[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 299
  • Last Modified:

Exchange 2003 - No SMTP from outside

I've got an exchange 2003 server running on Windows Server 2003 Standard, and I'm unable to connect to the server via SMTP from the outside. Internally, users are able to email back and forth.

I checked the settings in sonicwall, and disabled all security services in case something was blocking connectivity. Also, I'm sure the policy forwarding ports to the mailserver is running, as this one rule forwards http, https, pop, smtp to the mail server, and I'm able to access outlook web access just fine.

Any troubleshooting steps to help with?
0
amshaffer
Asked:
amshaffer
  • 8
  • 7
1 Solution
 
digitapCommented:
What is the model of sonicwall you are using? Is it enhanced or standard OS? Did you run the Public Server Wizard to open the SMTP ports on the Sonicwall to your internal Exchange server?
0
 
amshafferAuthor Commented:
Sonicwall Model: TZ210
OS: SonicOS Enhanced 5.6.0.10-52o

I didn't originally set up the sonicwall, so I can't say if the wizard was run. However, I have gone into address objects...etc and verified that port 25 is properly forwarded.
0
 
digitapCommented:
also make sure the proper firewall rules were created wan to lan allowing port 25 in to the exch server.
0
Transaction-level recovery for Oracle database

Veeam Explore for Oracle delivers low RTOs and RPOs with agentless transaction log backup and transaction-level recovery of Oracle databases. You can restore the database to a precise point in time, even to a specific transaction.

 
amshafferAuthor Commented:
As noted in the original question and in my first comment, I've checked to ensure that port 25 is forwarded properly. I'm not sure of any other way to check this in the sonicwall aside from reading over the firewall rules and related address objects.

If there's some sort of log for "forwarded ports" or to see cases of a blocked port, I'm unaware of how to find this.
0
 
digitapCommented:
When I read "forwarded", I think NAT was setup properly, but there are two parts to allowing traffic in WAN > LAN. NAT's the first and, as you said, you've got that configured properly. However, you also need to configure the firewall access rule to allow traffic on port 25 in.

Go to your sonicwall, then firewall > Access Rules. Click the Matrix intersect for WAN > LAN. If you haven't opened many ports, then you won't see many rules. If you do, click the Custom radio button to only show rules that have been created manually. This will narrow it down. Since you know the address objects in question, it should be easy to see if your rule is in there.

If you don't want to look for the rule, then go to the Log. Try to telnet in to your Exchange server on port 25. When you do and if you don't have the access rule created, then you'll see that connection dropped.
0
 
amshafferAuthor Commented:
I verified that all the access rules are properly set up for port 25 on the sonicwall. This includes NAT...etc. Looking through the packet capture, the connection is being properly forwarded.
0
 
digitapCommented:
Cool. Sorry for the confusion and thanks for clarifying. Does your Exchange server have the Sonicwall as it's gateway?
0
 
amshafferAuthor Commented:
Yes it does.
0
 
digitapCommented:
Sounds like your sonicwall is configured properly then. Seems your Exchange server isn't answering properly. From an internal host, if you telnet to the private IP of the Exchange server via port 25, what response do you get?
0
 
amshafferAuthor Commented:
I'm able to access the exchange server via telnet from any host inside the LAN.
0
 
digitapCommented:
WOW! That sure seems to implicate the sonicwall. When viewing the NAT rules, you should be able to mouse over the address objects to reveal the IP addresses they represent. Have you confirmed the address objects are pointing to the correct IP address? Also, have you confirmed the address objects are pointing to the proper zone? Public should the WAN zone and Private should be LAN.
0
 
amshafferAuthor Commented:
I changed the port on the server to 587, and set up the appropriate forwarding...etc to pass the port through, and now I'm able to access the server via SMTP in telnet.

However, the users are still unable to receive mail from external domains. I checked the exchange logs and there's still nothing coming in, no NDRs...etc. Restarting all related exchange services yield the same results.
0
 
amshafferAuthor Commented:
Finally got this issue resolved. Performed packet captures on the sonicwall and found out that the traffic was being forwarded to the exchange server, received by exchange and sent out to the gateway, and then sent back from the sonicwall gateway. However, it wasn't going back to any WAN clients - looked like it was being dropped by the ISP.

Got on with the ISP and escalated to a level 2 tech with comcast. They found out they had screwed up with the provisioning of our account. They worked their magic, and now everything is working fine.
0
 
digitapCommented:
sweet! great job! glad you got it figured out.
0
 
amshafferAuthor Commented:
None of the other troubleshooting issues aided in problem resolution.
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

  • 8
  • 7
Tackle projects and never again get stuck behind a technical roadblock.
Join Now