Solved

Outgoing email to SBC being blocked, reverse DNS issue

Posted on 2008-10-02
15
800 Views
Last Modified: 2012-06-27
I have a Barracuda Spam Firewall, and an Exchange 2000 Server behing a PIX Firewall.   We have been experiencing issues with being blocked by SBC, so outgoing email is rejected.  

Mail.ourdomain.com resolved to the Barracuda, but the Exchange Server has another IP.  Because of this, reverse DNS is not working properly, and we believe this is why we get rejected.   Outgoing email is forwarded back out the Barracuda.  

The PIX is not able to forward the SMTP port on the Exchange IP to the Barracuda (outdated firmware which client does not want to pay to upgrade).

I have been struggling to come up with a solution for this.  Does anyone know how I can fix this?  
0
Comment
Question by:James Glaubiger
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 2
15 Comments
 
LVL 7

Expert Comment

by:bcrosby007
ID: 22626282
You have to have a route from the Firewall to the exchange server. You can open the SMTP port and route all smtp traffic to the Exchange.
I am not familiar with the barracuda firewall...
0
 
LVL 7

Author Comment

by:James Glaubiger
ID: 22626350
*Incoming Email*     WAN -> PIX -> Barracuda (Spam Filtering) -> Exchange

*Outgoing Email* Exchange -> Barracuda -> PIX -> WAN

The issue seems to be that Exchange puts its WAN IP into the email header, but DNS shows mail.ourdomain.com pointing to the Barracuda WAN IP.  So reverse DNS issnt working, and we get marked as Spam.
0
 
LVL 7

Expert Comment

by:bcrosby007
ID: 22626404
Can you change your MX to your Pix and route smtp from your pix to your barracuda then from your barracuda to your exchange?
0
PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

 
LVL 7

Author Comment

by:James Glaubiger
ID: 22627433
The Exchange would still put in its IP address on outgoing email and cause the issue.   How do people usually have this setup for reverse DNS to work with a Barracuda?
0
 
LVL 7

Accepted Solution

by:
bcrosby007 earned 250 total points
ID: 22632661
Did you create a PTR dns record for your mail server?
http://searchexchange.techtarget.com/tip/0,289483,sid43_gci1255179,00.html 
0
 
LVL 7

Expert Comment

by:bcrosby007
ID: 22632674
You will probably have to use the Barracuda Public IP as the PTR.
0
 
LVL 7

Author Comment

by:James Glaubiger
ID: 22635607
Ok, this looks promising since I do not see our PTR record.   I will make the suggested changes and monitor the issue a bit.  I will post back with my results.

thanks
0
 
LVL 1

Assisted Solution

by:DiabloPubs
DiabloPubs earned 250 total points
ID: 22664844
I have a similar setup with a Barracuda Spam Firewall 200 sitting behind our router and before our email server.  I had some issues a few months ago with our users sending emails to AOL email addresses.  We had to configure the PTR record to point to our email server's public IP and not the Barracuda's IP.
0
 
LVL 7

Author Comment

by:James Glaubiger
ID: 22665216
So who is correct?   :)
0
 
LVL 7

Expert Comment

by:bcrosby007
ID: 22668056
Use the Exchange Server's IP first. A PTR can always be changed if needed!
0
 
LVL 1

Expert Comment

by:DiabloPubs
ID: 23142782
Any chance I can get some partial credit for reaffirming the fact that the email server's IP, not the Barracuda, should be associated with the PTR record?
0

Featured Post

Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Phishing attempts can come in all forms, shapes and sizes. No matter how familiar you think you are with them, always remember to take extra precaution when opening an email with attachments or links.
This article will help to fix the below errors for MS Exchange Server 2013 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Suggested Courses

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question