Solved

Outgoing email to SBC being blocked, reverse DNS issue

Posted on 2008-10-02
15
796 Views
Last Modified: 2012-06-27
I have a Barracuda Spam Firewall, and an Exchange 2000 Server behing a PIX Firewall.   We have been experiencing issues with being blocked by SBC, so outgoing email is rejected.  

Mail.ourdomain.com resolved to the Barracuda, but the Exchange Server has another IP.  Because of this, reverse DNS is not working properly, and we believe this is why we get rejected.   Outgoing email is forwarded back out the Barracuda.  

The PIX is not able to forward the SMTP port on the Exchange IP to the Barracuda (outdated firmware which client does not want to pay to upgrade).

I have been struggling to come up with a solution for this.  Does anyone know how I can fix this?  
0
Comment
Question by:James Glaubiger
  • 5
  • 4
  • 2
15 Comments
 
LVL 7

Expert Comment

by:bcrosby007
ID: 22626282
You have to have a route from the Firewall to the exchange server. You can open the SMTP port and route all smtp traffic to the Exchange.
I am not familiar with the barracuda firewall...
0
 
LVL 7

Author Comment

by:James Glaubiger
ID: 22626350
*Incoming Email*     WAN -> PIX -> Barracuda (Spam Filtering) -> Exchange

*Outgoing Email* Exchange -> Barracuda -> PIX -> WAN

The issue seems to be that Exchange puts its WAN IP into the email header, but DNS shows mail.ourdomain.com pointing to the Barracuda WAN IP.  So reverse DNS issnt working, and we get marked as Spam.
0
 
LVL 7

Expert Comment

by:bcrosby007
ID: 22626404
Can you change your MX to your Pix and route smtp from your pix to your barracuda then from your barracuda to your exchange?
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 
LVL 7

Author Comment

by:James Glaubiger
ID: 22627433
The Exchange would still put in its IP address on outgoing email and cause the issue.   How do people usually have this setup for reverse DNS to work with a Barracuda?
0
 
LVL 7

Accepted Solution

by:
bcrosby007 earned 250 total points
ID: 22632661
Did you create a PTR dns record for your mail server?
http://searchexchange.techtarget.com/tip/0,289483,sid43_gci1255179,00.html 
0
 
LVL 7

Expert Comment

by:bcrosby007
ID: 22632674
You will probably have to use the Barracuda Public IP as the PTR.
0
 
LVL 7

Author Comment

by:James Glaubiger
ID: 22635607
Ok, this looks promising since I do not see our PTR record.   I will make the suggested changes and monitor the issue a bit.  I will post back with my results.

thanks
0
 
LVL 1

Assisted Solution

by:DiabloPubs
DiabloPubs earned 250 total points
ID: 22664844
I have a similar setup with a Barracuda Spam Firewall 200 sitting behind our router and before our email server.  I had some issues a few months ago with our users sending emails to AOL email addresses.  We had to configure the PTR record to point to our email server's public IP and not the Barracuda's IP.
0
 
LVL 7

Author Comment

by:James Glaubiger
ID: 22665216
So who is correct?   :)
0
 
LVL 7

Expert Comment

by:bcrosby007
ID: 22668056
Use the Exchange Server's IP first. A PTR can always be changed if needed!
0
 
LVL 1

Expert Comment

by:DiabloPubs
ID: 23142782
Any chance I can get some partial credit for reaffirming the fact that the email server's IP, not the Barracuda, should be associated with the PTR record?
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Pop culture is prime bait for hackers seeking to infect user’s computers and mobile devices with malicious malware. Hackers know exactly what the latest trends are online and know how to use them to their advantage.
As tax season makes its return, so does the increase in cyber crime and tax refund phishing that comes with it
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question