Publishing SMTP Server ISA 2006

Hi All

Im having issues with incoming mail via ISA 2006, I have tried to publish our SMTP server however mail cannot be delivered to the exchange server via ISA.

The ISA server is setup in a 2NIC config Internal--ISA--Router--Inet

The external NIC has a manually assigned address from the router subnet, however microsoft states that when specifiying the external ip in the publishing wizard I should have the MX record IP (ie our static external ip) but this is not an option as the only ip I can select is the ip of manually assigned router ip on the external nic.

If I select in the networks tab external selected ip as all ip addresses is still get through. On the monitoring I cannot see any traffic coming through or being denied on port 25, however when i use i get the following error"No connection could be made because the target machine actively refused it" I know the mx record is setup correctly so thats not an issue. Any ideas on how to get this working?

Please not I have already walked through the following to double check my config and everything is fine other than the external static ip.

Many Thanks
LVL 19
Stephen MandersonSoftware EngineerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Keith AlabasterEnterprise ArchitectCommented:
Not quite sure what you mean here. - you enter in the internal Ip address in the publishing rule, not the external ip address. Yes, you have the option of selecting the particular ip address to listen on (the ip address on the external ISA nic) but that is nothing to do with the MX record.

An MX record points to the name of a server, not an ip address. The server name in the MX record will have a DNS A record associated with it, and THAT is the ip address that mail will be forwarded to.

As long as the device on that ip address is set to forward port 25 traffic to the ISA external nic then job done.
Keith AlabasterEnterprise ArchitectCommented:
For example, on one of my own domains

My MX record is
i have a dns A record for the server called mail in my domain that has an ip address associated. As long as the device at that ip address can receive mail (smtp) and it (my external router) can forward port 25 traffic to my ISA external nic then that is all that is needed. My ISA external nic has 5 ip addresses on it.

When I run the smtp publishing rule, I have to put in the INTERNAL ip address of my exchange server and when I make the listener, i select the external interface to listen on. Because I have multiple IP addresses on the external nic I can select the addresses tab on the interface selection screen and pick the specirfic ip address (matches the one that I forward to on my external router).

Job complete.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Stephen MandersonSoftware EngineerAuthor Commented:
Turns out it was the router firmware, wouldnt pass through port 25, updated and the issue was resolved! Yes.. onto the next task..

Thanks Again
Keith AlabasterEnterprise ArchitectCommented:
Wow - sounds like you're having a rough day already.

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Forefront ISA Server

From novice to tech pro — start learning today.