?
Solved

Reverse Lookup

Posted on 2006-05-23
12
Medium Priority
?
426 Views
Last Modified: 2008-01-09
Hi,

I have a question.  We have the Symantec SMTP Gateway to filter spam and scan incoming/outgoing messages.  Since we installed the new Gateway, we are unable to send messages to a few of our major clients with server too busy error.  We contacted Symantec and they say there is nothing wrong with their software and that the other side is busy.  We tried having Exchange sending messages directly to the Internet and that resolved the issue.  The problem we have now is for SMTP Servers that do reverse lookup our messages is not coming from the IP that is in the MX record therefore reject the messages.  The MX record is pointing to the Symantec Gateway.

My question is if I add an additional MX record and give it a higher priority, will the SMTP Servers that do reverse lookup allow the messages pass?  I want to keep incoming messages going to the Symantec Gateway for filtering but want outgoing messages to go directly from Exchange.

Please provide links or examples showing that when the SMTP Servers do a reverse lookup it will look at all MX records entries.

Thanks,

Ryan
0
Comment
Question by:ryandao
  • 5
  • 2
  • 2
  • +1
10 Comments
 
LVL 57

Expert Comment

by:Pete Long
ID: 16744868
Whats the Symantec Gateway? an SGS 5000, 4000 or 1600?

You dont say much about your mail setup?  why not have your MX record point the the outside interface of the symantec and then port forward all port 25 taffic to the Exchange box?

Thats how I set them up :)
0
 

Author Comment

by:ryandao
ID: 16744964
We don't have the SGS firewall series from Symantec.  We have Symantec Mail Security for SMTP which is software based and sits on a Win2K Server box, sorry I wasn't clear earlier.

We do not have any issue with incoming messages.  Our current MX record does point to the the Symantec box and the Symantec box forward messages to our Exchange box.  The problem is outgoing.  Messages going out of the Symantec box are not getting to a few of our clients while sending directly out from the Exchange Internet Connectors works fine.

Since messages are not going out from the Symantec box it doesn't match the IP on our MX record so some servers are rejecting our messages.  I want to add a second MX record with the NAT IP of our Exchange box with a higher priority than the MX record of the NAT IP of the Symantec box.  That way messages are still being deliver to the Symantec box but the question is will that resolve the reserve lookup issue?

Hope that is clear...Thx.
0
 
LVL 5

Expert Comment

by:mickinoz2005
ID: 16747043
Do you have a firewall in front of the Symantec Box?

What way is the symantec box configured has it two nics or is in a DMZ.

If you had a firewall you could just direct all incoming smtp traffic to the symantec box then forward it to the exchange - then outgoing just set your exchange default gateway to be your firewall that way by passing the symantec box completely as NAT would be enabled on your firewall box incoming and outgoing would be on the same WAN Ip which would be your main mx so a reverse lookup would succeed.

Michael
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 

Author Comment

by:ryandao
ID: 16747253
Unfortunately our FW can not be reached for a few weeks and we don't have support do modifying our FW is not an option.
0
 

Author Comment

by:ryandao
ID: 16747261
Can't type today...what I mean was...
Unfortunately our FW guy can't be reached for a few weeks and we don't have support so modifying the FW is not an option.
0
 
LVL 5

Expert Comment

by:mickinoz2005
ID: 16747362
ok so what is your current config - is your symantec box in a dmz or is it on the WAN / LAN

0
 
LVL 104

Expert Comment

by:Sembee
ID: 16747367
The reverse lookup is done on the IP address, not the MX record. If you have multiple IP addresses then you will need to speak to your ISP to get them to configure a reverse lookup on the address that the Symantec product is using. You should also use a machine outside the network and telnet in to port 25 and see what the server is announcing itself as. It should be the same as the reverse lookup.

Simon.
0
 

Author Comment

by:ryandao
ID: 16747403
MIchael...I just need to know if adding a second MX record with a higher preference number will resolve the reverse lookup issue.  Thanks.
0
 
LVL 104

Accepted Solution

by:
Sembee earned 2000 total points
ID: 16747412
It has nothing to do with your MX records.
It is the reverse DNS on your IP address. I have clients whose inbound email comes in via a filtering service, and to get their email delivered correctly, I setup a reverse DNS on the IP address that the email comes out on, and all was well.

Simon.
0
 

Author Comment

by:ryandao
ID: 16747519
Damn that is too easy...didn't think of modifying reverse DNS to have the Exchnage IP instead of the Symantec gateway IP.  Will try that.

Thx.
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to effectively resolve the number one email related issue received by helpdesks.
There can be many situations demanding the conversion of Outlook OST files to PST format and as such, there is no shortage of automated tools to perform this conversion. However, what makes Stellar OST to PST converter stand above the rest? Let us e…
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
how to add IIS SMTP to handle application/Scanner relays into office 365.
Suggested Courses

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question