?
Solved

Forefront TMG Outbound Email - Reverse DNS

Posted on 2010-11-30
4
Medium Priority
?
1,278 Views
Last Modified: 2012-05-10
Hello Everyone,

I have an issue that I need some help with. I am installing a new Exchange 2010 CAS/MB/HUB server and using a TMG server as my Edge w/ Forefront Protection for Exchange.

I have two internal IP address set up on the external interface on the TMG which is on my DMZ (10.2.2.2 and 10.2.2.3). On my router the 10.2.2.2 NATs to a say an external address of 1.1.1.1 and the 10.2.2.3 address NATs to external 2.2.2.2.

I have setup my email to use the external address of 2.2.2.2 and my ISP has correctly changed the DNS record to mail.domain.com I have setup all published rules and I am able to receive mail with no problems. My issue comes into play when I send email. I am noticing that the messages are being sent out from the TMG server using the 1.1.1.1 address which is an incorrect reverse DNS for mail.domain.com

I have read that I need to create an ENAT rule on the TMG using basically this guide here:
http://blogs.technet.com/b/yuridiogenes/archive/2009/09/13/enhancing-nat-with-tmg.aspx

I have done that and I can get the outbound traffic of the Exchange server to NAT to the correct IP of 2.2.2.2 but when mail is sent to from the Exchange to the TMG and then TMG sends it out to whatever mail server the originating IP is 1.1.1.1

Anyone have any ideas to help me out?

Thanks,
-Mike
0
Comment
Question by:BAYCCS
  • 2
  • 2
4 Comments
 
LVL 8

Accepted Solution

by:
rr1968 earned 2000 total points
ID: 34242240
On the Exchange server, did you try changing the network binding order? You should make 10.2.2.3 higher priority than  10.2.2.2.
This way all outgoing emails will have a stamp of 10.2.2.3 and will be properly NAT to 2.2.2.2
0
 
LVL 5

Author Comment

by:BAYCCS
ID: 34242349
I could do that but wouldn't that make 10.2.2.3 the default for all outbound traffic?
0
 
LVL 8

Expert Comment

by:rr1968
ID: 34242459
Yes. The Internet traffic and outbound SMTP traffic will use the top ip address in the Network binding order.
If you have configured the Receive connectors to use other ip address, then the received emails will have the other ip in the message header.
0
 
LVL 5

Author Comment

by:BAYCCS
ID: 34243048
I changed the binding order on the TMG server to the 10.2.2.3 and natted all outbound traffic to still use the 10.2.2.2. That seemed to have fixed my problem.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to effectively resolve the number one email related issue received by helpdesks.
Microsoft Jet database engine errors can crop up out of nowhere to disrupt the working of the Exchange server. Decoding why a particular error occurs goes a long way in determining the right solution for it.
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Planning to migrate your EDB file(s) to a new or an existing Outlook PST file? This video will guide you how to convert EDB file(s) to PST. Besides this, it also describes, how one can easily search any item(s) from multiple folders or mailboxes…
Suggested Courses

615 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question