Can't Receive Mail - New Domain and Exchange Setup

- You don't need to setup MX on your DC. MX sits on public DNS server for user to lookup your mail server when sending email to your domain. Well, you do have a MX record configured on public DNS server.


- On your PIX, you need to forward port 25 to your internal mail server beavis, which is 192.168.8.5. I am pretty sure this is the part you are missing. Without this forwarding, packet targetting port 25 will stop at your PIX and don't know where to reach your exchange server which is on 192.168.x.x net.

Change the password on your PIX right now. You have just posted it to an open forum.

Make sure that your MX records are pointing to the correct place. Run a report at http://www.dnsreport.com/ to see what the Internet thinks is going on with your domain. Setting MX records on your internal server doesn't help the Internet to see it.

It looks like you have the PIX configured correctly - so it is probably DNS.

Simon.

Thanks guys.. Where do you see the PIX password? I see it as encrypted above.

The encryption is easy to break... do a Google and you will find the tools to reverse it.

Simon.

thanks.. i already chnaged the password.

Here is the error I get from dns stuff:

Getting MX record for jetselectric.com... Got it!

Host Preference IP(s) [Country] exchange.jetselectric.com. 10 65.248.218.238 [US] --------------------------------------------------------------------------------


Step 1:  Try connecting to the following mailserver:
         exchange.jetselectric.com. - 65.248.218.238

Step 2:  If still unsuccessful, queue the E-mail for later delivery.
--------------------------------------------------------------------------------
Trying to connect to all mailservers:

   exchange.jetselectric.com. - 65.248.218.238  [Could not connect: Could not connect to mail server (timed out).]

Also.

I cannot ping exchange.jetselectric.com or 65.248.218.238 from within Jets.. Is this a problem?

You will not be able to ping the external IP address from within your network - that is normal.
Also the PIX is usually configured not to respond to ping on its external interface.

I think I can see where you have gone wrong.
Change the Access list setting for SMTP port 25 to any on the external side (0.0.0.0)
This line:
access-list 102 permit tcp any interface outside eq smtp

should be

access-list 102 permit tcp any any eq smtp

Currently you are only allowing your own external IP address to connect to itself.

Simon.

Still no luck.. here is the update:

access-list 102 permit tcp any interface outside eq www
access-list 102 permit tcp any interface outside eq https
access-list 102 permit tcp any interface outside eq ftp
access-list 102 permit icmp any any
access-list 102 permit tcp any any eq smtp

We are of course presuming that it is the PIX rejecting the connection request.
That can be checked by using a Syslog application. http://www.kiwisyslog.com/
Then enable Syslog on the PIX to send to the internal IP address where the syslog application is stored.
With the application running, do a dnsreport test and see if the PIX is rejecting it.

If it isn't the PIX, have you made any changes to the SMTP virtual server that could affect connection? Attempts to lock down what can connect for example?

Simon.

Ok.. How to enable syslog on the PIX? :)

* I am still a beginer to PIX * thanks for your patience. :)

PDM?

System Properties, expand Logging. Choose "Syslog". Enter the IP address of the machine with Kiwi Syslog on it. Then choose the relevant option on the right. Warnings should be enough. Anything higher (notifications etc) and you will have too much to wade through.

Don't be concerned with what you see in the log - as you will see lots of things happening which is the PIX fighting off port scans etc. You are just looking for port 25 information.

Simon.

Ok Think I got it:

JETSFW(config)# logging on
JETSFW(config)# logging trap notifications
JETSFW(config)# logging facility 23
JETSFW(config)# logging host inside 192.168.8.5

I reran the email test from DNSStuff and all I get in the syslog is:

08-08-2004      12:04:50      Local7.Notice      192.168.8.1      %PIX-5-304001: 192.168.8.5 Accessed URL 69.2.200.183:/tools/mail.ch?domain=justin@jetselectric.com

Ok I used the PDM and setup warnings with facil 23.. Going to check the log now

I just ran a report from dnsreport.com and it still isn't letting the connection come in.

Have you made any changes to the SMTP configuration in Exchange?

Simon.

Not seeing anything on the syslog now.. i guess that good right?

