• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1572
  • Last Modified:

exchange 2003 hosting multiple domains

My exchange 2003 server is working fine. I now have to host another domain on this server. The MX record for this second domain points to a different IP. i.e domainA.com = 64.3.3.1 domainB.com =64.3.3.2 We own the IP's I have setup my firewall to for 1 to 1 NAT for the 64.3.3.1 and configured my exchange server with another private ip address of 192.168.1.2. I have also created a recipient policy with the new domain name and applied the policy to the users who need it, and i checked the box "this organization is responsible for" I then went to my default SMTP server, clicked the advanced tab, and added in the private ip 192.168.1.2 so it would listen on it.

When i try and send an email to  user@domainB.com from an outside account I get a return message that says


Final-Recipient: RFC822; <user@domainB.com >
Action: failed
Status: 5.1.1
 (64.3.3.2)
Diagnostic-Code: smtp; 550 5.7.1 Unable to relay for user@domainB.com

Am I on the right track here or way off?


0
kjman
Asked:
kjman
  • 2
  • 2
1 Solution
 
timianoCommented:
Make sure that once you have created the policy, you right click on it and choose to apply this policy now, and hit yes, to apply now.

Might be one thing

Timiano
0
 
kjmanAuthor Commented:
Yea I did that, but still no luck. Am i on the right track here?
0
 
ikm7176Commented:
you should point your MX record for DomainB to the same IP address as DomainA.

i.e DomainA-->  MX record= 64.3.3.1 and
     DomainB---> MX record = 64.3.3.1.

Since your exchange server is having 1 to 1 NAT with firewall. the mail for user@domainA.com is arriving to the IP address 64.3.3.1 and then passed on to your exchange server (NAT rule). But the mail for user@domainB.com is arriving at IP address 64.3.3.2 and ending up nowhere as your exchange is having 1 to 1 mapping with IP address 64.3.3.1
test your DNS report and MAIL test at  http://www.dnsreport.com
So change the MX record for domainB to IP address 64.3.3.1. to allow the the e-mail flow.
change of MX record will take 48 hours to propogate to all the public DNS servers.

Hope this solves your problem .

Also check http://support.microsoft.com/default.aspx?scid=kb;EN-US;318635 for server configuration
0
 
kjmanAuthor Commented:
But the mail for user@domainB.com is arriving at IP address 64.3.3.2 and ending up nowhere as your exchange is having 1 to 1 mapping with IP address 64.3.3.1

Well I created a separate 1 to 1 NAT rule for 64.3.3.2 to map to 192.168.1.2 so this would mean that I have two 1 to 1 NAT rules configured. one for 64.3.3.1 maping to 192.168.1.1 and one for 64.3.3.2 maping to 192.168.1.2. With this in place I can send emails to user@domainA.com no sweat, and i know that the second 1 to 1 NAT rule on the firewall is setup correctly because when i send an email to user@domainB.com I get a unable to realy message bounced back to me. This tells me that the port 25 is open on the firewall for 64.3.3.1 but its exchagne that doesnt like domainB.com

You are right though about making both domains MX records point to the same IP address, and i have done that. I think this will make things a bit less complicted, and easy to understand.

Skip
0
 
timianoCommented:
Its almost certainly the recipient update service not adding the policy....I'm confused!, but then I suppose you are too :-)

Go into AD users and computers and check that the user you are sending to has that domain listed as one of its proxy addresses.  If not, go back into the policy and make sure the tick is in the box, and make sure you haven't got some funky ldap filter on it.

Timiano
0

Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now