HELO Response Sending Wrong IP Address

For some reason when I send email, fresh install of Exchange Server 2007 on Virtual Win03, my HELO response is giving the address of my firewall's WAN port rather than the NAT assigned external IP of the email server.  I can't find the problem anywhere on the SonicWall 2040 firewall nor in the Exchange settings.  

There is another in progress thread that might help.  If any additional info is needed please let me know as I will provide whatever is needed to help resolve this issue.
Who is Participating?
B HConnect With a Mentor Commented:
oh look, it's right here already:

ctsy of dpk_wal:
Just to verify if you have entered all the setting correctly:
1. In Network > One-to-One NAT page.
2. Select the Enable One-to-One NAT check box.
3. Click Add. Entered IP address [private address of server].
4. Entered IP address [public address of server].
5. Entered 3.
6. Clicked OK; clicked Apply.

For access rule:
Click Firewall, then Access Rules.
Click Add.
Configure the following settings:
" Allow
" Service - HTTP
" Source - WAN
" Destination - LAN

Please note indicating WAN/LAN is important.

Please check and update.
B HCommented:
this isn't an exchange setting, it's purely in the sonicwall.  you need to set up the back half of the one-to-one nat entry, i'll find some steps, one min
B HCommented:
you already have rules that say, "when traffic comes in looking for exchange, send em inward to this inside address"

what you're missing is, "when the internal address of the exchange server leaves me, make it look like it's this other wan ip address"
We Need Your Input!

WatchGuard is currently running a beta program for our new macOS Host Sensor for our Threat Detection and Response service. We're looking for more macOS users to help provide insight and feedback to help us make the product even better. Please sign up for our beta program today!

B HCommented:
obviously, make sure you're dealing with the correct outside ip address when adding the info above...

find out for SURE what your mx record points to (the external ip of your mail server).  

that ip will need to have the exchange service ports that you use, forwarded to it... and the router will want to spoof that internal ip address to the correct outside ip address.
digitapConnect With a Mentor Commented:
If you are running the 2040, then you're probably running the enhanced os.  if so, you won't find the one-to-one nat under network.  what i'd recommend is to delete the current firewall access rules and nat policies.  even delete the address objects.  create an service group under Firewall > Services and assign all the service ojects required for your email server.  then, run the public server wizard selecting the service group you created.  the wizard will create all the address objects, firewall rules and nat policies.  this will complete the nat rules bryon spoke of.
Thanks for the points and glad we could help.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.