jack68000
asked on
Exchange 2003 could only receive some external mail
Hi,
My new platform is E2k3 + ISA2000 (also is a DC) and is configured as edge firewall.
I have no problem to receive internal mail, but only SOME EXTERNAL mail can be arrived.
The system seems ok when I send test mail from ZoneEdit but fail to gmail or yahoo.
Can someone tell me what is going wrong? My regular email account is pb.jack@powerbase.com.tw
Thanks advence.
My new platform is E2k3 + ISA2000 (also is a DC) and is configured as edge firewall.
I have no problem to receive internal mail, but only SOME EXTERNAL mail can be arrived.
The system seems ok when I send test mail from ZoneEdit but fail to gmail or yahoo.
Can someone tell me what is going wrong? My regular email account is pb.jack@powerbase.com.tw
Thanks advence.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Your name servers aren't responding to the Internet.
http://www.dnsreport.com/tools/dnsreport.ch?domain=powerbase.com.tw
From what you have written above and what the DNS Report shows, I think your DNS configuration is screwed up.
You have lots of entries for nameservers, all pointing at the same server. That isn't right.
Second, you shouldn't be using your internal DNS servers for external DNS services. An AD integrated DNS should not be exposed to the internet.
Presumably you have an ISP or domain name registrar who looks after your domain. If you do, reset everything back to their defaults, using their name servers.
Then ask them (or do it on their web interface) to add new entries in the DNS records for your domain.
As a bare minimum you will need type A www pointing at your web site. Type A mail pointing to your Exchange server, and MX records of mail.powerbase.com.tw with a value of 5.
Make sure that port 25 is open on your firewall.
Then wait for the DNS to propagate.
Simon.
http://www.dnsreport.com/tools/dnsreport.ch?domain=powerbase.com.tw
From what you have written above and what the DNS Report shows, I think your DNS configuration is screwed up.
You have lots of entries for nameservers, all pointing at the same server. That isn't right.
Second, you shouldn't be using your internal DNS servers for external DNS services. An AD integrated DNS should not be exposed to the internet.
Presumably you have an ISP or domain name registrar who looks after your domain. If you do, reset everything back to their defaults, using their name servers.
Then ask them (or do it on their web interface) to add new entries in the DNS records for your domain.
As a bare minimum you will need type A www pointing at your web site. Type A mail pointing to your Exchange server, and MX records of mail.powerbase.com.tw with a value of 5.
Make sure that port 25 is open on your firewall.
Then wait for the DNS to propagate.
Simon.
ASKER
It seems like my problem is the configure of DNS, a test mail from ZoneEdit can reach me, however, it is using IP address.
Which make me believe my port 25 and MX is ok, Exchange is ok too because test mail can reach pb.jack@powerbase.com.tw.
Which make me believe my port 25 and MX is ok, Exchange is ok too because test mail can reach pb.jack@powerbase.com.tw.
Port 25 will be fine if the email is being sent to an IP address.
The MX record will not be fine if the DNS is not configured correctly as the MX record needs to lookup the host. Click on the link that I included above, that will show you the problem.
Simon.
The MX record will not be fine if the DNS is not configured correctly as the MX record needs to lookup the host. Click on the link that I included above, that will show you the problem.
Simon.
ASKER
Hi,
My ISP is Hinet, and I register my domain in TWNIC who only provide DNS and Host mode services. I adopt DNS mode which as my understanding is using my own DNS, my ISP will provide my DNS IP to the user who want rnter my web or send mail to me. TWNIC only gave me 5 row to fill out my host name and IP. according their web sample, I shall enter 2 DNS name and location in DNS mode, or assign www and mail server in host mode (also have 5 row there, each row can assign name and IP) , I don't see any where can put MX value and record.
Shall I using DNS mode or host mode in such condition? I can send their screen capture for your reference.
I delete all other register and only left www.powerbase.com.tw and master2.powerbase.com.tw
I also made the following change:
A. Change the DNS in External NIC to 168.95.1.1 which is my ISP's DNS
B. Left only two A record (www and master2) in powerbase.com.tw
Am I doing it right ?
My ISP is Hinet, and I register my domain in TWNIC who only provide DNS and Host mode services. I adopt DNS mode which as my understanding is using my own DNS, my ISP will provide my DNS IP to the user who want rnter my web or send mail to me. TWNIC only gave me 5 row to fill out my host name and IP. according their web sample, I shall enter 2 DNS name and location in DNS mode, or assign www and mail server in host mode (also have 5 row there, each row can assign name and IP) , I don't see any where can put MX value and record.
