Solved

Exchange Internet Emails through Proxy

Posted on 2009-07-15
6
197 Views
Last Modified: 2013-11-30
I am running Exchange 2003, I decided to setup a bridgehead server to route internet emails to the respective internet accounts using a smart host (mail server) hosted by myself. The Bridgehead has two NICs, one for the domain and another I had installed for testing purposes to be hooked directly to the internet. As it stands the bridgehead is working perfectly and delivering internet emails through the smart host. However I do not want it to have a direct connection the the internet because then my active directory would be vulnerable. I tried using the second NIC, previously used for a direct link to the internet, to connect to a proxy. Whilst using the proxy I cannot manage to send out any mails, they stay queued in the bridgehead server. Ive even installed the firewall client for the proxy. and I made a rule to allow all smtp traffic, still nothing. Is there anything I am doing wrong? Any help would be appreciated
0
Comment
Question by:TechGSC
  • 3
  • 3
6 Comments
 
LVL 11

Expert Comment

by:tmeunier
ID: 24864042
There are a couple considerations here.  One is that Windows Server isn't so spiffy at handling multiple gateways, so make sure you take care of that and that network configuration is fine for other communications on both NICs.  Then, you can accomplish what you're trying to do with the built-in Internet Mail Wizard, which has facility to set up two SMTP virtual servers, one for inbound and one tied to an SMTP connector for outbound Internet mail.  Here's a good article that discusses.
http://www.msexchange.org/tutorials/Using_Exchange_2003_Mail_Wizard.html
0
 

Author Comment

by:TechGSC
ID: 24864351
I've done all that, I have my smtp connector setup and everything. It has been working fine but now I want it to work through a proxy server running ISA 2006. Rather than have it connected directly to the internet... for security reasons.
0
 
LVL 11

Accepted Solution

by:
tmeunier earned 500 total points
ID: 24864389
Ah, gotcha. In that case, you're perfect as far as Exchange is confirmed, and it becomes completely an ISA Server question.
http://technet.microsoft.com/en-us/library/bb794845.aspx
The part that says "Sending Internet E-Mail Messages" is really the part that concerns you, assuming that DNS is also working perfectly.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Author Comment

by:TechGSC
ID: 24873888
thanks for the quick responses. I've done what the document you said asked. Setup a computer object for the bridgehead created the smtp rule to allow it access but still the same exact thing, it stays queues in the bridgehead and it doesn't leave out. But the minute I unplug the proxy network cable and replug the direct line to the internet it all sends quickly and smooth..... HELP!
0
 
LVL 11

Expert Comment

by:tmeunier
ID: 24873967
That's really curious.  Again, I'm not a firewall guy but you should be able to log onto a console session on your outbound Exchange server, and connect via telnet to port 25 of any public-facing mail exchanger.   So the next question is, let's plug it into the ISA server and ensure that it can do its task of sending email.  Get a terminal window, and do
NSLOOKUP -q=mx somedomain.com
(do you get an answer?  This will show that DNS is working.  If not, troubleshoot DNS settings here)
TELNET [that answer] 25
(do you get an answer?  if so, then your ISA SMTP rule is fine)
EHLO or HELO foo.bar
(still answer?  Then SMTP verbs are successfully being handled)
I can see that if your Exchange server is set to use an external DNS server and you don't have a rule allowing port 53 DNS traffic, then it would fail & queue.  So then you'd fix that on ISA, or point DNS resolution to an internal server.  For example.  In that case I would actually telnet to port 25 of the IP address of a known-good mail host, to get DNS resolution out of the picture as a problem.

I guess there could be other things too.  But it's pretty clearly being blocked by ISA.
0
 

Author Comment

by:TechGSC
ID: 24895721
thanks that helped me a lot. Its been a pleasure!
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Utilizing an array to gracefully append to a list of EmailAddresses
Check out this infographic on what you need to make a good email signature that will work perfectly for your organization.
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
This video discusses moving either the default database or any database to a new volume.

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now