Link to home
Start Free TrialLog in
Avatar of awilderbeast
awilderbeastFlag for United Kingdom of Great Britain and Northern Ireland

asked on

getting external email to exchange 2010 via tmg 2010

Hi all, ive just installed an exchange server behind a tmg 2010 server

i have added the accepted domains to the exchange server and the * send connector
and i have all my users mailboxes

ive forward port 25 from my router the firewall, that correct or should forward it to the exchange server directly?

what is the next step to enable user sto receive their external emails

Thanks
Avatar of Glen Knight
Glen Knight
Flag of United Kingdom of Great Britain and Northern Ireland image

In the Exchange Management Console navigate to Server Configuration > Hib Transport.

Right click on the receive connector that starts with Default and select properties.

On the last tab check the "anonymous users" check box.  This will allow you to receive emails.
Avatar of awilderbeast

ASKER

and by forwarding port 25 to my firewall thats right?

will the firewall automaticlly pass on the emails?

thanks
No you will need to ensure that port 25 is being forwarded to your exchange server.

There is a wizard in FTMG to publish mail services
publish mail server wizard?

i just run that added smtp server to it and forwarded it to the exchanges ip address and added external and internal networks too it

i did a send and recieve on outlook and recieve failed with reported error 0x80190194
and on can youseeme.org i put in port 25 and connection times out it fails :S
i can see in the firewall logging that smtp is being denied

The send and receive on outlook has nothing to do with SMTP comming in to your exchange server.

What exactly have you done with FTMG?
only thing i have done is created the mail server publishing rule

to forward smtp to my exchanges ip address

when i go to loggin though i can see that smtp is being denied still
And you have enabled the rule and then applied it to FTMG?

Can you provides screencapture of the rules screen?
Can you post screenshot of the rule you have created please?
See above
No I mean the actual rule you have created.
The tabs.
sorry here they are

thanks
set1.PNG
set2.PNG
set3.PNG
set4.PNG
set5.PNG
On the networks tab can you check External and then apply the change.

What happens then?
no luck, smtp is still coming up as denied on logging

would i need to do anything to the exchange server?
No, there must be another rule blocking it.
What rule does it say it has been denied by?
Have you made the change on the receive connector like I mentioned previously?
yeah the recieve connector on the hub transport i clicked annoymous yes

its blocked by the default rule which is the last rule, so its ignoring the publish completely

ive delted the rules and am starting the publish mail server wizard again

access type > do i set it to client access or server to server communication?

thanks
ok..

under accepted authoratitve domains does this apply to internal names only?

or my external mx record mail.mydomain.com?

do i put my internal name space in ther domain.local?

thanks
ok ive created the policy now

below all screens that ive done

still getting smtp denied

but i did delte the publish smtp server rule from firewall policy, do i need to recreate that again
e1.PNG
e2.PNG
e3.PNG
e4.PNG
i1.PNG
i2.PNG
i3.PNG
heres what the logging is saying now

Log type: Firewall service
Status: No connection could be made because the target machine actively refused it.  
Rule: [System] Allow SMTP traffic to the local host for mail protection and filtering
Source: External (92.29.159.111:60236)
Destination: Local Host (192.168.200.1:25)
Can you telnet to the exchange server using port 25?

So type the following at a command prompt:

telnet server_ip 25

replace server_ip with the IP address.

What do you get?
i get

220 CH-EX.domain.local Microsoft ESMTP MAIL Service ready at Sun, 11 Apr 2010 13:
00:38 +0100
Was that from the server that has FTMG installed? If not can you please try it fromthat server.
yeah i did that from the TMG install telnet client and ran that on the TMG server
Can you do a full test as per: http://support.microsoft.com/kb/153119

useyour domain name on the ehlo command and valid internal email addresses
ok i did it all here

code below

did those screens i provided of the email policy look right?
220 CH-EX.works.local Microsoft ESMTP MAIL Service ready at Sun, 11 Apr 2010 13:
21:23 +0100
ehlo domain.local
250-CH-EX.domain.local Hello [192.168.101.10]
250-SIZE
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-STARTTLS
250-X-ANONYMOUSTLS
250-AUTH NTLM
250-X-EXPS GSSAPI NTLM
250-8BITMIME
250-BINARYMIME
250-CHUNKING
250-XEXCH50
250-XRDST
250 XSHADOW

MAIL FROM:alex@domain.lcoal
250 2.1.0 Sender OK

RCPT TO:alex@domain.local
250 2.1.5 Recipient OK
DATA
354 Start mail input; end with <CRLF>.<CRLF>
subject: test message

this is a test message.
.



250 2.6.0 <619e754d-7c7f-4d8a-903f-74186fda917f@CH-EX.domain.local> [InternalId=1
] Queued mail for delivery

Open in new window

They look OK but I don't have a FTMG server to compare it with until tomorrow.
the failed connection

Failed Connection Attempt CH-FW 11/04/2010 12:53:21
Log type: Firewall service
Status: No connection could be made because the target machine actively refused it.  
Rule: [System] Allow SMTP traffic to the local host for mail protection and filtering
Source: External (91.214.228.206:4045)
Destination: Local Host (192.168.200.1:25)
Protocol: SMTP


the rule, this is the email policy rules that i just created?

and i dont need to create a firewall policy rule anymore, just need the email policy rule?
for now then ive just changed the port to be forwarded straight to the exchange server bypassing the proxy and i can recieve emails now :)

will you eb able to help me out with the firewall tomorrow?

Thanks
any update?

thanks
Sorry about that, completely lost track of where we were.

What stage are you at now?
same, i temporarily just forwarded port 25 straight to the exchange server so we had email, TMG has been left in the state as per the screenshots above

The only thing ive done is changed external emails to go to my isps smart host instead of using my DNS server

the firewall was still denying port 25 though

now i have the email policies do i have to create a firewall policy for them also?

Thanks
let me see if I can get access to one of my FTMG servers.
any luck bud?

I am struggling to get access to one at the moment.
Hopefully later today :(
any updates?

thanks
i still havent manage to get it done, ive deleted and created the rules so many times and no ive done it right, you manged to get your hands on a tmg yet?

Thanks for your help
ASKER CERTIFIED SOLUTION
Avatar of awilderbeast
awilderbeast
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial