Solved

Exchange Internet Emails through Proxy

Posted on 2009-07-15
6
207 Views
Last Modified: 2013-11-30
I am running Exchange 2003, I decided to setup a bridgehead server to route internet emails to the respective internet accounts using a smart host (mail server) hosted by myself. The Bridgehead has two NICs, one for the domain and another I had installed for testing purposes to be hooked directly to the internet. As it stands the bridgehead is working perfectly and delivering internet emails through the smart host. However I do not want it to have a direct connection the the internet because then my active directory would be vulnerable. I tried using the second NIC, previously used for a direct link to the internet, to connect to a proxy. Whilst using the proxy I cannot manage to send out any mails, they stay queued in the bridgehead server. Ive even installed the firewall client for the proxy. and I made a rule to allow all smtp traffic, still nothing. Is there anything I am doing wrong? Any help would be appreciated
0
Comment
Question by:TechGSC
  • 3
  • 3
6 Comments
 
LVL 11

Expert Comment

by:tmeunier
ID: 24864042
There are a couple considerations here.  One is that Windows Server isn't so spiffy at handling multiple gateways, so make sure you take care of that and that network configuration is fine for other communications on both NICs.  Then, you can accomplish what you're trying to do with the built-in Internet Mail Wizard, which has facility to set up two SMTP virtual servers, one for inbound and one tied to an SMTP connector for outbound Internet mail.  Here's a good article that discusses.
http://www.msexchange.org/tutorials/Using_Exchange_2003_Mail_Wizard.html
0
 

Author Comment

by:TechGSC
ID: 24864351
I've done all that, I have my smtp connector setup and everything. It has been working fine but now I want it to work through a proxy server running ISA 2006. Rather than have it connected directly to the internet... for security reasons.
0
 
LVL 11

Accepted Solution

by:
tmeunier earned 500 total points
ID: 24864389
Ah, gotcha. In that case, you're perfect as far as Exchange is confirmed, and it becomes completely an ISA Server question.
http://technet.microsoft.com/en-us/library/bb794845.aspx
The part that says "Sending Internet E-Mail Messages" is really the part that concerns you, assuming that DNS is also working perfectly.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:TechGSC
ID: 24873888
thanks for the quick responses. I've done what the document you said asked. Setup a computer object for the bridgehead created the smtp rule to allow it access but still the same exact thing, it stays queues in the bridgehead and it doesn't leave out. But the minute I unplug the proxy network cable and replug the direct line to the internet it all sends quickly and smooth..... HELP!
0
 
LVL 11

Expert Comment

by:tmeunier
ID: 24873967
That's really curious.  Again, I'm not a firewall guy but you should be able to log onto a console session on your outbound Exchange server, and connect via telnet to port 25 of any public-facing mail exchanger.   So the next question is, let's plug it into the ISA server and ensure that it can do its task of sending email.  Get a terminal window, and do
NSLOOKUP -q=mx somedomain.com
(do you get an answer?  This will show that DNS is working.  If not, troubleshoot DNS settings here)
TELNET [that answer] 25
(do you get an answer?  if so, then your ISA SMTP rule is fine)
EHLO or HELO foo.bar
(still answer?  Then SMTP verbs are successfully being handled)
I can see that if your Exchange server is set to use an external DNS server and you don't have a rule allowing port 53 DNS traffic, then it would fail & queue.  So then you'd fix that on ISA, or point DNS resolution to an internal server.  For example.  In that case I would actually telnet to port 25 of the IP address of a known-good mail host, to get DNS resolution out of the picture as a problem.

I guess there could be other things too.  But it's pretty clearly being blocked by ISA.
0
 

Author Comment

by:TechGSC
ID: 24895721
thanks that helped me a lot. Its been a pleasure!
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
Read this checklist to learn more about the 15 things you should never include in an email signature.
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
This video discusses moving either the default database or any database to a new volume.

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question