The problem that I need expert help on is (I think) SMTP mail delivery is not being sent using the expected route. Here is how this developed and why:
I have several Windows 2003 Servers (web edition, IIS 6) that host web sites at a data center. These servers sit behind a firewall which NATs external public IP addresses to the private internal LAN addresses. Web sites are assigned their own public IP which then NATs to a separate internal LAN IP. For any given server which hosts multiple web sites its NIC is multihomed (eg..multiple IPs are assigned to the NIC). The second NIC is disabled.
I have been using the Windows 2003 Server’s default SMTP server service to report problems with the web sites. But as my home ISP has tightened restrictions on their email systems some emails are not being delivered. The main reason is because the email’s originating IP did not match the domains MX record. So my requirement now is to get the SMTP server to originate the email properly and reconfigure the firewall to allow NAT to the SMTP server.
To setup a better email reporting system I am using one site as a test to make this work. I created a new SMTP virtual server in IIS and will eventually do so for each web site. This is because the SMTP virtual server is assigned the IP address that is also NATed to the public IP for the MX record. (It also allows separating email management on a web site basis.) In this case the public IP address for the MX record is the same as the web site. On the internal LAN the same IP is assigned to the web site as the SMTP Server. Creating this additional SMTP virtual servers forced the requirement to install DNS. (no active directory) The DNS is private and only has forward lookup zones.
Because DNS was required the necessary changes to the preferred DNS server entries on the NIC TCP/IP properties was made to point to the local DNS. The local DNS then uses the data centers DNS IPs for its forwarding DNS servers.
I have a test application that now sends a test email through the SMTP server and it is deposited into the queue folder of the SMTP’s target folders….and that is where it stays...forever.
Without going into detail about the firewall I can see that the SMTP server is trying to send out the email but the firewall is preventing it. This is not the problem but the firewall has become a convenient debug tool. It reveals that the SMTP server (or whatever the routing mechanism is) is trying to send out the email on IP address 10.10.10.10 which is the wrong IP address. The SMTP server is assigned to 10.10.10.11.
Now for the numbers:
NIC Card bindings:
Static IP: 10.10.10.10 (255.255.0.0)
Default Gateway: 10.10.10.1 (port on firewall)
Preferred DNS server: 10.10.10.10
Gateway: 10.10.10.1 (metric is automatic)
DNS tab: 10.10.10.10
SMTP Virtual Server Properties:
IP address: 10.10.10.11 (no other identities)
Listen on ‘All IP addresses’ which are all the ones assigned to the NIC card.
Forwarders has 2 IPs which are the data centers DNS servers.
Forward lookup zone:
mail.EnQue.com (A record, no MX record since this only handles SMTP requests) primary server d1750s1, no WINS
And finally here is the route print from the server:
IPv4 Route Table
. MS TCP Loopback interface
0x10004 ...00 0d 56 fe 84 e8 ...... Broadcom NetXtreme Gigabit Ethernet #2
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.10.10.1 10.10.10.10 10
10.10.0.0 255.255.0.0 10.10.10.10 10.10.10.10 10
10.10.10.10 255.255.255.255 127.0.0.1 127.0.0.1 10
10.10.10.11 255.255.255.255 127.0.0.1 127.0.0.1 10
10.10.10.12 255.255.255.255 127.0.0.1 127.0.0.1 10
10.10.10.13 255.255.255.255 127.0.0.1 127.0.0.1 10
10.10.10.14 255.255.255.255 127.0.0.1 127.0.0.1 10
10.10.10.15 255.255.255.255 127.0.0.1 127.0.0.1 10
10.10.10.16 255.255.255.255 127.0.0.1 127.0.0.1 10
10.10.10.17 255.255.255.255 127.0.0.1 127.0.0.1 10
10.10.10.18 255.255.255.255 127.0.0.1 127.0.0.1 10
10.10.10.19 255.255.255.255 127.0.0.1 127.0.0.1 10
10.10.10.20 255.255.255.255 127.0.0.1 127.0.0.1 10
10.10.10.21 255.255.255.255 127.0.0.1 127.0.0.1 10
10.10.10.22 255.255.255.255 127.0.0.1 127.0.0.1 10
10.10.10.23 255.255.255.255 127.0.0.1 127.0.0.1 10
10.10.10.24 255.255.255.255 127.0.0.1 127.0.0.1 10
10.10.10.25 255.255.255.255 127.0.0.1 127.0.0.1 10
10.255.255.255 255.255.255.255 10.10.10.10 10.10.10.10 10
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
22.214.171.124 240.0.0.0 10.10.10.10 10.10.10.10 10
255.255.255.255 255.255.255.255 10.10.10.10 10.10.10.10 1
Default Gateway: 10.10.10.1
To sum it up the public to private IP address NAT looks like this:
126.96.36.199 to 10.10.10.11 (for both A and MX records) – you can see this on www.dnsstuff.com
in the reverse DNS…eg a PTR record exists for mail.EnQue.com.
But the SMTP server (or routing mechanism) is trying to send out the email on IP address 10.10.10.10. This is what I see at the firewall…fortunately for diagnostics.
So how can I make this thing use the correct IP?
One caveat that I noticed in some MS docs is that the automatic metric generates routing information and to set up routing tables this has to be turned off…This is where I am in muddy waters….but I am not sure totally if I am even in the right swimming pool.