• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 817
  • Last Modified:

Outgoing email to SBC being blocked, reverse DNS issue

I have a Barracuda Spam Firewall, and an Exchange 2000 Server behing a PIX Firewall.   We have been experiencing issues with being blocked by SBC, so outgoing email is rejected.  

Mail.ourdomain.com resolved to the Barracuda, but the Exchange Server has another IP.  Because of this, reverse DNS is not working properly, and we believe this is why we get rejected.   Outgoing email is forwarded back out the Barracuda.  

The PIX is not able to forward the SMTP port on the Exchange IP to the Barracuda (outdated firmware which client does not want to pay to upgrade).

I have been struggling to come up with a solution for this.  Does anyone know how I can fix this?  
0
James Glaubiger
Asked:
James Glaubiger
  • 5
  • 4
  • 2
2 Solutions
 
bcrosby007Commented:
You have to have a route from the Firewall to the exchange server. You can open the SMTP port and route all smtp traffic to the Exchange.
I am not familiar with the barracuda firewall...
0
 
James GlaubigerCo-FounderAuthor Commented:
*Incoming Email*     WAN -> PIX -> Barracuda (Spam Filtering) -> Exchange

*Outgoing Email* Exchange -> Barracuda -> PIX -> WAN

The issue seems to be that Exchange puts its WAN IP into the email header, but DNS shows mail.ourdomain.com pointing to the Barracuda WAN IP.  So reverse DNS issnt working, and we get marked as Spam.
0
 
bcrosby007Commented:
Can you change your MX to your Pix and route smtp from your pix to your barracuda then from your barracuda to your exchange?
0
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

 
James GlaubigerCo-FounderAuthor Commented:
The Exchange would still put in its IP address on outgoing email and cause the issue.   How do people usually have this setup for reverse DNS to work with a Barracuda?
0
 
bcrosby007Commented:
Did you create a PTR dns record for your mail server?
http://searchexchange.techtarget.com/tip/0,289483,sid43_gci1255179,00.html 
0
 
bcrosby007Commented:
You will probably have to use the Barracuda Public IP as the PTR.
0
 
James GlaubigerCo-FounderAuthor Commented:
Ok, this looks promising since I do not see our PTR record.   I will make the suggested changes and monitor the issue a bit.  I will post back with my results.

thanks
0
 
DiabloPubsCommented:
I have a similar setup with a Barracuda Spam Firewall 200 sitting behind our router and before our email server.  I had some issues a few months ago with our users sending emails to AOL email addresses.  We had to configure the PTR record to point to our email server's public IP and not the Barracuda's IP.
0
 
James GlaubigerCo-FounderAuthor Commented:
So who is correct?   :)
0
 
bcrosby007Commented:
Use the Exchange Server's IP first. A PTR can always be changed if needed!
0
 
DiabloPubsCommented:
Any chance I can get some partial credit for reaffirming the fact that the email server's IP, not the Barracuda, should be associated with the PTR record?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 5
  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now