Solved

Forefront TMG Outbound Email - Reverse DNS

Posted on 2010-11-30
4
1,267 Views
Last Modified: 2012-05-10
Hello Everyone,

I have an issue that I need some help with. I am installing a new Exchange 2010 CAS/MB/HUB server and using a TMG server as my Edge w/ Forefront Protection for Exchange.

I have two internal IP address set up on the external interface on the TMG which is on my DMZ (10.2.2.2 and 10.2.2.3). On my router the 10.2.2.2 NATs to a say an external address of 1.1.1.1 and the 10.2.2.3 address NATs to external 2.2.2.2.

I have setup my email to use the external address of 2.2.2.2 and my ISP has correctly changed the DNS record to mail.domain.com I have setup all published rules and I am able to receive mail with no problems. My issue comes into play when I send email. I am noticing that the messages are being sent out from the TMG server using the 1.1.1.1 address which is an incorrect reverse DNS for mail.domain.com

I have read that I need to create an ENAT rule on the TMG using basically this guide here:
http://blogs.technet.com/b/yuridiogenes/archive/2009/09/13/enhancing-nat-with-tmg.aspx

I have done that and I can get the outbound traffic of the Exchange server to NAT to the correct IP of 2.2.2.2 but when mail is sent to from the Exchange to the TMG and then TMG sends it out to whatever mail server the originating IP is 1.1.1.1

Anyone have any ideas to help me out?

Thanks,
-Mike
0
Comment
Question by:BAYCCS
  • 2
  • 2
4 Comments
 
LVL 8

Accepted Solution

by:
rr1968 earned 500 total points
ID: 34242240
On the Exchange server, did you try changing the network binding order? You should make 10.2.2.3 higher priority than  10.2.2.2.
This way all outgoing emails will have a stamp of 10.2.2.3 and will be properly NAT to 2.2.2.2
0
 
LVL 5

Author Comment

by:BAYCCS
ID: 34242349
I could do that but wouldn't that make 10.2.2.3 the default for all outbound traffic?
0
 
LVL 8

Expert Comment

by:rr1968
ID: 34242459
Yes. The Internet traffic and outbound SMTP traffic will use the top ip address in the Network binding order.
If you have configured the Receive connectors to use other ip address, then the received emails will have the other ip in the message header.
0
 
LVL 5

Author Comment

by:BAYCCS
ID: 34243048
I changed the binding order on the TMG server to the 10.2.2.3 and natted all outbound traffic to still use the 10.2.2.2. That seemed to have fixed my problem.
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now