sdmarek
asked on
SMTP from DMZ to Exchange server not working
I have a windows web server 2008 R2 Sp1 inside a DMZ that uses PHP to send emails to a windows server 2003 running MS Exchange 2003 and is on one of my internal networks. i have an ACL permitting port 25 (SMTP) traffic going from my web server to my exchange server. on the web server when i try and "telnet exchangerserver 25" i get some giberish: "220 ***************....." and am unable to create emails. When i move the web server out of the DMZ onto the local network i see the normal greating when i telnet to exchange: "220 mail.blah.company Microsoft ESMTP MAIL Service, Version: 6.0.3790.4675 read
y at Thu, 5 May 2011 15:25:02 -0500" and now (not in the DMZ) i can create emails viz command line and all the mail features on my web site are working.
I am not that great with exchange... at all; but this is what i have done so far: drilled down through the mail server->protocols->smtp to "Default SMTP Virtual Server", went to access, made sure the IP scope that my web server is in, is permitted on the "relay restrictions", also tried opening "relay restrictions" and giving full permissions to the user(computer) "WebServer$". My log in account that im telneting in with is a member of the administrator group on the web server, and it is a domain enterprise admin.
Went to the first routing group->connectors-> SMTP and made sure there is nothing blocking my DMZ IP scope or user account there.
again, i don’t know much about exchange so id appreciate detailed ideas on what to look at and troubleshoot.
thanks,
Steven
y at Thu, 5 May 2011 15:25:02 -0500" and now (not in the DMZ) i can create emails viz command line and all the mail features on my web site are working.
I am not that great with exchange... at all; but this is what i have done so far: drilled down through the mail server->protocols->smtp to "Default SMTP Virtual Server", went to access, made sure the IP scope that my web server is in, is permitted on the "relay restrictions", also tried opening "relay restrictions" and giving full permissions to the user(computer) "WebServer$". My log in account that im telneting in with is a member of the administrator group on the web server, and it is a domain enterprise admin.
Went to the first routing group->connectors-> SMTP and made sure there is nothing blocking my DMZ IP scope or user account there.
again, i don’t know much about exchange so id appreciate detailed ideas on what to look at and troubleshoot.
thanks,
Steven
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Sorry it took me so long to get back to this. The problem was with the ASA filterting traffic, and the "no inspect" fixed it.
thanks,
Steven
thanks,
Steven
ASKER
policy-map global_policy
class inspection_default
inspect dns maximum-length 512
inspect esmtp
...
I am about to do a presentation to the company right now, so i dont want to risk breaking anything. too allow work right now all i did was installed a second NIC (VM servesr so np there) and put that second NIC on the internal LAN with a persisted route on the server, this allows the demo site to be internet facing and still access emails. i know theres a securty hole there, so once i am avalible, i will look into resolving any issues with the cisco ASA.
i'll let you know how it goes in a day or two
thanks,
Steven