awilderbeast
asked on
getting external email to exchange 2010 via tmg 2010
Hi all, ive just installed an exchange server behind a tmg 2010 server
i have added the accepted domains to the exchange server and the * send connector
and i have all my users mailboxes
ive forward port 25 from my router the firewall, that correct or should forward it to the exchange server directly?
what is the next step to enable user sto receive their external emails
Thanks
i have added the accepted domains to the exchange server and the * send connector
and i have all my users mailboxes
ive forward port 25 from my router the firewall, that correct or should forward it to the exchange server directly?
what is the next step to enable user sto receive their external emails
Thanks
ASKER
and by forwarding port 25 to my firewall thats right?
will the firewall automaticlly pass on the emails?
thanks
will the firewall automaticlly pass on the emails?
thanks
No you will need to ensure that port 25 is being forwarded to your exchange server.
There is a wizard in FTMG to publish mail services
There is a wizard in FTMG to publish mail services
ASKER
publish mail server wizard?
i just run that added smtp server to it and forwarded it to the exchanges ip address and added external and internal networks too it
i did a send and recieve on outlook and recieve failed with reported error 0x80190194
i just run that added smtp server to it and forwarded it to the exchanges ip address and added external and internal networks too it
i did a send and recieve on outlook and recieve failed with reported error 0x80190194
ASKER
and on can youseeme.org i put in port 25 and connection times out it fails :S
ASKER
i can see in the firewall logging that smtp is being denied
The send and receive on outlook has nothing to do with SMTP comming in to your exchange server.
What exactly have you done with FTMG?
What exactly have you done with FTMG?
ASKER
only thing i have done is created the mail server publishing rule
to forward smtp to my exchanges ip address
when i go to loggin though i can see that smtp is being denied still
to forward smtp to my exchanges ip address
when i go to loggin though i can see that smtp is being denied still
And you have enabled the rule and then applied it to FTMG?
Can you provides screencapture of the rules screen?
Can you provides screencapture of the rules screen?
ASKER
Can you post screenshot of the rule you have created please?
ASKER
See above
No I mean the actual rule you have created.
The tabs.
The tabs.
On the networks tab can you check External and then apply the change.
What happens then?
What happens then?
ASKER
no luck, smtp is still coming up as denied on logging
would i need to do anything to the exchange server?
would i need to do anything to the exchange server?
No, there must be another rule blocking it.
What rule does it say it has been denied by?
What rule does it say it has been denied by?
Have you made the change on the receive connector like I mentioned previously?
ASKER
yeah the recieve connector on the hub transport i clicked annoymous yes
its blocked by the default rule which is the last rule, so its ignoring the publish completely
ive delted the rules and am starting the publish mail server wizard again
access type > do i set it to client access or server to server communication?
thanks
its blocked by the default rule which is the last rule, so its ignoring the publish completely
ive delted the rules and am starting the publish mail server wizard again
access type > do i set it to client access or server to server communication?
thanks
Can you follow this guide: http://technet.microsoft.com/en-us/library/dd441082.aspx
ASKER
ok..
under accepted authoratitve domains does this apply to internal names only?
or my external mx record mail.mydomain.com?
do i put my internal name space in ther domain.local?
thanks
under accepted authoratitve domains does this apply to internal names only?
or my external mx record mail.mydomain.com?
do i put my internal name space in ther domain.local?
thanks
ASKER
ASKER
heres what the logging is saying now
Log type: Firewall service
Status: No connection could be made because the target machine actively refused it.
Rule: [System] Allow SMTP traffic to the local host for mail protection and filtering
Source: External (92.29.159.111:60236)
Destination: Local Host (192.168.200.1:25)
Log type: Firewall service
Status: No connection could be made because the target machine actively refused it.
Rule: [System] Allow SMTP traffic to the local host for mail protection and filtering
Source: External (92.29.159.111:60236)
Destination: Local Host (192.168.200.1:25)
Can you telnet to the exchange server using port 25?
So type the following at a command prompt:
telnet server_ip 25
replace server_ip with the IP address.
What do you get?
So type the following at a command prompt:
telnet server_ip 25
replace server_ip with the IP address.
What do you get?
