Solved

Forefront TMG Outbound Email - Reverse DNS

Posted on 2010-11-30
4
1,265 Views
Last Modified: 2012-05-10
Hello Everyone,

I have an issue that I need some help with. I am installing a new Exchange 2010 CAS/MB/HUB server and using a TMG server as my Edge w/ Forefront Protection for Exchange.

I have two internal IP address set up on the external interface on the TMG which is on my DMZ (10.2.2.2 and 10.2.2.3). On my router the 10.2.2.2 NATs to a say an external address of 1.1.1.1 and the 10.2.2.3 address NATs to external 2.2.2.2.

I have setup my email to use the external address of 2.2.2.2 and my ISP has correctly changed the DNS record to mail.domain.com I have setup all published rules and I am able to receive mail with no problems. My issue comes into play when I send email. I am noticing that the messages are being sent out from the TMG server using the 1.1.1.1 address which is an incorrect reverse DNS for mail.domain.com

I have read that I need to create an ENAT rule on the TMG using basically this guide here:
http://blogs.technet.com/b/yuridiogenes/archive/2009/09/13/enhancing-nat-with-tmg.aspx

I have done that and I can get the outbound traffic of the Exchange server to NAT to the correct IP of 2.2.2.2 but when mail is sent to from the Exchange to the TMG and then TMG sends it out to whatever mail server the originating IP is 1.1.1.1

Anyone have any ideas to help me out?

Thanks,
-Mike
0
Comment
Question by:BAYCCS
  • 2
  • 2
4 Comments
 
LVL 8

Accepted Solution

by:
rr1968 earned 500 total points
ID: 34242240
On the Exchange server, did you try changing the network binding order? You should make 10.2.2.3 higher priority than  10.2.2.2.
This way all outgoing emails will have a stamp of 10.2.2.3 and will be properly NAT to 2.2.2.2
0
 
LVL 5

Author Comment

by:BAYCCS
ID: 34242349
I could do that but wouldn't that make 10.2.2.3 the default for all outbound traffic?
0
 
LVL 8

Expert Comment

by:rr1968
ID: 34242459
Yes. The Internet traffic and outbound SMTP traffic will use the top ip address in the Network binding order.
If you have configured the Receive connectors to use other ip address, then the received emails will have the other ip in the message header.
0
 
LVL 5

Author Comment

by:BAYCCS
ID: 34243048
I changed the binding order on the TMG server to the 10.2.2.3 and natted all outbound traffic to still use the 10.2.2.2. That seemed to have fixed my problem.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Check out this infographic on what you need to make a good email signature that will work perfectly for your organization.
Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
This video discusses moving either the default database or any database to a new volume.

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now