?
Solved

SMTP mail delivery not sent using expected IP

Posted on 2006-05-03
5
Medium Priority
?
751 Views
Last Modified: 2012-08-13
The problem that I need expert help on is (I think) SMTP mail delivery is not being sent using the expected route. Here is how this developed and why:

I have several Windows 2003 Servers (web edition, IIS 6) that host web sites at a data center. These servers sit behind a firewall which NATs external public IP addresses to the private internal LAN addresses. Web sites are assigned their own public IP which then NATs to a separate internal LAN IP. For any given server which hosts multiple web sites its NIC is multihomed (eg..multiple IPs are assigned to the NIC). The second NIC is disabled.

I have been using the Windows 2003 Server’s default SMTP server service to report problems with the web sites. But as my home ISP has tightened restrictions on their email systems some emails are not being delivered. The main reason is because the email’s originating IP did not match the domains MX record. So my requirement now is to get the SMTP server to originate the email properly and reconfigure the firewall to allow NAT to the SMTP server.

To setup a better email reporting system I am using one site as a test to make this work. I created a new SMTP virtual server in IIS and will eventually do so for each web site. This is because the SMTP virtual server is assigned the IP address that is also NATed to the public IP for the MX record. (It also allows separating email management on a web site basis.) In this case the public IP address for the MX record is the same as the web site. On the internal LAN the same IP is assigned to the web site as the SMTP Server. Creating this additional SMTP virtual servers forced the requirement to install DNS. (no active directory) The DNS is private and only has forward lookup zones.

Because DNS was required the necessary changes to the preferred DNS server entries on the NIC TCP/IP properties was made to point to the local DNS. The local DNS then uses the data centers DNS IPs for its forwarding DNS servers.

I have a test application that now sends a test email through the SMTP server and it is deposited into the queue folder of the SMTP’s target folders….and that is where it stays...forever.

Without going into detail about the firewall I can see that the SMTP server is trying to send out the email but the firewall is preventing it. This is not the problem but the firewall has become a convenient debug tool. It reveals that the SMTP server (or whatever the routing mechanism is) is trying to send out the email on IP address 10.10.10.10 which is the wrong IP address. The SMTP server is assigned to 10.10.10.11.

Now for the numbers:

NIC Card bindings:
   Static IP: 10.10.10.10  (255.255.0.0)
   Default Gateway:  10.10.10.1   (port on firewall)
   Preferred DNS server: 10.10.10.10

   Advanced button:
   IP addresses:
   10.10.10.10  (255.255.0.0)
   10.10.10.11  (255.255.0.0)
   10.10.10.12  (255.255.0.0)
   …
   10.10.10.25  (255.255.0.0)

   Gateway:  10.10.10.1  (metric is automatic)

   DNS tab: 10.10.10.10

SMTP Virtual Server Properties:
  IP address:  10.10.10.11  (no other identities)
  FQDN:  mail.EnQue.com
   
DNS Properties:
   Listen on ‘All IP addresses’ which are all the ones assigned to the NIC card.
   Forwarders has 2 IPs which are the data centers DNS servers.

   Forward lookup zone:
      mail.EnQue.com  (A record, no MX record since this only handles SMTP requests)    primary server d1750s1, no WINS


hosts file:
127.0.0.1      d1750s1


And finally here is the route print from the server:


IPv4 Route Table
===============================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10004 ...00 0d 56 fe 84 e8 ...... Broadcom NetXtreme Gigabit Ethernet #2
===============================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0       10.10.10.1      10.10.10.10     10
        10.10.0.0      255.255.0.0      10.10.10.10      10.10.10.10     10
      10.10.10.10  255.255.255.255        127.0.0.1        127.0.0.1     10
      10.10.10.11  255.255.255.255        127.0.0.1        127.0.0.1     10
      10.10.10.12  255.255.255.255        127.0.0.1        127.0.0.1     10
      10.10.10.13  255.255.255.255        127.0.0.1        127.0.0.1     10
      10.10.10.14  255.255.255.255        127.0.0.1        127.0.0.1     10
      10.10.10.15  255.255.255.255        127.0.0.1        127.0.0.1     10
      10.10.10.16  255.255.255.255        127.0.0.1        127.0.0.1     10
      10.10.10.17  255.255.255.255        127.0.0.1        127.0.0.1     10
      10.10.10.18  255.255.255.255        127.0.0.1        127.0.0.1     10
      10.10.10.19  255.255.255.255        127.0.0.1        127.0.0.1     10
      10.10.10.20  255.255.255.255        127.0.0.1        127.0.0.1     10
      10.10.10.21  255.255.255.255        127.0.0.1        127.0.0.1     10
      10.10.10.22  255.255.255.255        127.0.0.1        127.0.0.1     10
      10.10.10.23  255.255.255.255        127.0.0.1        127.0.0.1     10
      10.10.10.24  255.255.255.255        127.0.0.1        127.0.0.1     10
      10.10.10.25  255.255.255.255        127.0.0.1        127.0.0.1     10
   10.255.255.255  255.255.255.255      10.10.10.10      10.10.10.10     10
        127.0.0.0        255.0.0.0        127.0.0.1        127.0.0.1      1
        224.0.0.0        240.0.0.0      10.10.10.10      10.10.10.10     10
  255.255.255.255  255.255.255.255      10.10.10.10      10.10.10.10      1
Default Gateway:        10.10.10.1
===============================================================
Persistent Routes:
  None



To sum it up the public to private IP address NAT looks like this:

66.129.70.11  to 10.10.10.11   (for both A and MX records) – you can see this on www.dnsstuff.com in the reverse DNS…eg a PTR record exists for mail.EnQue.com.