Ok I changed the logging to Level 20 with info messages and I am getting lots of data now:

08-08-2004      12:16:57      Local4.Info      192.168.8.1      Aug 08 2004 10:08:57: %PIX-6-302013: Built inbound TCP connection 209648 for outside:209.216.105.29/36122 (209.216.105.29/36122) to inside:192.168.8.124/25 (65.248.218.238/25)
08-08-2004      12:16:56      Local4.Info      192.168.8.1      Aug 08 2004 10:08:56: %PIX-6-302013: Built inbound TCP connection 209647 for outside:64.253.199.65/37460 (64.253.199.65/37460) to inside:192.168.8.124/25 (65.248.218.238/25)
08-08-2004      12:16:54      Local4.Info      192.168.8.1      Aug 08 2004 10:08:55: %PIX-6-302014: Teardown TCP connection 209643 for outside:69.2.200.183/80 to inside:192.168.8.5/3652 duration 0:00:21 bytes 1400 TCP Reset-I
08-08-2004      12:16:44      Local4.Info      192.168.8.1      Aug 08 2004 10:08:45: %PIX-6-302014: Teardown TCP connection 209625 for outside:65.117.52.127/2191 to inside:192.168.8.124/25 duration 0:02:01 bytes 0 SYN Timeout
08-08-2004      12:16:44      Local4.Info      192.168.8.1      Aug 08 2004 10:08:45: %PIX-6-302014: Teardown TCP connection 209624 for outside:207.121.36.18/44325 to inside:192.168.8.124/25 duration 0:02:02 bytes 0 SYN Timeout
08-08-2004      12:16:44      Local4.Info      192.168.8.1      Aug 08 2004 10:08:45: %PIX-6-302013: Built inbound TCP connection 209646 for outside:213.60.65.215/3812 (213.60.65.215/3812) to inside:192.168.8.124/25 (65.248.218.238/25)
08-08-2004      12:16:42      Local4.Info      192.168.8.1      Aug 08 2004 10:08:42: %PIX-6-302013: Built inbound TCP connection 209645 for outside:209.216.105.22/59765 (209.216.105.22/59765) to inside:192.168.8.124/25 (65.248.218.238/25)
08-08-2004      12:16:39      Local4.Info      192.168.8.1      Aug 08 2004 10:08:40: %PIX-6-302014: Teardown TCP connection 209623 for outside:66.109.17.57/53379 to inside:192.168.8.124/25 duration 0:02:01 bytes 0 SYN Timeout
08-08-2004      12:16:34      Local4.Info      192.168.8.1      Aug 08 2004 10:08:35: %PIX-6-302014: Teardown TCP connection 209622 for outside:64.151.91.217/34655 to inside:192.168.8.124/25 duration 0:02:01 bytes 0 SYN Timeout
08-08-2004      12:16:33      Local4.Info      192.168.8.1      Aug 08 2004 10:08:34: %PIX-6-302013: Built inbound TCP connection 209644 for outside:69.2.200.182/1454 (69.2.200.182/1454) to inside:192.168.8.124/25 (65.248.218.238/25)
08-08-2004      12:16:33      Local4.Notice      192.168.8.1      Aug 08 2004 10:08:34: %PIX-5-304001: 192.168.8.5 Accessed URL 69.2.200.183:/tools/mail.ch?domain=justin@jetselectric.com
08-08-2004      12:16:33      Local4.Info      192.168.8.1      Aug 08 2004 10:08:34: %PIX-6-302013: Built outbound TCP connection 209643 for outside:69.2.200.183/80 (69.2.200.183/80) to inside:192.168.8.5/3652 (65.248.218.238/32451)
08-08-2004      12:16:33      Local4.Info      192.168.8.1      Aug 08 2004 10:08:34: %PIX-6-305011: Built dynamic TCP translation from inside:192.168.8.5/3652 to outside:65.248.218.238/32451
08-08-2004      12:16:33      Local4.Info      192.168.8.1      Aug 08 2004 10:08:34: %PIX-6-302016: Teardown UDP connection 209642 for outside:63.219.151.3/53 to inside:192.168.8.5/1059 duration 0:00:01 bytes 282
08-08-2004      12:16:33      Local4.Info      192.168.8.1      Aug 08 2004 10:08:34: %PIX-6-302015: Built outbound UDP connection 209642 for outside:63.219.151.3/53 (63.219.151.3/53) to inside:192.168.8.5/1059 (65.248.218.238/48152)
08-08-2004      12:16:33      Local4.Info      192.168.8.1      Aug 08 2004 10:08:34: %PIX-6-305011: Built dynamic UDP translation from inside:192.168.8.5/1059 to outside:65.248.218.238/48152
08-08-2004      12:16:31      Local4.Info      192.168.8.1      Aug 08 2004 10:08:31: %PIX-6-302014: Teardown TCP connection 209621 for outside:66.109.17.57/52179 to inside:192.168.8.124/25 duration 0:02:01 bytes 0 SYN Timeout
08-08-2004      12:16:31      Local4.Info      192.168.8.1      Aug 08 2004 10:08:31: %PIX-6-302014: Teardown TCP connection 209620 for outside:66.109.17.57/52151 to inside:192.168.8.124/25 duration 0:02:01 bytes 0 SYN Timeout
08-08-2004      12:16:30      Local4.Info      192.168.8.1      Aug 08 2004 10:08:30: %PIX-6-302014: Teardown TCP connection 209619 for outside:66.109.17.57/51989 to inside:192.168.8.124/25 duration 0:02:01 bytes 0 SYN Timeout
08-08-2004      12:16:26      Local4.Info      192.168.8.1      Aug 08 2004 10:08:26: %PIX-6-302014: Teardown TCP connection 209618 for outside:211.74.15.19/1918 to inside:192.168.8.124/25 duration 0:02:01 bytes 0 SYN Timeout
