Solved

Exchange Internet Emails through Proxy

Posted on 2009-07-15
6
213 Views
Last Modified: 2013-11-30
I am running Exchange 2003, I decided to setup a bridgehead server to route internet emails to the respective internet accounts using a smart host (mail server) hosted by myself. The Bridgehead has two NICs, one for the domain and another I had installed for testing purposes to be hooked directly to the internet. As it stands the bridgehead is working perfectly and delivering internet emails through the smart host. However I do not want it to have a direct connection the the internet because then my active directory would be vulnerable. I tried using the second NIC, previously used for a direct link to the internet, to connect to a proxy. Whilst using the proxy I cannot manage to send out any mails, they stay queued in the bridgehead server. Ive even installed the firewall client for the proxy. and I made a rule to allow all smtp traffic, still nothing. Is there anything I am doing wrong? Any help would be appreciated
0
Comment
Question by:TechGSC
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 11

Expert Comment

by:tmeunier
ID: 24864042
There are a couple considerations here.  One is that Windows Server isn't so spiffy at handling multiple gateways, so make sure you take care of that and that network configuration is fine for other communications on both NICs.  Then, you can accomplish what you're trying to do with the built-in Internet Mail Wizard, which has facility to set up two SMTP virtual servers, one for inbound and one tied to an SMTP connector for outbound Internet mail.  Here's a good article that discusses.
http://www.msexchange.org/tutorials/Using_Exchange_2003_Mail_Wizard.html
0
 

Author Comment

by:TechGSC
ID: 24864351
I've done all that, I have my smtp connector setup and everything. It has been working fine but now I want it to work through a proxy server running ISA 2006. Rather than have it connected directly to the internet... for security reasons.
0
 
LVL 11

Accepted Solution

by:
tmeunier earned 500 total points
ID: 24864389
Ah, gotcha. In that case, you're perfect as far as Exchange is confirmed, and it becomes completely an ISA Server question.
http://technet.microsoft.com/en-us/library/bb794845.aspx
The part that says "Sending Internet E-Mail Messages" is really the part that concerns you, assuming that DNS is also working perfectly.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:TechGSC
ID: 24873888
thanks for the quick responses. I've done what the document you said asked. Setup a computer object for the bridgehead created the smtp rule to allow it access but still the same exact thing, it stays queues in the bridgehead and it doesn't leave out. But the minute I unplug the proxy network cable and replug the direct line to the internet it all sends quickly and smooth..... HELP!
0
 
LVL 11

Expert Comment

by:tmeunier
ID: 24873967
That's really curious.  Again, I'm not a firewall guy but you should be able to log onto a console session on your outbound Exchange server, and connect via telnet to port 25 of any public-facing mail exchanger.   So the next question is, let's plug it into the ISA server and ensure that it can do its task of sending email.  Get a terminal window, and do
NSLOOKUP -q=mx somedomain.com
(do you get an answer?  This will show that DNS is working.  If not, troubleshoot DNS settings here)
TELNET [that answer] 25
(do you get an answer?  if so, then your ISA SMTP rule is fine)
EHLO or HELO foo.bar
(still answer?  Then SMTP verbs are successfully being handled)
I can see that if your Exchange server is set to use an external DNS server and you don't have a rule allowing port 53 DNS traffic, then it would fail & queue.  So then you'd fix that on ISA, or point DNS resolution to an internal server.  For example.  In that case I would actually telnet to port 25 of the IP address of a known-good mail host, to get DNS resolution out of the picture as a problem.

I guess there could be other things too.  But it's pretty clearly being blocked by ISA.
0
 

Author Comment

by:TechGSC
ID: 24895721
thanks that helped me a lot. Its been a pleasure!
0

Featured Post

Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
After hours on line I found a solution which pointed to the inherited Active Directory permissions . You have to give/allow permissions to the "Exchange trusted subsystem" for the user in the Active Directory...
how to add IIS SMTP to handle application/Scanner relays into office 365.
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question