Link to home
Start Free TrialLog in
Avatar of justchil304
justchil304

asked on

Barracuda 300 Spam and Virus FW - Can't connect to port 25 from outside clients

Greetings!  

I've been trying to figure out my problem for hours!  

I have an existing exchange server that had surfcontrol installed... I removed it and set it up with a Barracuda Spam and Virus Firewall.

SOMEHOW email is coming in just fine... however from outside of our LAN I can't telnet or connect via Outlook.  I've had several others try from different connections with the same results.

I have many NAT rules on our Watchguard firewall... I've never had a problem.  In fact I can access the  I don't understand how it's not allowing a client to send email through. I'm 99.9% sure it's not the firewall causing the issue.

It sends email from other servers just fine!

HELO please-read-policy.mxtoolbox.com
250 xxxxxxxxx Hello recover.mxtoolbox.com [64.20.227.133], pleased to meet you [55 ms]
MAIL FROM: <supertool@mxtoolbox.com>
250 Ok [54 ms]
RCPT TO: <test@example.com>
550 No such domain at this location (test@example.com) [69 ms]
QUIT
221 Bye [55 ms]

I'm stumped!  I have done a lot of trial and error with no luck.  I can provide a lot more information if someone is willing to help me out.  I'm certain it's the Barracuda but I can't figure out what exactly :(
Avatar of Kaffiend
Kaffiend
Flag of United States of America image

Call Barracuda support.

They're great, and you get to speak to a live, knowledgeable person in minutes, usually.  They'll help you configure it.

Outlook should not go through the Barracuda, they should be connecting to Exchange directly, the Barracuda is just an SMTP gateway device - I think you need to check your NAT rules again.
Avatar of justchil304
justchil304

ASKER

I'll do that... it doesn't make much sense to me.  If clients can connect directly to exchange then spammers could to... There is something simple I'm missing here
ASKER CERTIFIED SOLUTION
Avatar of Kaffiend
Kaffiend
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
By RPC/HTTPS do you mean OWA?  If not I'll need to do some reading.

Right now I have it setup incorrectly but it will work for now.  Field users (outside of our LAN) are connecting to port 26 on exchange for SMTP...   This keeps it off a common port and allows it to at least work until I figure out something better.
RPC/HTTPS is where you can use Outlook even when you are not on the company network.  (It uses SSL for encryption, so it's pretty secure)  It's a feature that you can enable in your Exchange 2003 (and newer) server.  Also, Outlook must be Outlook 2003 or newer to take advantage of this feature.

Maybe when the Barracuda is dialed in, you should look into RPC/HTTPS.  It is certainly better than having your users contact your server directly to relay mail through (even if it is on a different port).

Thanks for the help!

I'm on my way to getting RPC/HTTPS going.  I can't get a certificate for another day or two so I was going to set it up with basic auth without SSL.... however you can't do that with Outlook 2007.  If you use basic encyption it forces you to connect using SSL only.

I will accept your comments as my solution regardless... but if you could point me in the right direction as to how to get this working without SSL (temp solution) I'd really appreciate it.

The tutorial I am using is: http://www.petri.co.il/how-can-i-configure-rpc-over-https-on-exchange-2003-single-server-scenario.htm  which is based after the ms kb.  

He does say this at the beginning... but I haven't figured out where in the instructions that is done.

"While RPC over HTTP does not require SSL, you must modify the registry to enable RPC over HTTP if you do not want to use SSL. This is why I've used the term "RPC over HTTP/S" in this set of articles."
I strongly suggest (since you *are* getting the certificate anyway) that you wait and do it with SSL enabled.  This reduces the need for you to do things basically twice.

Honestly, I haven't ever tried to do RPC over HTTP, much less with Outlook 2007.  Outlook 2003 is pretty forgiving, but Outlook 2007 can be a bit of a beast.

If you are a very brave and foolish soul, and want to do RPC over HTTP without SSL, then just skip the section in that article that tells you to enable SSL on the RPC virtual directory.  (Please don't do this !!  Just wait a couple more days)

:
Actually I had a credit at godaddy so it all works out.

Thanks again for your help!