll need to change the default reply-to address to @company.com.  To do this you highlight SMTP  @COMPANY.COM and click "Set as Primary".  Click Apply ->  Ok and you should be all set.

Good luck,
Ejay hire at hotmail dot com
0
 

Author Comment

by:brewewa
ID: 9930622
Thanks Ejay.  Bellsouth put the sonicwalls' external ip as the A record for the MX, and the recipient policy has been changed to reflect my @company.com addresses.  But I'm still not receiving any email.  I can send out OK though.  If I telnet to my public wan address on port 25 smtp, the response comes back with my private FQDN, like mail.company.local.  Shouldn't the response come back with my public FQDN, mail.company.com?  If so, does this indicate an incorrect setting in Exchange Server?

TIA,
Alan Brewer
0
 
LVL 2

Expert Comment

by:EjayHire
ID: 9930736
Curious.  Take a look at a user and see if the recipient policy has pushed the new email address from the recipient policy to the users.  This is under the Email-addresses tab of a user in Active directory users and computers.

Start -> Programs -> Microsoft Exchange -> Active Directory Users and Computers -> pick a user ->Email Addresses.
You should have an SMTP entry for username@mycompany.com.  If not, then you need to tell the recipient policy to update all the users.  To do that you..

Start -> Programs -> Microsoft Exchange -> System Manager -> Recipients -> Recipient Policy -> right-click Default Policy -> Apply this policy now.

If the addresses still haven't updated after this, then you might try forcing replication in Active directory sites and services.  I'm busy at work right now, let me know if it still doesn't work.

-Ejay
0
Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 

Author Comment

by:brewewa
ID: 9931276
In fact, the recipient policy was in place before I discovered that I had a problem, but I did go and verify that the default SMTP entries are username@mycompany.com.

Could be a DNS issue, or an exchange server issue. ???  If I can telnet using the gateway ip and port 25, then the firewall is forwarding the port ok, but still exchange server responds back with my private FQDN, not my public one, mail.mycompany.com.
0
 
LVL 3

Expert Comment

by:ydirie
ID: 9934004
Answer to this question
Do I get bellsouth to put an MX and A record on their name servers pointing to my WAN address ?
yes or you will never receive an external email. Also check with bellsouth on how many MX you have.
Are you the first MX, or the second mx record and bellsouth is your first MX and forwarding to the second mx which is you.
Make sure they use the IP address they provided for you.
Creation of a MX record could take from few minutes to 72 hrs.


test to see if changes took place

nslookup ENTER

set q=mx ENTER

type your domain name i.e yahoo.com ENTER

it should resolve to who has your mx record

you said you already had recipient policy set up. check to make sure  it propaged down to every one or the test account by checking the proxy email address. It should have something like test@mydoain.com ( SMTP ofcourse)

peace.
0
 
LVL 2

Accepted Solution

by:
EjayHire earned 250 total points
ID: 9935371
Sorry for the delay in replying.  Let's figure this one out shall we?

SMTP server test.

Telnet to port 25 of the ip you gave bellsouth to use for your MX.
start->run-> telnet x.x.x.x 25
Type the following.  Sorry, you can't use the backspace key, so a copy and paste is probably better.  Things in quotes are what you type, things in Parentheses are the responses.

'HELO mydomain.com'
(220 blablablablablablablablablablablablablablabla)
'MAIL FROM:<USERNAME@company.com>'
'RCPT TO:<USERNAME@company.COM>'
(If you get a 550 User unknown, try)
'RCPT TO:<USERNAME@company.local>'
'DATA'
'TEST'
'.' <--This is a period and enter on a line by itself.  It tells the SMTP server you are done with this message.
(12345 Message queued)
'quit'

If you get to the 12345 Message queued with the @company.com address then the Smtp server is working right, the next thing is to take a look at DNS.

(Which I'll post in the next installment of "days of our server"  ... Just kidding, sorry I can be a little long winded.
0
 
LVL 2

Expert Comment

by:EjayHire
ID: 9935406
To Check your DNS, use NSLookup as another person reccomended or go to http://www.samspade.org and tpye yourdomain.com into the top box on the first page and click "Do Stuff".  It shoudl come back and say something like this.

company.com resolves to 216.153.37.100

www.company.com resolves to 216.153.37.100

Mail for company.com is handled by smtp.company.com (5) x.x.x.x

... Where x.x.x.x is the external ip address of your firewall.

-Ejay



0
 

Author Comment

by:brewewa
ID: 9935920
Ejay, I can't thank you enough for helping me.  Here's where I am...

You said to telnet to port 25 of the ip i gave smellsouth for my mx, so i did
   telnet x.x.x.33 25
where x.x.x.33 is what bellsouth gave me for "Ethernet IP(gateway to your LAN)".
Telnet says "Connection failed".
So I did this....
  telnet x.x.x.34 25
where x.x.x.34 is the pulic address of my firewall
Telnet says 220 exc1.company.local Microsoft ESMTP blablabla.

So have I told bellsouth the wrong address for mx? I gave them x.x.x.33 (the router), but on my side of the router is my firewall, at x.x.x.34.

Alan
0
 
LVL 2

Expert Comment

by:EjayHire
ID: 9939834
Bingo.  Have Bellsouth change the A record for the MX to the public address of the firewall x.x.x.34 and you should be all set.  One more thing, since you have to send a ticket to the dns group for the MX update, go ahead and have them setup the reverse dns for the x.x.x.34 to match the A record for your MX.  This will help in the future so "strict" mail servers won't reject your mail.  (cough cough aol cough)

i.e.

Have them create an A record for mail.company.com to x.x.x.34.  Then point the MX record to mail.company.com.  Last, have them create a PTR (reverse DNS) record for x.x.x.34 that points to mail.company.com.

Good Luck,
Ejay
0
 
LVL 3

Expert Comment

by:ydirie
ID: 9941941
Sometimes, it feels like some people don't read all the posts :(~. my 12/13 provided everything you needed. Some troubleshooting better kept to very minumum.

FYI,

 Unless you create you host your own NS servers, almost all DNS hosting companies create reverse dns the mx they create.

Anyway, do as Ejay told you and you should be fine,

Good luck
0
 

Author Comment

by:brewewa
ID: 9957818
Ejay and ydirie,

Many, many thanks for your assistance and patience.  I couldn't have done it without your help, I'm sorry for the late response. It was an emergency network build which, unfortunately, is to be shut down.  I just found out that the company is closing :-(  

Well, I can chalk that 96 hours up for experience anyway!

I gave the solution to Ejay, his description just made since to me.  Ydirie, your answer was right, it just didn't sink in to my thick skull.
0
 
LVL 3

Expert Comment

by:ydirie
ID: 9958425
Dont sweat. I am hardly been understood :)-

the goal is to help others and whatevet works, works.
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
This article explains how to install and use the NTBackup utility that comes with Windows Server.
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question