AOL reporting email from firewall IP rather than Email server IP

Posted on 2011-04-29
Last Modified: 2012-05-11
I can't send or receive email from/to AOL.  When I go on the AOL support site and run the IP test it responds with my firewall IP rather than the IP of the email server.  Obviously this is a config issue on my part but not really sure where to go to fix it.  Email to pretty much all other domains is working fine.  Any thoughts?
Question by:jb1023
    LVL 12

    Expert Comment

    You do have a public IP for your mail server, correct?
    Check NATting on your firewall for the public IP of you email.
    Are the MX records pointing to the public IPs of your mail server?

    if you send an email to say: gmail or some other web mail, do the headers show your firewall or email IP?

    Author Comment

    Thank you very much Wizard.  This might not be anything you can address but here is the latest.  I did need to change the NATing translated from original to Exchange.  Now when I send an email to a non AOL email it reports the correct IP but when I send an email to it still reports the firewall IP.  However, gotta love that word, I am now able to send email from/to my AOL account.  Is it possible that that AOL "service" just takes a bit to update?  I would think it would be instantaneous as I assume it is reading the header but I just don't know.

    Author Comment

    Disregard previous message, I read the header wrong.  It is still reporting the firewall IP so the change I made did not solve the issue.
    LVL 4

    Expert Comment

    It doesn't matter if it is AOL, Yahoo or whatever. Your public DNS servers are resposible for making sure the connect IP address is given to any/all mail servers.
    You also have to make sure you have the correct IP setup on your Exchange servers for Perimeter SMTP servers, these server IPs are not checked for SPF lookups, and it will do the SPF lookup for the server that handed the mail off to the the perimeter server.
    AOL also requires that all SMTP server IPs have valid PTR  records for the IP address the server connects out from.

    Author Comment

    I definitely have the DNS and ptr correct and the problem is definitely with the firewall.  I have another Exchange Server and firewall that are working great despite the fact that as far as I can tell the settings are the same.  Obviously I am missing something but thus far I can't find the discrepancy.  

    Here is a screen shot of the settings that I have tor the NAT.
     Firewall NAT Settings
    LVL 4

    Accepted Solution

    Oh, I see you are using a SonicWALL good choice. This appears to be your inbound NAT policy, you should also have an Outbound NAT policy, with  these settings.
    Original Source: Exchange Private
    Translated Source: Exchange Public
    Original Destination: Any
    Translated Destination: Original
    Original Service: Exchange
    Translated Service: Original
    Inbound Interface: Any
    Outbound Interface: WAN (Or WAN interface number usually X1)

    If yoiu have a locked your sonicwall down for Outbound connections.
    You also Need a Firewall Policy in LAN to WAN
    Source: Exchange Private
    Destination: Any
    Service: Exchange
    Action: Allow

    And a firewall policy in WAN to LAN
    Source: Any
    Destination: Exchange Public
    Service: Exchange
    Action: Allow

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Want to promote your upcoming event?

    Is your company attending an event or exhibiting at a trade show soon? Are you speaking at a conference? Spread the word by using a promotional banner in your email signature. This will ensure your organization’s most important contacts are in the know.

    Suggested Solutions

    Easy CSR creation in Exchange 2007,2010 and 2013
    Check out this infographic on what you need to make a good email signature that will work perfectly for your organization.
    To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
    The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now