Solved

Outbound address for exchange using sonicwall tz210

Posted on 2011-09-27
11
676 Views
Last Modified: 2012-05-12
We just recently setup a new SBS 2008 server and exchange 2007. After some messing around it seemed like we had the email working and everything was fine. Today I have received a couple of NDR's that staff have received when trying to send to a domain. It is coming back saying they have rejected our message because #550 5.7.1 Client host rejected: cannot find your hostname, [1.1.1.58] ##

The 1.1.1.58 is the public IP address that I setup on the sonicwall and everyone in the office gets that IP address when they do lookup of the public ip (whatismyip.com). Our MX record points to 1.1.1.57. I have the rules setup in the sonicwall to allow SMTP traffic to flow from the 1.1.1.57 to the exchange server and everything looks good except for the NDR's.

Before this upgrade we had a Pix firewall and when doing an IP check on the old server you would get the IP address of the MX record. I want to try and eliminate these NDR issues so I am trying to figure out how I can get the 1.1.1.57 to show up on outbound messages so the hosts are able to find the correct MX record and process the email.
0
Comment
Question by:nirsait
  • 6
  • 2
  • 2
  • +1
11 Comments
 
LVL 10

Accepted Solution

by:
SuperTaco earned 500 total points
ID: 36713561
Are your NAT rules set up to nat 1.1.1.58 to you internal server?  You may need to adjust a public SPF Record.  Do you have any kind of SPAM filter deployed to send through?  (Postini MX logic?)
0
 

Author Comment

by:nirsait
ID: 36713580
The 1.1.1.58 address is assigned to the WAN port on the Sonicwall. The 1.1.1.57 does have a NAT rule that allows SMTP, HTTPS, IMAP, and POP3 through to the internal server. I have on my list to look into SPF records so maybe I just bunch these together and see if I can't get them both taken care of. What do I need to look at for creating a correct SPF record? There are no SPAM filters deployed besides Symantec Mail Security (which I will probably end up replacing with the built in Exchange spam filters).
0
 
LVL 3

Expert Comment

by:aucklandnz
ID: 36713600
did you configure your MX Record with reverse DNS lookup at your ISP end ?
0
NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

 

Author Comment

by:nirsait
ID: 36713619
My understanding was that it was up prior to us changing servers but I suppose I should check with comcast and verify they have setup the reverse dns record, since it could have been the fact that the old server had the ip address of 1.1.1.57 so there were never any issues.
0
 

Author Comment

by:nirsait
ID: 36713647
I don't know if this provides any more information or not but when I run the outbound email test on testexchangeconnectivity.com the 1.1.1.58 record is coming back with the correct reverse dns the only error I get is the SPF record one. I can also run the test on 1.1.1.57 and I get the same results as the 1.1.1.58 test with the SPF record error.
0
 
LVL 3

Expert Comment

by:aucklandnz
ID: 36713707
is only one domain rejecting your emails ?

Try adding SPF record
0
 
LVL 11

Expert Comment

by:madhatter5501
ID: 36713733
lookup with that ip at dnsgoodies


Server:       192.168.5.6
Address:      192.168.5.6#53

** server can't find 58.1.1.1.in-addr.arpa: NXDOMAIN


you do not have a ptr record setup, which most domains are requiring to accept mail, set that up and you should be good
0
 

Author Comment

by:nirsait
ID: 36717482
@madhatter5501 Those IP addresses aren't the actual IP's they are just for demo purposes.

I am going to look into adding an SPF record since most mail seems to be arriving without issue.

I am still concerned about how the outside world is seeing the 1.1.1.58 address when I want everything exchange related to appear from the 1.1.1.57 address since I think that would solve the issue since the A record points the mail.company.org address to the 1.1.1.57 like it should. Is there perhaps something I need to change on my exchange 2007 server or would it need to be addressed at the sonicwall end?
0
 
LVL 10

Expert Comment

by:SuperTaco
ID: 36717499
Shouldn't have to change anything on that end.  your nat rule works both ways so anything that the server is sending out gets translated to the 1.1.1.57
0
 

Author Comment

by:nirsait
ID: 36893728
Ok, after doing some more looking and SPF records not solving the issues I took a look at the headers from messages being sent and the messages are originating from the 1.1.1.58 address when they should be coming from the 1.1.1.57 address since all the MX and A records expect this 1.1.1.57 address. The headers are also reporting the exchange server name in the message. So I am seeing exchangeserver.company.org listed in the message headers. So how do I go about making sure that these sent messages don't have reference to the 1.1.1.58 address?
0
 

Author Closing Comment

by:nirsait
ID: 36906625
Took a look at the NAT policies and ended up deleting and recreating them. When I recreated it the appropriate reflexive policy was created for outbound messages. Thanks for the tip that got me looking in the right place.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
how to add IIS SMTP to handle application/Scanner relays into office 365.

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question