08-08-2004      12:16:25      Local4.Info      192.168.8.1      Aug 08 2004 10:08:26: %PIX-6-302013: Built inbound TCP connection 209641 for outside:211.239.32.110/1350 (211.239.32.110/1350) to inside:192.168.8.124/25 (65.248.218.238/25)
08-08-2004      12:16:14      Local4.Info      192.168.8.1      Aug 08 2004 10:08:14: %PIX-6-302013: Built inbound TCP connection 209640 for outside:70.240.77.26/3292 (70.240.77.26/3292) to inside:192.168.8.124/25 (65.248.218.238/25)
08-08-2004      12:16:14      Local4.Info      192.168.8.1      Aug 08 2004 10:08:14: %PIX-6-302014: Teardown TCP connection 209617 for outside:206.71.63.232/45590 to inside:192.168.8.124/25 duration 0:02:01 bytes 0 SYN Timeout
08-08-2004      12:16:12      Local4.Info      192.168.8.1      Aug 08 2004 10:08:13: %PIX-6-302013: Built inbound TCP connection 209639 for outside:218.75.117.195/36528 (218.75.117.195/36528) to inside:192.168.8.124/25 (65.248.218.238/25)
08-08-2004      12:16:10      Local4.Info      192.168.8.1      Aug 08 2004 10:08:11: %PIX-6-302014: Teardown TCP connection 209616 for outside:66.63.168.171/6707 to inside:192.168.8.124/25 duration 0:02:01 bytes 0 SYN Timeout
08-08-2004      12:16:07      Local4.Info      192.168.8.1      Aug 08 2004 10:08:08: %PIX-6-302014: Teardown TCP connection 209615 for outside:64.28.85.65/41511 to inside:192.168.8.124/25 duration 0:02:01 bytes 0 SYN Timeout
08-08-2004      12:16:04      Local4.Info      192.168.8.1      Aug 08 2004 10:08:05: %PIX-6-302014: Teardown TCP connection 209614 for outside:80.110.72.58/4064 to inside:192.168.8.124/25 duration 0:02:01 bytes 0 SYN Timeout
08-08-2004      12:16:02      Local4.Info      192.168.8.1      Aug 08 2004 10:08:02: %PIX-6-302013: Built inbound TCP connection 209638 for outside:200.150.130.121/4809 (200.150.130.121/4809) to inside:192.168.8.124/25 (65.248.218.238/25)
08-08-2004      12:16:01      Local4.Info      192.168.8.1      Aug 08 2004 10:08:02: %PIX-6-302014: Teardown TCP connection 209613 for outside:65.117.52.127/2189 to inside:192.168.8.124/25 duration 0:02:01 bytes 0 SYN Timeout
08-08-2004      12:15:57      Local4.Info      192.168.8.1      Aug 08 2004 10:07:58: %PIX-6-302013: Built inbound TCP connection 209637 for outside:64.151.87.28/53203 (64.151.87.28/53203) to inside:192.168.8.124/25 (65.248.218.238/25)
08-08-2004      12:15:54      Local4.Info      192.168.8.1      Aug 08 2004 10:07:55: %PIX-6-302014: Teardown TCP connection 209612 for outside:69.2.200.182/3949 to inside:192.168.8.124/25 duration 0:02:01 bytes 0 SYN Timeout
08-08-2004      12:15:50      Local4.Info      192.168.8.1      Aug 08 2004 10:07:50: %PIX-6-302013: Built inbound TCP connection 209636 for outside:203.101.85.97/56029 (203.101.85.97/56029) to inside:192.168.8.124/25 (65.248.218.238/25)
08-08-2004      12:15:43      Local4.Info      192.168.8.1      Aug 08 2004 10:07:43: %PIX-6-302013: Built inbound TCP connection 209635 for outside:64.151.87.184/34663 (64.151.87.184/34663) to inside:192.168.8.124/25 (65.248.218.238/25)
08-08-2004      12:15:41      Local4.Info      192.168.8.1      Aug 08 2004 10:07:41: %PIX-6-302014: Teardown TCP connection 209610 for outside:209.216.105.19/51914 to inside:192.168.8.124/25 duration 0:02:01 bytes 0 SYN Timeout
08-08-2004      12:15:41      Local4.Info      192.168.8.1      Aug 08 2004 10:07:41: %PIX-6-302014: Teardown TCP connection 209609 for outside:69.59.146.93/52418 to inside:192.168.8.124/25 duration 0:02:01 bytes 0 SYN Timeout
08-08-2004      12:15:37      Local4.Info      192.168.8.1      Aug 08 2004 10:07:38: %PIX-6-302013: Built inbound TCP connection 209634 for outside:220.190.95.49/4018 (220.190.95.49/4018) to inside:192.168.8.124/25 (65.248.218.238/25)
08-08-2004      12:15:37      Local4.Info      192.168.8.1      Aug 08 2004 10:07:37: %PIX-6-302013: Built inbound TCP connection 209633 for outside:64.28.85.64/44144 (64.28.85.64/44144) to inside:192.168.8.124/25 (65.248.218.238/25)
08-08-2004      12:15:29      Local4.Info      192.168.8.1      Aug 08 2004 10:07:30: %PIX-6-302013: Built inbound TCP connection 209632 for outside:66.109.19.174/47511 (66.109.19.174/47511) to inside:192.168.8.124/25 (65.248.218.238/25)
08-08-2004      12:15:27      Local4.Info      192.168.8.1      Aug 08 2004 10:07:27: %PIX-6-302013: Built inbound TCP connection 209631 for outside:64.160.119.198/4954 (64.160.119.198/4954) to inside:192.168.8.124/25 (65.248.218.238/25)
08-08-2004      12:15:26      Local4.Info      192.168.8.1      Aug 08 2004 10:07:26: %PIX-6-302013: Built inbound TCP connection 209630 for outside:209.216.105.24/45677 (209.216.105.24/45677) to inside:192.168.8.124/25 (65.248.218.238/25)

Here the thing... 192.168.8.124/25 is the old email server... I just rebuilt the domain from scratch and that server no longer exists.. where are the 192.168.8.124 messages coming from??? The email server now is 192.168.8.5.

Thanks

There has to be something in the PIX configuration somewhere that points to that IP address. It would explain why the SMTP traffic isn't working.

The PIX 501 has a factory default setting. Your configuration doesn't look too complex - I would consider resetting the PIX to factory default, then building the config up slowly - starting with SMTP entries.

Simon.

hmmm

I have went though the pix and posted the config... you can see nothing is referencing 192.168.8.124

Exactly. It is very odd. That is why I think resetting the PIX back to factory default might be a good place to start - clean.

I thought perhaps something else could be doing the reference to the other address - but those results are from the PIX - so that rules that one out.

Simon.

hmmm.. is there anyway to trick my current exchange server to think its 192.168.8.124.. keep in mind its a DC, so I canlt just change the IP.

You can add that IP address to the TCP/IP properties - that isn't a problem.
Just look at the Properties of TCP/IP on the network card, then Advanced. On the first screen click Add, then enter the IP address and subnet mask.

Make sure that you haven't locked the SMTP virtual server to one IP address (it should be set to all unassigned) and you are away.

Simon.

Yay!!! That worked!!!!

Your a life saver man!!

I really really wish I knew where the pix is getting that 192.168.8.124 though..

very very strange.

There is nothing in the PIX configuration about the 8.124 address. I suggest you make sure the configuration is saved "wri mem" and then reboot the PIX.

will do

Ok I did that and the 124 went away in the syslog!

I also removed that address from the server... weird.. I didn't know the PIX cached IPs like that!

Thanks again!