But the SMTP server (or routing mechanism) is trying to send out the email on IP address 10.10.10.10. This is what I see at the firewall…fortunately for diagnostics.

So how can I make this thing use the correct IP?

One caveat that I noticed in some MS docs is that the automatic metric generates routing information and to set up routing tables this has to be turned off…This is where I am in muddy waters….but I am not sure totally if I am even in the right swimming pool.

Thanks experts…

0
Comment
Question by:GDorazio
  • 2
4 Comments
 
LVL 7

Expert Comment

by:aseusainc
ID: 16594934
As far as I can tell by your numbers, your SMTP should in fact be delivering out to the gateway from 10.10.10.11.  Dumb question, I know, but have you stopped/restarted the SMTP service after changing it's IP address in IIS?

Maybe to be totally sure that you are bound to the correct IP, you could use the IIS Metabase Explorer
http://www.microsoft.com/downloads/details.aspx?FamilyID=56fc92ee-a71a-4c73-b628-ade629c89499&DisplayLang=en
0
 

Author Comment

by:GDorazio
ID: 16597938
Yes, I have been turning it off and on almost every time I run a test in order to delete the email that won’t deliver…otherwise it says the file is in use. Also, I have restarted IIS a number of times much to my chagrin since there are live sites running on this server.

Thanks for the IIS 6.0 toolkit tip. I downloaded it and looked at the IIS metabase. It shows both SMTP servers information under the SmtpSvc node. Here is some information from each of the SMTP servers. (server 2 is the one in question)

Server 1 (Default SMTP Virtual Server)

ServerBindings 10.10.10.10:25:,10.10.10.22:25:,10.10.10.20:25:,10.10.10.14:25:,10.10.10.25:25:,10.10.10.21:25:,10.10.10.15:25:,10.10.10.19:25:

FullyQualifiedDomainName   D1750S1


…Directory    C:\Inetpub\mailroot\...



Server 2 (EnQueSMTPServer)

ServerBindings
10.10.10.11:25:

FullyQualifiedDomainName   mail.EnQue.com


…Directory    D:\Mailroot\EnQueCom\...


Is there any other info from the metabase that I should look at? Also, I have the Windows Server 2003 Resource Kit Tools installed on that server so we can use any of the tools from that kit also.

Thanks,
Gery
0
 

Author Comment

by:GDorazio
ID: 16612183
Further analysis of this situation and reviewing MS documentation concerning routing has revealed that what I was expecting to happen in this situation will not happen. That is, when a second SMTP Virtual Server is created and assigned an IP address from a logically multi-homed computer (meaning multiple IPs on the same NIC) it will only respond for outbound traffic on the routed IP address of the NIC card and not the logical IP address assigned to it. The routed IP address of the NIC card is shown in the Gateway and Interface for the subnet in the route table above.

On incoming traffic the assigned IP address is used because there is a routing mechanism is operation, namely the network routers are sending the inbound traffic...and the traffic is properly routed to the service assigned to receive the data at that IP address. For outbound traffic originating from the server it pics up the default gateway of the NIC card and by rules interpreting the routing table uses the interface IP to route outbound traffic. This is the 10.10.10.10 IP address and not the one assigned to the second SMTP server even though that server is initiating the outbound traffic.

In Windows the route table is generated automatically if under the 'Advanced' settings for TCP/IP configuration of the NIC the 'Automatic Metric' is selected. If one were a network designer and were to configure their own routing table to try and make this work the 'Automatic Metric' would be deselected and something like the 'route' command line utility would be used to create a manual route table. I looked at this process but stopped there. Following the routing in the table above and trying to modify it to solve this problem appears to cause a circular routing problem. Outgoing traffic would appear to reroute back in...but I am not totally sure of this logic especially when considering socket pooling.

At this point the decision is no longer a technical one. If in fact a manual routing table is even possible it becomes another item to administer for each server and for each web site deployed on that server. The clean solution appears to be installing a local mail server which also acts as a smart host for the servers in the LAN. Then configure the default SMTP service to use that smart host to send emails.


0
 

Accepted Solution

by:
GranMod earned 0 total points
ID: 16646481
Closed, 500 points refunded.
GranMod
The Experts Exchange
Community Support Moderator of all Ages
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Learn how to PXE Boot both BIOS & UEFI machines with DHCP Policies and Custom Vendor Classes
This month, Experts Exchange’s free Course of the Month is focused on CompTIA IT Fundamentals.
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question