Solved

Outgoing email to SBC being blocked, reverse DNS issue

Posted on 2008-10-02
15
790 Views
Last Modified: 2012-06-27
I have a Barracuda Spam Firewall, and an Exchange 2000 Server behing a PIX Firewall.   We have been experiencing issues with being blocked by SBC, so outgoing email is rejected.  

Mail.ourdomain.com resolved to the Barracuda, but the Exchange Server has another IP.  Because of this, reverse DNS is not working properly, and we believe this is why we get rejected.   Outgoing email is forwarded back out the Barracuda.  

The PIX is not able to forward the SMTP port on the Exchange IP to the Barracuda (outdated firmware which client does not want to pay to upgrade).

I have been struggling to come up with a solution for this.  Does anyone know how I can fix this?  
0
Comment
Question by:James Glaubiger
  • 5
  • 4
  • 2
15 Comments
 
LVL 7

Expert Comment

by:bcrosby007
ID: 22626282
You have to have a route from the Firewall to the exchange server. You can open the SMTP port and route all smtp traffic to the Exchange.
I am not familiar with the barracuda firewall...
0
 
LVL 7

Author Comment

by:James Glaubiger
ID: 22626350
*Incoming Email*     WAN -> PIX -> Barracuda (Spam Filtering) -> Exchange

*Outgoing Email* Exchange -> Barracuda -> PIX -> WAN

The issue seems to be that Exchange puts its WAN IP into the email header, but DNS shows mail.ourdomain.com pointing to the Barracuda WAN IP.  So reverse DNS issnt working, and we get marked as Spam.
0
 
LVL 7

Expert Comment

by:bcrosby007
ID: 22626404
Can you change your MX to your Pix and route smtp from your pix to your barracuda then from your barracuda to your exchange?
0
 
LVL 7

Author Comment

by:James Glaubiger
ID: 22627433
The Exchange would still put in its IP address on outgoing email and cause the issue.   How do people usually have this setup for reverse DNS to work with a Barracuda?
0
 
LVL 7

Accepted Solution

by:
bcrosby007 earned 250 total points
ID: 22632661
Did you create a PTR dns record for your mail server?
http://searchexchange.techtarget.com/tip/0,289483,sid43_gci1255179,00.html 
0
Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

 
LVL 7

Expert Comment

by:bcrosby007
ID: 22632674
You will probably have to use the Barracuda Public IP as the PTR.
0
 
LVL 7

Author Comment

by:James Glaubiger
ID: 22635607
Ok, this looks promising since I do not see our PTR record.   I will make the suggested changes and monitor the issue a bit.  I will post back with my results.

thanks
0
 
LVL 1

Assisted Solution

by:DiabloPubs
DiabloPubs earned 250 total points
ID: 22664844
I have a similar setup with a Barracuda Spam Firewall 200 sitting behind our router and before our email server.  I had some issues a few months ago with our users sending emails to AOL email addresses.  We had to configure the PTR record to point to our email server's public IP and not the Barracuda's IP.
0
 
LVL 7

Author Comment

by:James Glaubiger
ID: 22665216
So who is correct?   :)
0
 
LVL 7

Expert Comment

by:bcrosby007
ID: 22668056
Use the Exchange Server's IP first. A PTR can always be changed if needed!
0
 
LVL 1

Expert Comment

by:DiabloPubs
ID: 23142782
Any chance I can get some partial credit for reaffirming the fact that the email server's IP, not the Barracuda, should be associated with the PTR record?
0

Featured Post

[Webinar] Disaster Recovery and Cloud Management

Learn from Unigma and CloudBerry industry veterans which providers are best for certain use cases and how to lower cloud costs, how to grow your Managed Services practice in IaaS clouds, and how to utilize public cloud for Disaster Recovery

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We are happy to announce a brand new addition to our line of acclaimed email signature management products – CodeTwo Email Signatures for Office 365.
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
This Micro Tutorial demonstrates  how Internet marketers work with competitive analysis data, and a common task in data preparation is creating separate column for domains. You will then extract from a list of URLs.
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

25 Experts available now in Live!

Get 1:1 Help Now