?
Solved

Exchange Internet Emails through Proxy

Posted on 2009-07-15
6
Medium Priority
?
219 Views
Last Modified: 2013-11-30
I am running Exchange 2003, I decided to setup a bridgehead server to route internet emails to the respective internet accounts using a smart host (mail server) hosted by myself. The Bridgehead has two NICs, one for the domain and another I had installed for testing purposes to be hooked directly to the internet. As it stands the bridgehead is working perfectly and delivering internet emails through the smart host. However I do not want it to have a direct connection the the internet because then my active directory would be vulnerable. I tried using the second NIC, previously used for a direct link to the internet, to connect to a proxy. Whilst using the proxy I cannot manage to send out any mails, they stay queued in the bridgehead server. Ive even installed the firewall client for the proxy. and I made a rule to allow all smtp traffic, still nothing. Is there anything I am doing wrong? Any help would be appreciated
0
Comment
Question by:TechGSC
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 11

Expert Comment

by:tmeunier
ID: 24864042
There are a couple considerations here.  One is that Windows Server isn't so spiffy at handling multiple gateways, so make sure you take care of that and that network configuration is fine for other communications on both NICs.  Then, you can accomplish what you're trying to do with the built-in Internet Mail Wizard, which has facility to set up two SMTP virtual servers, one for inbound and one tied to an SMTP connector for outbound Internet mail.  Here's a good article that discusses.
http://www.msexchange.org/tutorials/Using_Exchange_2003_Mail_Wizard.html
0
 

Author Comment

by:TechGSC
ID: 24864351
I've done all that, I have my smtp connector setup and everything. It has been working fine but now I want it to work through a proxy server running ISA 2006. Rather than have it connected directly to the internet... for security reasons.
0
 
LVL 11

Accepted Solution

by:
tmeunier earned 2000 total points
ID: 24864389
Ah, gotcha. In that case, you're perfect as far as Exchange is confirmed, and it becomes completely an ISA Server question.
http://technet.microsoft.com/en-us/library/bb794845.aspx
The part that says "Sending Internet E-Mail Messages" is really the part that concerns you, assuming that DNS is also working perfectly.
0
Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 

Author Comment

by:TechGSC
ID: 24873888
thanks for the quick responses. I've done what the document you said asked. Setup a computer object for the bridgehead created the smtp rule to allow it access but still the same exact thing, it stays queues in the bridgehead and it doesn't leave out. But the minute I unplug the proxy network cable and replug the direct line to the internet it all sends quickly and smooth..... HELP!
0
 
LVL 11

Expert Comment

by:tmeunier
ID: 24873967
That's really curious.  Again, I'm not a firewall guy but you should be able to log onto a console session on your outbound Exchange server, and connect via telnet to port 25 of any public-facing mail exchanger.   So the next question is, let's plug it into the ISA server and ensure that it can do its task of sending email.  Get a terminal window, and do
NSLOOKUP -q=mx somedomain.com
(do you get an answer?  This will show that DNS is working.  If not, troubleshoot DNS settings here)
TELNET [that answer] 25
(do you get an answer?  if so, then your ISA SMTP rule is fine)
EHLO or HELO foo.bar
(still answer?  Then SMTP verbs are successfully being handled)
I can see that if your Exchange server is set to use an external DNS server and you don't have a rule allowing port 53 DNS traffic, then it would fail & queue.  So then you'd fix that on ISA, or point DNS resolution to an internal server.  For example.  In that case I would actually telnet to port 25 of the IP address of a known-good mail host, to get DNS resolution out of the picture as a problem.

I guess there could be other things too.  But it's pretty clearly being blocked by ISA.
0
 

Author Comment

by:TechGSC
ID: 24895721
thanks that helped me a lot. Its been a pleasure!
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains how to install and use the NTBackup utility that comes with Windows Server.
New style of hardware planning for Microsoft Exchange server.
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question