amoos
asked on
smtp communication problem
ok i can send emails to only certain domains i.e. yahoo, gmail, etc. i am not able to send mail or the messages are not getting delivered to the destination. i think they are requiring some sort of authentication. please help i am really stuck
this is my situation. i have one server running windows server 2003 R2 and exchange 2003 sp2 on it.
my internal domain is .local
my external domain is .org
all my dns is hosted by my isp
i have one forward lookup zone for .local and there are forwarders in it to go to the dns servers of my isp
nothhing else in my dns is configured
my smtp banner is myserver.mydomain.org
all this sits behind a watchguard firewall that i have configured.
all the ip's from my isp are pointed through the firewall to my server.
i have control over whatever you would like to try.
my question is that for mail my isp has a host record for mail.mydomain.org and the ip of 12.xxx.xxx.xxx
the 12.xxx.xxx.xxx is pointed to my server through the firewall. incomming mail is fine. thoutgoing is sometimes the problem where my users mail sometimes does not reach the intended recipient.
from what you have read is there anything that i have done wrong?? is there anything that i need to change or add. does my smtp banner need to match the host record created by my isp?? (i.e. does it need to be mail.mydomain.org instead of myservername.mydomain.org.
thanks
this is my situation. i have one server running windows server 2003 R2 and exchange 2003 sp2 on it.
my internal domain is .local
my external domain is .org
all my dns is hosted by my isp
i have one forward lookup zone for .local and there are forwarders in it to go to the dns servers of my isp
nothhing else in my dns is configured
my smtp banner is myserver.mydomain.org
all this sits behind a watchguard firewall that i have configured.
all the ip's from my isp are pointed through the firewall to my server.
i have control over whatever you would like to try.
my question is that for mail my isp has a host record for mail.mydomain.org and the ip of 12.xxx.xxx.xxx
the 12.xxx.xxx.xxx is pointed to my server through the firewall. incomming mail is fine. thoutgoing is sometimes the problem where my users mail sometimes does not reach the intended recipient.
from what you have read is there anything that i have done wrong?? is there anything that i need to change or add. does my smtp banner need to match the host record created by my isp?? (i.e. does it need to be mail.mydomain.org instead of myservername.mydomain.org.
thanks
ASKER
i do not know watchguard that well. i have taken over for a contractor that is no longer there because of performance issues.
in the watchguard firewall i have all the external ip's that were given to me from the isp forwarded to the exchange server.
what did you mean by"also on the watchguard firewall i take it you are using NAT to the internal server have you excluded that ip from dynamic NAT as if not it will masqurade to the gateway ip? makesure that the mail is coming from the same ip it is being received on"
in the watchguard firewall i have all the external ip's that were given to me from the isp forwarded to the exchange server.
what did you mean by"also on the watchguard firewall i take it you are using NAT to the internal server have you excluded that ip from dynamic NAT as if not it will masqurade to the gateway ip? makesure that the mail is coming from the same ip it is being received on"
ASKER
this is what i get when i do a reverse lookup from dnsstuff.com. is mail.op-tn.org a smart host??? if so do i need to put this into the smarthost on the smtp connector??
12.189.231.181 PTR record: mail.op-tn.org. [TTL 86400s] [A=12.189.231.181]
12.189.231.181 PTR record: mail.op-tn.org. [TTL 86400s] [A=12.189.231.181]
basicly you have an external public ip that the mx record and host record point to at you isp then that public ip goes to the firewall from there you have to use NAT to forward the public address to the priv address of the exchange server
that NAT 1 to 1 translation must be excluded on the watchguard from dynamic NAT translation as when you send email it will go out from the gateway address and not the public ip address that is pointing to your exchange server.
in this case the recieving member will look up your exchnage records and see it is a different address then what you a record is pointing to and think it is spam
have you turned on smtp logging to check the ndrs to see if any are reporting DNS issues?
type your domain into www.dnsstuff.com and perform a report
that NAT 1 to 1 translation must be excluded on the watchguard from dynamic NAT translation as when you send email it will go out from the gateway address and not the public ip address that is pointing to your exchange server.
in this case the recieving member will look up your exchnage records and see it is a different address then what you a record is pointing to and think it is spam
have you turned on smtp logging to check the ndrs to see if any are reporting DNS issues?
type your domain into www.dnsstuff.com and perform a report
if that is the mx record for your isp smarthost then yes as you need to foward smtp through that so it matches the ip
ASKER
ok this is what i got from at&t
soa cbru.br.ns.els-gms.att.net
ns cbru.br.ns.els-gms.att.net
ns cmtu.mt.ns.els-gms.att.net
@ A 12.189.231.183
mail A 12.189.231.181
www A 12.189.231.183
@ mx 10 mail.op-tn.org
since the mx is mail.op-tn.org is that what i need to have my smtp banner as??
soa cbru.br.ns.els-gms.att.net
ns cbru.br.ns.els-gms.att.net
ns cmtu.mt.ns.els-gms.att.net
@ A 12.189.231.183
mail A 12.189.231.181
www A 12.189.231.183
@ mx 10 mail.op-tn.org
since the mx is mail.op-tn.org is that what i need to have my smtp banner as??
ASKER
i must note also to you the mail server use to be 192.168.10.5 and now it has changed to 192.168.10.3
i made the nesscary changes on the watchguard for the ip change. is there something hidden in the watchguard that i do not know about like a dns proxy or what not??
mail is comming in perfectly fine. but we can only send out to certain domains. in the smtp connector and the internet connector smtp is set to *
i made the nesscary changes on the watchguard for the ip change. is there something hidden in the watchguard that i do not know about like a dns proxy or what not??
mail is comming in perfectly fine. but we can only send out to certain domains. in the smtp connector and the internet connector smtp is set to *
ASKER
mail A 12.189.231.181
@ mx 10 mail.op-tn.org
this is what they have for us
i am trying to call them to see if it is a smart host
@ mx 10 mail.op-tn.org
this is what they have for us
i am trying to call them to see if it is a smart host
its is more then likely a DNS isue you have mail is looking like it is comming from somewhere diiferent then where you records are saying and then some orgs perform checks to confirm this.
i seen the same problem on a watchgurd and to fix it i had to exclude the 1 to 1 nat used for the exchange from dynamic thsi made sure that the emails came from the right public ip address and not the gateway as it was
http://www.watchguard.com/help/lss/70/Auth/nat7.htm
i seen the same problem on a watchgurd and to fix it i had to exclude the 1 to 1 nat used for the exchange from dynamic thsi made sure that the emails came from the right public ip address and not the gateway as it was
http://www.watchguard.com/help/lss/70/Auth/nat7.htm
ASKER
i am calling at&t right now to find out if mail.op-tn.org is a smart host.
the link was great. but do you have any screen shots?? probably not but i thought that i would ask. your help is great.
so what do you think the source of my problem is???
the link was great. but do you have any screen shots?? probably not but i thought that i would ask. your help is great.
so what do you think the source of my problem is???
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
outstanding help. really great
also on the watchguard firewall i take it you are using NAT to the internal server have you excluded that ip from dynamic NAT as if not it will masqurade to the gateway ip? makesure that the mail is coming from the same ip it is being received on