Solved

Forefront TMG Outbound Email - Reverse DNS

Posted on 2010-11-30
4
1,271 Views
Last Modified: 2012-05-10
Hello Everyone,

I have an issue that I need some help with. I am installing a new Exchange 2010 CAS/MB/HUB server and using a TMG server as my Edge w/ Forefront Protection for Exchange.

I have two internal IP address set up on the external interface on the TMG which is on my DMZ (10.2.2.2 and 10.2.2.3). On my router the 10.2.2.2 NATs to a say an external address of 1.1.1.1 and the 10.2.2.3 address NATs to external 2.2.2.2.

I have setup my email to use the external address of 2.2.2.2 and my ISP has correctly changed the DNS record to mail.domain.com I have setup all published rules and I am able to receive mail with no problems. My issue comes into play when I send email. I am noticing that the messages are being sent out from the TMG server using the 1.1.1.1 address which is an incorrect reverse DNS for mail.domain.com

I have read that I need to create an ENAT rule on the TMG using basically this guide here:
http://blogs.technet.com/b/yuridiogenes/archive/2009/09/13/enhancing-nat-with-tmg.aspx

I have done that and I can get the outbound traffic of the Exchange server to NAT to the correct IP of 2.2.2.2 but when mail is sent to from the Exchange to the TMG and then TMG sends it out to whatever mail server the originating IP is 1.1.1.1

Anyone have any ideas to help me out?

Thanks,
-Mike
0
Comment
Question by:BAYCCS
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 8

Accepted Solution

by:
rr1968 earned 500 total points
ID: 34242240
On the Exchange server, did you try changing the network binding order? You should make 10.2.2.3 higher priority than  10.2.2.2.
This way all outgoing emails will have a stamp of 10.2.2.3 and will be properly NAT to 2.2.2.2
0
 
LVL 5

Author Comment

by:BAYCCS
ID: 34242349
I could do that but wouldn't that make 10.2.2.3 the default for all outbound traffic?
0
 
LVL 8

Expert Comment

by:rr1968
ID: 34242459
Yes. The Internet traffic and outbound SMTP traffic will use the top ip address in the Network binding order.
If you have configured the Receive connectors to use other ip address, then the received emails will have the other ip in the message header.
0
 
LVL 5

Author Comment

by:BAYCCS
ID: 34243048
I changed the binding order on the TMG server to the 10.2.2.3 and natted all outbound traffic to still use the 10.2.2.2. That seemed to have fixed my problem.
0

Featured Post

Salesforce Has Never Been Easier

Improve and reinforce salesforce training & adoption using WalkMe's digital adoption platform. Start saving on costly employee training by creating fast intuitive Walk-Thrus for Salesforce. Claim your Free Account Now

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Find out what you should include to make the best professional email signature for your organization.
A list of top three free exchange EDB viewers that helps the user to extract a mailbox from an unmounted .edb file and get a clear preview of all emails & other items with just a single click on mailboxes.
In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question