• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1425
  • Last Modified:

Exchange 2007 OWA not working externally, mail issues as well

Yesterday I replaced a firewall in our office with a PIX515. I have set up NAT and the ACL's to allow 443, 110, 25, and 80 thru to our mail server (Exchange 2007 single server). Internally, https://myaiasrv04/owa works just fine. From outside http://mail.mueller-yurgae.com works fine (at least enough to tell me I need to use https) so when I use https it stalls out and will not work.
Related to the Exchange issues, I cannot send out any new messages either.

Can someone get me in the right direction!! HELP!
1 Solution
muelleryurgaeassociatesAuthor Commented:
I can connect to the port 443 via telnet:

iwalmsley@virtue:~$ telnet 443
Connected to
Escape character is '^]'.
when i telnet to the ip address of mail.mueller-yurgae.com on port 25( telnet 25), i do not get the reponse i would expect to get from an exchange server. something else is intercepting your traffic. i would look at your pix config, looks like something is just not right.

muelleryurgaeassociatesAuthor Commented:
I got OWA to work externally. It was an SSL certificate issue. I replaced the certificate and it works.

I am still having issue sending mail. This started today after the new firewall was installed. Getting "Delivery Delayed"  --  "This message has not yet been delivered. Microsoft Exchange will continue to try delivering the message on your behalf."

I can receive emails no problem.
A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

Turn off fixup SMTP in the PIX. It will be getting in the way and stopping common antispam checks from working correctly.


If your question has been answered, please remember to accept the answer and close the question.
muelleryurgaeassociatesAuthor Commented:

Where abouts can I find that in the ASDM?

Disable smtp fixup as simon suggested:
  no fixup protocol smtp 25

Also, make sure that your outbound IP address matches your MX record. If you only port-forward smtp/25 to the Exchange host for inbound, there is a chance that outbound email may be taking the global IP address and does not match the MX.
Also, you may need to adjust the max dns fixup

 fixup protocol dns maximum-length 1024

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now