Shall I using DNS mode or host mode in such condition? I can send their screen capture for your reference.
I delete all other register and only left www.powerbase.com.tw and master2.powerbase.com.tw
I also made the following change:
A. Change the DNS in External NIC to 168.95.1.1 which is my ISP's DNS
B. Left only two A record (www and master2) in powerbase.com.tw
Am I doing it right ?
ASKER
Yes, I went DnsReport before I ask help, I know it is a problem but doesn't know how to fix them.
ASKER
Simon,
The new DNS setting is done, I can see it from DnsReport, however, it still doesn't see the MX.
Jack
The new DNS setting is done, I can see it from DnsReport, however, it still doesn't see the MX.
Jack
I am still seeing failure messages on your domain.
What is the IP address "211.22.74.10"? Is that your own IP address or the address of the ISPs DNS servers?
Simon.
What is the IP address "211.22.74.10"? Is that your own IP address or the address of the ISPs DNS servers?
Simon.
ASKER
The problem is TWNIC only support A record in Host mode and ask me using DNS mode if I have Exchange.
Which mean I need setup my own DNS accordingly.
Which mean I need setup my own DNS accordingly.
ASKER
211.22.74.10 is my own IP
ASKER
I resolved it by publish DNS query rule in ISA2000, the mail come in now, thanks.
You were blocking DNS packets, which is what I thought might be the case.
However you still should not be using the same DNS server for external requests as active directory. This is a large security hole which exposes a lot of information that you don't want in public.
Simon.
However you still should not be using the same DNS server for external requests as active directory. This is a large security hole which exposes a lot of information that you don't want in public.
Simon.
ASKER
Simon,
I know this is not a good approach, however, my problem is there are tons indivual paper for ISA; Exchange; DNS and Server but all I need is a workable total solution and sample. I believe you can selling lots if you can publish a cookbook for some common scenario.
I try to using two box to setup exchange+DC+Internal DNS and a separate firewall for many times but was stuck setup of exchange to receive internet mail when the domain internal and external domain name is different.
Thanks
Jack
I know this is not a good approach, however, my problem is there are tons indivual paper for ISA; Exchange; DNS and Server but all I need is a workable total solution and sample. I believe you can selling lots if you can publish a cookbook for some common scenario.
I try to using two box to setup exchange+DC+Internal DNS and a separate firewall for many times but was stuck setup of exchange to receive internet mail when the domain internal and external domain name is different.
Thanks
Jack
Getting Exchange to receive external email when the internal domain is different is very easy - probably the second most common scenario for Exchange deployments.
The bottom line is no matter what scenario you are using you should not be allowing external traffic to see an active directory DNS domain. Simply spin the DNS out to an external party (your ISP or web host) and then point the required DNS entries to your external IP address. Then make the required changes to the firewall to allow the traffic to come in. Finally if you want to use the same domain name internally then create an internal zone for the external name and populate it with the correct IP addresses - which will be a mix of internal and external IPs.
Simon.
The bottom line is no matter what scenario you are using you should not be allowing external traffic to see an active directory DNS domain. Simply spin the DNS out to an external party (your ISP or web host) and then point the required DNS entries to your external IP address. Then make the required changes to the firewall to allow the traffic to come in. Finally if you want to use the same domain name internally then create an internal zone for the external name and populate it with the correct IP addresses - which will be a mix of internal and external IPs.
Simon.
ASKER
Simon,
The problem is our ISP doesn't provide MX record.
I can publish my DNS by follow Thomas W Shinder's paper, however, can u instruct me the following puzzle so that I may build my first Exchange?
1. FrontEnd: Running ISA and DNS now, its setup is:
Ext NIC: 211.22.74.10
Int NIC: 192.168.1.1
DNS: (Intend to be External DNS)
Zone powerbase.com.tw
NS: 211.22.74.10
A Record: DNS (211.22.74.10)
MX: 211.22.74.10
Listen address: Only 192.168.1.1
Forward and Recursive: disable.
ISA2k:
Published rule: DNS Query Server, DNS Zone Transfer
Publish mail rule by wizard: SMTP, POP,IMAP4 etc.
2. DC+Exchange
192.168.1.2
DNS: (Intend to be internal DNS)
Zone: powerbase.com.tw (can be forward to any server)
NS: 192.168.1.2
A record: 192.168.1.2, 211.22.74.10
MX: 192.168.1.2
Listen: 192.168.1.2
Forward: 168.95.1.1 (ISP)
Exchange:
Receipt policy SMTP: @powerbase.com.tw
I really appreciate ur time and efforts, I would close and accept ur answer next time.
Thanks
Jack
The problem is our ISP doesn't provide MX record.
I can publish my DNS by follow Thomas W Shinder's paper, however, can u instruct me the following puzzle so that I may build my first Exchange?
1. FrontEnd: Running ISA and DNS now, its setup is:
Ext NIC: 211.22.74.10
Int NIC: 192.168.1.1
DNS: (Intend to be External DNS)
Zone powerbase.com.tw
NS: 211.22.74.10
A Record: DNS (211.22.74.10)
MX: 211.22.74.10
Listen address: Only 192.168.1.1
Forward and Recursive: disable.
ISA2k:
Published rule: DNS Query Server, DNS Zone Transfer
Publish mail rule by wizard: SMTP, POP,IMAP4 etc.
2. DC+Exchange
192.168.1.2
DNS: (Intend to be internal DNS)
Zone: powerbase.com.tw (can be forward to any server)
NS: 192.168.1.2
A record: 192.168.1.2, 211.22.74.10
MX: 192.168.1.2
Listen: 192.168.1.2
Forward: 168.95.1.1 (ISP)
Exchange:
Receipt policy SMTP: @powerbase.com.tw
I really appreciate ur time and efforts, I would close and accept ur answer next time.
Thanks
Jack
ASKER
Simon,
This layout can't receive external mail, they're stuck in cache.
Would be appreciate if u can point out where I doesn't doing right.
Jack
This layout can't receive external mail, they're stuck in cache.
Would be appreciate if u can point out where I doesn't doing right.
Jack
ASKER
Simon,
Feel frustrated to my first mail server, now it receivd but fail on send to internet.
1. Can you direct me how to setup a split DNS with two box?
2. One is ISA and the other is Exchange+DC
3. DNS shall also publish to public due ti our ISP dosn't have MX.
4. Setup Exchange so it can send/receive mail internal/external with domain name powerbase.com.tw
Shall I rise the point or create another board?
Thank advance.
Jack
Feel frustrated to my first mail server, now it receivd but fail on send to internet.
1. Can you direct me how to setup a split DNS with two box?
2. One is ISA and the other is Exchange+DC
3. DNS shall also publish to public due ti our ISP dosn't have MX.
4. Setup Exchange so it can send/receive mail internal/external with domain name powerbase.com.tw
Shall I rise the point or create another board?
Thank advance.
Jack
ASKER
Simon,
I'm new here so have a little misunderstanding in 'Point', I though I had to pay extra beside the month fee.
Since the question is getting longer and have a little change, so I just create another board and end this one.
many thanks
Jack
I'm new here so have a little misunderstanding in 'Point', I though I had to pay extra beside the month fee.
Since the question is getting longer and have a little change, so I just create another board and end this one.
many thanks
Jack
ASKER
It is a new site + a newbie. ^_^
Setup in ISP: DNS mode, www.powerbase.com.tw, master2.powerbase.com.tw --> 211.22.74.10
Layout of Network:
ADSL dumb router 211.22.74.10
Dual homed host:
ISA2k + DC (2003) + Exchange2003 + DNS --> Domain Name=powerbase.local
External NIC: 211.22.74.10, Gateway 192.168.1.1, DNS 211.22.74.10
Internal NIC: 192.168.1.1, no gateway assigbbed, DNS 192.168.1.1
DNS:
powerbase.local:
(A) Master2 211.22.74.10 (A) Master2 192.168.1.1 (NS) =(SOA)= Master2.powerbase.local
powerbase.com.tw:
(A) Master2 211.22.74.10 (A) www 211.22.74.10, (A) DNS 211.22.74.10, (MX) powerbase.com.tw,
(NS)=(SOA)= master2.powerbase.local
Exchange:
Global: powerbase.com.tw *, default *
Receive Policy: default (SMTP: powerbase.com.tw, smtp: powerbase.local)
SMTP Protocal:
default Virtual: 192.168.1.1
powerbase Virtual: 211.22.74.10