ASKER
i get
220 CH-EX.domain.local Microsoft ESMTP MAIL Service ready at Sun, 11 Apr 2010 13:
00:38 +0100
220 CH-EX.domain.local Microsoft ESMTP MAIL Service ready at Sun, 11 Apr 2010 13:
00:38 +0100
Was that from the server that has FTMG installed? If not can you please try it fromthat server.
ASKER
yeah i did that from the TMG install telnet client and ran that on the TMG server
Can you do a full test as per: http://support.microsoft.com/kb/153119
useyour domain name on the ehlo command and valid internal email addresses
useyour domain name on the ehlo command and valid internal email addresses
ASKER
ok i did it all here
code below
did those screens i provided of the email policy look right?
code below
did those screens i provided of the email policy look right?
220 CH-EX.works.local Microsoft ESMTP MAIL Service ready at Sun, 11 Apr 2010 13:
21:23 +0100
ehlo domain.local
250-CH-EX.domain.local Hello [192.168.101.10]
250-SIZE
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-STARTTLS
250-X-ANONYMOUSTLS
250-AUTH NTLM
250-X-EXPS GSSAPI NTLM
250-8BITMIME
250-BINARYMIME
250-CHUNKING
250-XEXCH50
250-XRDST
250 XSHADOW
MAIL FROM:alex@domain.lcoal
250 2.1.0 Sender OK
RCPT TO:alex@domain.local
250 2.1.5 Recipient OK
DATA
354 Start mail input; end with <CRLF>.<CRLF>
subject: test message
this is a test message.
.
250 2.6.0 <619e754d-7c7f-4d8a-903f-74186fda917f@CH-EX.domain.local> [InternalId=1
] Queued mail for delivery
They look OK but I don't have a FTMG server to compare it with until tomorrow.
ASKER
the failed connection
Failed Connection Attempt CH-FW 11/04/2010 12:53:21
Log type: Firewall service
Status: No connection could be made because the target machine actively refused it.
Rule: [System] Allow SMTP traffic to the local host for mail protection and filtering
Source: External (91.214.228.206:4045)
Destination: Local Host (192.168.200.1:25)
Protocol: SMTP
the rule, this is the email policy rules that i just created?
and i dont need to create a firewall policy rule anymore, just need the email policy rule?
Failed Connection Attempt CH-FW 11/04/2010 12:53:21
Log type: Firewall service
Status: No connection could be made because the target machine actively refused it.
Rule: [System] Allow SMTP traffic to the local host for mail protection and filtering
Source: External (91.214.228.206:4045)
Destination: Local Host (192.168.200.1:25)
Protocol: SMTP
the rule, this is the email policy rules that i just created?
and i dont need to create a firewall policy rule anymore, just need the email policy rule?
ASKER
for now then ive just changed the port to be forwarded straight to the exchange server bypassing the proxy and i can recieve emails now :)
will you eb able to help me out with the firewall tomorrow?
Thanks
will you eb able to help me out with the firewall tomorrow?
Thanks
ASKER
any update?
thanks
thanks
Sorry about that, completely lost track of where we were.
What stage are you at now?
What stage are you at now?
ASKER
same, i temporarily just forwarded port 25 straight to the exchange server so we had email, TMG has been left in the state as per the screenshots above
The only thing ive done is changed external emails to go to my isps smart host instead of using my DNS server
the firewall was still denying port 25 though
now i have the email policies do i have to create a firewall policy for them also?
Thanks
The only thing ive done is changed external emails to go to my isps smart host instead of using my DNS server
the firewall was still denying port 25 though
now i have the email policies do i have to create a firewall policy for them also?
Thanks
let me see if I can get access to one of my FTMG servers.
ASKER
any luck bud?
I am struggling to get access to one at the moment.
Hopefully later today :(
Hopefully later today :(
ASKER
any updates?
thanks
thanks
ASKER
i still havent manage to get it done, ive deleted and created the rules so many times and no ive done it right, you manged to get your hands on a tmg yet?
Thanks for your help
Thanks for your help
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Right click on the receive connector that starts with Default and select properties.
On the last tab check the "anonymous users" check box. This will allow you to receive emails.