Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Outbound address for exchange using sonicwall tz210

Posted on 2011-09-27
11
Medium Priority
?
686 Views
Last Modified: 2012-05-12
We just recently setup a new SBS 2008 server and exchange 2007. After some messing around it seemed like we had the email working and everything was fine. Today I have received a couple of NDR's that staff have received when trying to send to a domain. It is coming back saying they have rejected our message because #550 5.7.1 Client host rejected: cannot find your hostname, [1.1.1.58] ##

The 1.1.1.58 is the public IP address that I setup on the sonicwall and everyone in the office gets that IP address when they do lookup of the public ip (whatismyip.com). Our MX record points to 1.1.1.57. I have the rules setup in the sonicwall to allow SMTP traffic to flow from the 1.1.1.57 to the exchange server and everything looks good except for the NDR's.

Before this upgrade we had a Pix firewall and when doing an IP check on the old server you would get the IP address of the MX record. I want to try and eliminate these NDR issues so I am trying to figure out how I can get the 1.1.1.57 to show up on outbound messages so the hosts are able to find the correct MX record and process the email.
0
Comment
Question by:nirsait
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 2
  • 2
  • +1
11 Comments
 
LVL 10

Accepted Solution

by:
SuperTaco earned 1500 total points
ID: 36713561
Are your NAT rules set up to nat 1.1.1.58 to you internal server?  You may need to adjust a public SPF Record.  Do you have any kind of SPAM filter deployed to send through?  (Postini MX logic?)
0
 

Author Comment

by:nirsait
ID: 36713580
The 1.1.1.58 address is assigned to the WAN port on the Sonicwall. The 1.1.1.57 does have a NAT rule that allows SMTP, HTTPS, IMAP, and POP3 through to the internal server. I have on my list to look into SPF records so maybe I just bunch these together and see if I can't get them both taken care of. What do I need to look at for creating a correct SPF record? There are no SPAM filters deployed besides Symantec Mail Security (which I will probably end up replacing with the built in Exchange spam filters).
0
 
LVL 3

Expert Comment

by:aucklandnz
ID: 36713600
did you configure your MX Record with reverse DNS lookup at your ISP end ?
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 

Author Comment

by:nirsait
ID: 36713619
My understanding was that it was up prior to us changing servers but I suppose I should check with comcast and verify they have setup the reverse dns record, since it could have been the fact that the old server had the ip address of 1.1.1.57 so there were never any issues.
0
 

Author Comment

by:nirsait
ID: 36713647
I don't know if this provides any more information or not but when I run the outbound email test on testexchangeconnectivity.com the 1.1.1.58 record is coming back with the correct reverse dns the only error I get is the SPF record one. I can also run the test on 1.1.1.57 and I get the same results as the 1.1.1.58 test with the SPF record error.
0
 
LVL 3

Expert Comment

by:aucklandnz
ID: 36713707
is only one domain rejecting your emails ?

Try adding SPF record
0
 
LVL 11

Expert Comment

by:madhatter5501
ID: 36713733
lookup with that ip at dnsgoodies


Server:       192.168.5.6
Address:      192.168.5.6#53

** server can't find 58.1.1.1.in-addr.arpa: NXDOMAIN


you do not have a ptr record setup, which most domains are requiring to accept mail, set that up and you should be good
0
 

Author Comment

by:nirsait
ID: 36717482
@madhatter5501 Those IP addresses aren't the actual IP's they are just for demo purposes.

I am going to look into adding an SPF record since most mail seems to be arriving without issue.

I am still concerned about how the outside world is seeing the 1.1.1.58 address when I want everything exchange related to appear from the 1.1.1.57 address since I think that would solve the issue since the A record points the mail.company.org address to the 1.1.1.57 like it should. Is there perhaps something I need to change on my exchange 2007 server or would it need to be addressed at the sonicwall end?
0
 
LVL 10

Expert Comment

by:SuperTaco
ID: 36717499
Shouldn't have to change anything on that end.  your nat rule works both ways so anything that the server is sending out gets translated to the 1.1.1.57
0
 

Author Comment

by:nirsait
ID: 36893728
Ok, after doing some more looking and SPF records not solving the issues I took a look at the headers from messages being sent and the messages are originating from the 1.1.1.58 address when they should be coming from the 1.1.1.57 address since all the MX and A records expect this 1.1.1.57 address. The headers are also reporting the exchange server name in the message. So I am seeing exchangeserver.company.org listed in the message headers. So how do I go about making sure that these sent messages don't have reference to the 1.1.1.58 address?
0
 

Author Closing Comment

by:nirsait
ID: 36906625
Took a look at the NAT policies and ended up deleting and recreating them. When I recreated it the appropriate reflexive policy was created for outbound messages. Thanks for the tip that got me looking in the right place.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Know the reasons and solutions to move/import EDB to New Exchange Server. Also, find out how to recover an Exchange .edb file and to restore the file back.
Here in this article, you will get a step by step guidance on how to restore an Exchange database to a recovery database. Get a brief on Recovery Database and how it can be used to restore Exchange database in this section!
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
Suggested Courses

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question