Solved

Outbound address for exchange using sonicwall tz210

Posted on 2011-09-27
11
670 Views
Last Modified: 2012-05-12
We just recently setup a new SBS 2008 server and exchange 2007. After some messing around it seemed like we had the email working and everything was fine. Today I have received a couple of NDR's that staff have received when trying to send to a domain. It is coming back saying they have rejected our message because #550 5.7.1 Client host rejected: cannot find your hostname, [1.1.1.58] ##

The 1.1.1.58 is the public IP address that I setup on the sonicwall and everyone in the office gets that IP address when they do lookup of the public ip (whatismyip.com). Our MX record points to 1.1.1.57. I have the rules setup in the sonicwall to allow SMTP traffic to flow from the 1.1.1.57 to the exchange server and everything looks good except for the NDR's.

Before this upgrade we had a Pix firewall and when doing an IP check on the old server you would get the IP address of the MX record. I want to try and eliminate these NDR issues so I am trying to figure out how I can get the 1.1.1.57 to show up on outbound messages so the hosts are able to find the correct MX record and process the email.
0
Comment
Question by:nirsait
  • 6
  • 2
  • 2
  • +1
11 Comments
 
LVL 10

Accepted Solution

by:
SuperTaco earned 500 total points
ID: 36713561
Are your NAT rules set up to nat 1.1.1.58 to you internal server?  You may need to adjust a public SPF Record.  Do you have any kind of SPAM filter deployed to send through?  (Postini MX logic?)
0
 

Author Comment

by:nirsait
ID: 36713580
The 1.1.1.58 address is assigned to the WAN port on the Sonicwall. The 1.1.1.57 does have a NAT rule that allows SMTP, HTTPS, IMAP, and POP3 through to the internal server. I have on my list to look into SPF records so maybe I just bunch these together and see if I can't get them both taken care of. What do I need to look at for creating a correct SPF record? There are no SPAM filters deployed besides Symantec Mail Security (which I will probably end up replacing with the built in Exchange spam filters).
0
 
LVL 3

Expert Comment

by:aucklandnz
ID: 36713600
did you configure your MX Record with reverse DNS lookup at your ISP end ?
0
 

Author Comment

by:nirsait
ID: 36713619
My understanding was that it was up prior to us changing servers but I suppose I should check with comcast and verify they have setup the reverse dns record, since it could have been the fact that the old server had the ip address of 1.1.1.57 so there were never any issues.
0
 

Author Comment

by:nirsait
ID: 36713647
I don't know if this provides any more information or not but when I run the outbound email test on testexchangeconnectivity.com the 1.1.1.58 record is coming back with the correct reverse dns the only error I get is the SPF record one. I can also run the test on 1.1.1.57 and I get the same results as the 1.1.1.58 test with the SPF record error.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 3

Expert Comment

by:aucklandnz
ID: 36713707
is only one domain rejecting your emails ?

Try adding SPF record
0
 
LVL 11

Expert Comment

by:madhatter5501
ID: 36713733
lookup with that ip at dnsgoodies


Server:       192.168.5.6
Address:      192.168.5.6#53

** server can't find 58.1.1.1.in-addr.arpa: NXDOMAIN


you do not have a ptr record setup, which most domains are requiring to accept mail, set that up and you should be good
0
 

Author Comment

by:nirsait
ID: 36717482
@madhatter5501 Those IP addresses aren't the actual IP's they are just for demo purposes.

I am going to look into adding an SPF record since most mail seems to be arriving without issue.

I am still concerned about how the outside world is seeing the 1.1.1.58 address when I want everything exchange related to appear from the 1.1.1.57 address since I think that would solve the issue since the A record points the mail.company.org address to the 1.1.1.57 like it should. Is there perhaps something I need to change on my exchange 2007 server or would it need to be addressed at the sonicwall end?
0
 
LVL 10

Expert Comment

by:SuperTaco
ID: 36717499
Shouldn't have to change anything on that end.  your nat rule works both ways so anything that the server is sending out gets translated to the 1.1.1.57
0
 

Author Comment

by:nirsait
ID: 36893728
Ok, after doing some more looking and SPF records not solving the issues I took a look at the headers from messages being sent and the messages are originating from the 1.1.1.58 address when they should be coming from the 1.1.1.57 address since all the MX and A records expect this 1.1.1.57 address. The headers are also reporting the exchange server name in the message. So I am seeing exchangeserver.company.org listed in the message headers. So how do I go about making sure that these sent messages don't have reference to the 1.1.1.58 address?
0
 

Author Closing Comment

by:nirsait
ID: 36906625
Took a look at the NAT policies and ended up deleting and recreating them. When I recreated it the appropriate reflexive policy was created for outbound messages. Thanks for the tip that got me looking in the right place.
0

Featured Post

How does your email signature look on mobiles?

Do your employees use mobile devices to reply to emails? With mobile becoming increasingly important to the business world, it is in your best interest to make sure that your email signature looks great across all types of devices.

Join & Write a Comment

Resolve Outlook connectivity issues after moving mailbox to new Exchange 2016 server
Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
how to add IIS SMTP to handle application/Scanner relays into office 365.

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now