Link to home
Start Free TrialLog in
Avatar of joeb1
joeb1

asked on

Enable internal exchange Server to send mail to external Relay.

Hi-

I need some Exchange advise. We have an exchange server 2003 that is internal. 192.168.*.* This server also has an external interface on it. We would like for all e-mail to be relayed through another external server. This external server is actually the mx record for our domain, and does all content and rule based filtering through Trend-micro IMSS. The problem we are running into is that we see the external interface on the internal exchange server is sending out mail. And since it is not registered as the mail record. WE are getting blocked as a spam source once a week. (we are not an open relay from the testing I have done.)

Here is more information:

Under our Default SMTP Virtual server Properties.

IP address: All Unassigned <-- Should this be set to the Internal interface IP Address?

Access TAb: Relay Restrictions Button, Radial clicked for, Only the list below, in this list we have multiple entries. some IIS servers that are external, some internal groups defined by our IP internal address, and a couple of IP's I have no idea what they are.. This is also a red-flag for me right now. We also have Allow all computers which successfully authenticate to relay checked.

Under the Delivery Tab: FQDN of the Internal server.

In our Routing Groups:

  We have forward all mail through this connector through the following smarthost. The external server's IP is entered in [serverip].

How to I set up our internal Exchange server to relay mail to the external server that has the mx record for the Domain. Any help would be appreciated..
Avatar of AClockworkTech
AClockworkTech
Flag of United States of America image

The fact that your sending server is not your MX record would not cause you to be blacklisted.  You likely have some other problem.  This server has two NICs, one with a public IP?  

If you do want all mail to flow through to the other server,  you need to make sure your lowest cost SMTP/Routing connector is set to forward all mail to your other server, and that the address space for SMTP addresses has the wildcard "*"
Avatar of joeb1
joeb1

ASKER

Yes, that is correct. There is an IP on the server that is a public IP. No idea why this was done in the past. But I have been tasked with figuring out why we are constantly getting blacklisted. I am just grasping for anything at this point.

Is the forwarding controlled by the entries in the address space for the Routing Group Connectors? WE do not have anything related to our Domain in this box. We do have a few other Domains that are not ours listed though.
Avatar of joeb1

ASKER

I tried adding the wildcard and all outgoing mail stopped
It is possible that your external server is denying relaying from this computer.  You should modify the SMTP Virtual Server on the external server to allow relay from this server.  Also,  can you please let me know everything you have on your current sending server's connector list?
The above assumes your other server is Exchange...There will be another way to do it for other mail servers.
Avatar of joeb1

ASKER

I tried a test this morning. I disabled the external interface on my internal server. Added the smtp routing for the internal interface on my external imss box. Everything looked as if it was being sent to the Internal server. But the mail que was filling up. And no external e-mail was coming in. On my internal server. I added  external server as a smart host in the Default virtual server delivery tab. Not sure that it had a positive affect. I eventually went back to the original config. and enabled the external interface. WE are seeing a lot of traffic through the checkpoint firewall from this external interface. I have reason to believe this is why we are getting blacklisted.

DO you want the list from the internal server? Or the external server that should be relaying?
The external server does not have exchange installled. Just IMSS from TrendMicro.
You can check the SMTP logs on the internal server to see why it was not allowed to relay through the IMSS server.  I am not familiar with IMSS; can it do outbound filtering as well?  It is likely you would have to tell it to accept relaying from your internal server.  

This is besides the point, as again your outbound server getting blacklisted is not because it is not the MX record.  It is probably actually sending out SPAM.  To lock it down a bit, you should only allow SMTP traffic in to your exchange server from the recieving server(the Trend server)   This would prevent NDR attacks and the like.  You should speak with your ISP and have a Reverse DNS record set up for your outbound server's IP that points to the A record that your exchange server advertises itself as(Properties on SMTP virtual server> Delivery>Advanced>Fully-qualified Domain Name).  You will have to make sure it advertises itself as a name that resolvs back to it's IP  You may even want to set up an SPF record for your domain.  I have seen that sbc/att has been blacklisting a lot of people for things like the RDNS record.  Who is blacklisting you, does it give a specific resason code?

See the following site for help creating your SPF record(likely not required but it can help):
http://old.openspf.org/wizard.html 
ASKER CERTIFIED SOLUTION
Avatar of AClockworkTech
AClockworkTech
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of joeb1

ASKER

Ok.. anoter newb question.."you should only allow SMTP traffic in to your exchange server from the recieving server(the Trend server)" <--- where is this done at?

spamhaus.org, and CBL, barracudacentral are the main ones. The strange this is that the IP listed in the blacklist is our firewall. So it must be coming from an internal source.
 
Properties on SMTP Virtual server, Access Tab, Connection button.
Again though, what blacklist were you on and was there a specific reason/error code cited?
Avatar of joeb1

ASKER

i think the reason stated was cutwail/botnet