Link to home
Start Free TrialLog in
Avatar of thomaslongas
thomaslongas

asked on

Exchange 2003 cannot send to external recipients with failover ISP

Current network setup (public services):
ISP1----
ISP2---- ]----Sonicwall TZ170----[ Exchange 2003 Server, HTTP Server (IIS) /FTP

-Sonicwall TZ170 is setup in failover mode.  ISP1 is primary WAN and ISP2 is OPT WAN.
-NAT Rules in place for each ISP (DNS aside, all services available via IP)

When ISP1 is connected (original ISP before failover setup), Everything works fine.

When ISP1 goes down (or is unplugged), web/ftp server is available, Exchange OWA works fine.  Exchange SMTP to external recipients fails.  You can send mail to internal addresses, but external mail doesn't go and the queue fills up.

All other clients and servers on the network can access the internet when failover occurs and ISP2 is primary with the exception of Exchange.  The Exchange server cannot access the web, ping external addresses, etc...

When the primary ISP1 comes back up, internet works fine on Exchange, OWA works, but some Exchange servers crash.

I'm stumped... all responses appreciated....
Avatar of LeeDerbyshire
LeeDerbyshire
Flag of United Kingdom of Great Britain and Northern Ireland image

Do you have ISP1 configured as a smarthost?  You will probably not be allowed to relay throught them when you are connected to ISP2.
Avatar of thomaslongas
thomaslongas

ASKER

Under Exchange SMTP Advanced Delivery, I do not have a smarthost configured.

FQDN is set and TCP/IP settings for the DNS is set to our primary domain controller.
Do you have any SMTP connectors?  It is also possible to add a smarthost there.

I think it would be a good idea to try a telnet test on port 25 to an external mail server (when connected to ISP2).  It will be instructive to see if, and at what point, it fails.  Choose an external address, find the SMTP server for its domain, and try to send an email with:

telnet servername 25
helo
mail from: your.address@domain.com
rcpt to: test.address@otherdomain.com
data
hello
.
quit

see if the message gets delivered.
The Exchange server used to filter mail through an another server that  did all spam processing.  There was a smarthost configured in SMTP settings.

Is there anywhere else this could be configured... right now mail is sent directly from Exchange through ISP1 and we have no issues...

Actually... I take that back... we do have trouble sending to Earthlink accounts, but that may or may not be related...
No SMTP connectors.  I cannot test the failover right now, but I can tell you that I cannot ping/telnet any external addresses (time out).  The names are not resolving.  I can only ping/telnet internal IPs...

I can however ping/telnet from other servers on the network no problem...

The interesting thing about this is the problem occurs when I enable the NAT from ISP2 xxx.xxx.xxx.xxx:25 (external) to xxx.xxx.xxx.xxx:25 (internal).  I don't even have to disable the primary ISP and mail just stops flowing...

I don't understand that at all...
As far as I am aware, you can only configure a smarthost on the Virtual Server, or on an SMTP Connector.

The only other thing I can think of is that you may have the server's TCP/IP properties configured with the DNS servers at ISP1.  When connected to ISP2, you may not have access to them.

Of course, the fact that you probably have a different Public IP address when connected to ISP2 could be very relevant, but I daresay you've allowed for this.
As far as I'm aware it is DNS not smarthost.

TCP/IP properties DNS is set to my internal DNS server (domain controller).  I have even tried putting ISP2 DNS server address in as secondary.

It is a different public IP address at the gateway, but I have allowed for this in the NAT rules.

Like I said, as soon as I enable the NAT rule for ISP2, it kills Exchange server's ability to connect to anything externally, doesn't matter if ISP1 is up or down.
Surely Exchange can "correct" itself automatically.  I wouldn't think Exchange would necessarily "see" the change.  Since the machine cannot access the internet (ie: from browser), it may be some kind of other strange DNS problem and I posted in the wrong section...
But, the web server (OWA) works fine and is accessible via public IP or FQDN if switched... but I guess that is incoming requests, not outgoing...

Maybe ISP blocks port 25?  But why block 25 and not 80/443?  
ASKER CERTIFIED SOLUTION
Avatar of LeeDerbyshire
LeeDerbyshire
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial