SMTP mail delivery not sent using expected IP

Posted on 2006-05-03
Last Modified: 2012-08-13
The problem that I need expert help on is (I think) SMTP mail delivery is not being sent using the expected route. Here is how this developed and why:

I have several Windows 2003 Servers (web edition, IIS 6) that host web sites at a data center. These servers sit behind a firewall which NATs external public IP addresses to the private internal LAN addresses. Web sites are assigned their own public IP which then NATs to a separate internal LAN IP. For any given server which hosts multiple web sites its NIC is multihomed (eg..multiple IPs are assigned to the NIC). The second NIC is disabled.

I have been using the Windows 2003 Server’s default SMTP server service to report problems with the web sites. But as my home ISP has tightened restrictions on their email systems some emails are not being delivered. The main reason is because the email’s originating IP did not match the domains MX record. So my requirement now is to get the SMTP server to originate the email properly and reconfigure the firewall to allow NAT to the SMTP server.

To setup a better email reporting system I am using one site as a test to make this work. I created a new SMTP virtual server in IIS and will eventually do so for each web site. This is because the SMTP virtual server is assigned the IP address that is also NATed to the public IP for the MX record. (It also allows separating email management on a web site basis.) In this case the public IP address for the MX record is the same as the web site. On the internal LAN the same IP is assigned to the web site as the SMTP Server. Creating this additional SMTP virtual servers forced the requirement to install DNS. (no active directory) The DNS is private and only has forward lookup zones.

Because DNS was required the necessary changes to the preferred DNS server entries on the NIC TCP/IP properties was made to point to the local DNS. The local DNS then uses the data centers DNS IPs for its forwarding DNS servers.

I have a test application that now sends a test email through the SMTP server and it is deposited into the queue folder of the SMTP’s target folders….and that is where it stays...forever.

Without going into detail about the firewall I can see that the SMTP server is trying to send out the email but the firewall is preventing it. This is not the problem but the firewall has become a convenient debug tool. It reveals that the SMTP server (or whatever the routing mechanism is) is trying to send out the email on IP address which is the wrong IP address. The SMTP server is assigned to

Now for the numbers:

NIC Card bindings:
   Static IP:  (
   Default Gateway:   (port on firewall)
   Preferred DNS server:

   Advanced button:
   IP addresses:  (  (  (
   …  (

   Gateway:  (metric is automatic)

   DNS tab:

SMTP Virtual Server Properties:
  IP address:  (no other identities)
DNS Properties:
   Listen on ‘All IP addresses’ which are all the ones assigned to the NIC card.
   Forwarders has 2 IPs which are the data centers DNS servers.

   Forward lookup zone:  (A record, no MX record since this only handles SMTP requests)    primary server d1750s1, no WINS

hosts file:      d1750s1

And finally here is the route print from the server:

IPv4 Route Table
Interface List
0x1 ........................... MS TCP Loopback interface
0x10004 ...00 0d 56 fe 84 e8 ...... Broadcom NetXtreme Gigabit Ethernet #2
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
     10     10     10     10     10     10     10     10     10     10     10     10     10     10     10     10     10     10     10      1     10      1
Default Gateway:
Persistent Routes:

To sum it up the public to private IP address NAT looks like this:  to   (for both A and MX records) – you can see this on in the reverse DNS…eg a PTR record exists for

But the SMTP server (or routing mechanism) is trying to send out the email on IP address This is what I see at the firewall…fortunately for diagnostics.

So how can I make this thing use the correct IP?

One caveat that I noticed in some MS docs is that the automatic metric generates routing information and to set up routing tables this has to be turned off…This is where I am in muddy waters….but I am not sure totally if I am even in the right swimming pool.

Thanks experts…

Question by:GDorazio
    LVL 7

    Expert Comment

    As far as I can tell by your numbers, your SMTP should in fact be delivering out to the gateway from  Dumb question, I know, but have you stopped/restarted the SMTP service after changing it's IP address in IIS?

    Maybe to be totally sure that you are bound to the correct IP, you could use the IIS Metabase Explorer

    Author Comment

    Yes, I have been turning it off and on almost every time I run a test in order to delete the email that won’t deliver…otherwise it says the file is in use. Also, I have restarted IIS a number of times much to my chagrin since there are live sites running on this server.

    Thanks for the IIS 6.0 toolkit tip. I downloaded it and looked at the IIS metabase. It shows both SMTP servers information under the SmtpSvc node. Here is some information from each of the SMTP servers. (server 2 is the one in question)

    Server 1 (Default SMTP Virtual Server)


    FullyQualifiedDomainName   D1750S1

    …Directory    C:\Inetpub\mailroot\...

    Server 2 (EnQueSMTPServer)



    …Directory    D:\Mailroot\EnQueCom\...

    Is there any other info from the metabase that I should look at? Also, I have the Windows Server 2003 Resource Kit Tools installed on that server so we can use any of the tools from that kit also.


    Author Comment

    Further analysis of this situation and reviewing MS documentation concerning routing has revealed that what I was expecting to happen in this situation will not happen. That is, when a second SMTP Virtual Server is created and assigned an IP address from a logically multi-homed computer (meaning multiple IPs on the same NIC) it will only respond for outbound traffic on the routed IP address of the NIC card and not the logical IP address assigned to it. The routed IP address of the NIC card is shown in the Gateway and Interface for the subnet in the route table above.

    On incoming traffic the assigned IP address is used because there is a routing mechanism is operation, namely the network routers are sending the inbound traffic...and the traffic is properly routed to the service assigned to receive the data at that IP address. For outbound traffic originating from the server it pics up the default gateway of the NIC card and by rules interpreting the routing table uses the interface IP to route outbound traffic. This is the IP address and not the one assigned to the second SMTP server even though that server is initiating the outbound traffic.

    In Windows the route table is generated automatically if under the 'Advanced' settings for TCP/IP configuration of the NIC the 'Automatic Metric' is selected. If one were a network designer and were to configure their own routing table to try and make this work the 'Automatic Metric' would be deselected and something like the 'route' command line utility would be used to create a manual route table. I looked at this process but stopped there. Following the routing in the table above and trying to modify it to solve this problem appears to cause a circular routing problem. Outgoing traffic would appear to reroute back in...but I am not totally sure of this logic especially when considering socket pooling.

    At this point the decision is no longer a technical one. If in fact a manual routing table is even possible it becomes another item to administer for each server and for each web site deployed on that server. The clean solution appears to be installing a local mail server which also acts as a smart host for the servers in the LAN. Then configure the default SMTP service to use that smart host to send emails.


    Accepted Solution

    Closed, 500 points refunded.
    The Experts Exchange
    Community Support Moderator of all Ages

    Featured Post

    Why You Should Analyze Threat Actor TTPs

    After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

    Join & Write a Comment

    Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
    If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    755 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now