?
Solved

Forefront TMG Outbound Email - Reverse DNS

Posted on 2010-11-30
4
Medium Priority
?
1,273 Views
Last Modified: 2012-05-10
Hello Everyone,

I have an issue that I need some help with. I am installing a new Exchange 2010 CAS/MB/HUB server and using a TMG server as my Edge w/ Forefront Protection for Exchange.

I have two internal IP address set up on the external interface on the TMG which is on my DMZ (10.2.2.2 and 10.2.2.3). On my router the 10.2.2.2 NATs to a say an external address of 1.1.1.1 and the 10.2.2.3 address NATs to external 2.2.2.2.

I have setup my email to use the external address of 2.2.2.2 and my ISP has correctly changed the DNS record to mail.domain.com I have setup all published rules and I am able to receive mail with no problems. My issue comes into play when I send email. I am noticing that the messages are being sent out from the TMG server using the 1.1.1.1 address which is an incorrect reverse DNS for mail.domain.com

I have read that I need to create an ENAT rule on the TMG using basically this guide here:
http://blogs.technet.com/b/yuridiogenes/archive/2009/09/13/enhancing-nat-with-tmg.aspx

I have done that and I can get the outbound traffic of the Exchange server to NAT to the correct IP of 2.2.2.2 but when mail is sent to from the Exchange to the TMG and then TMG sends it out to whatever mail server the originating IP is 1.1.1.1

Anyone have any ideas to help me out?

Thanks,
-Mike
0
Comment
Question by:BAYCCS
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 8

Accepted Solution

by:
rr1968 earned 2000 total points
ID: 34242240
On the Exchange server, did you try changing the network binding order? You should make 10.2.2.3 higher priority than  10.2.2.2.
This way all outgoing emails will have a stamp of 10.2.2.3 and will be properly NAT to 2.2.2.2
0
 
LVL 5

Author Comment

by:BAYCCS
ID: 34242349
I could do that but wouldn't that make 10.2.2.3 the default for all outbound traffic?
0
 
LVL 8

Expert Comment

by:rr1968
ID: 34242459
Yes. The Internet traffic and outbound SMTP traffic will use the top ip address in the Network binding order.
If you have configured the Receive connectors to use other ip address, then the received emails will have the other ip in the message header.
0
 
LVL 5

Author Comment

by:BAYCCS
ID: 34243048
I changed the binding order on the TMG server to the 10.2.2.3 and natted all outbound traffic to still use the 10.2.2.2. That seemed to have fixed my problem.
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In-place Upgrading Dirsync to Azure AD Connect
A list of top three free exchange EDB viewers that helps the user to extract a mailbox from an unmounted .edb file and get a clear preview of all emails & other items with just a single click on mailboxes.
This video discusses moving either the default database or any database to a new volume.
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question