• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 687
  • Last Modified:

Outbound address for exchange using sonicwall tz210

We just recently setup a new SBS 2008 server and exchange 2007. After some messing around it seemed like we had the email working and everything was fine. Today I have received a couple of NDR's that staff have received when trying to send to a domain. It is coming back saying they have rejected our message because #550 5.7.1 Client host rejected: cannot find your hostname, [1.1.1.58] ##

The 1.1.1.58 is the public IP address that I setup on the sonicwall and everyone in the office gets that IP address when they do lookup of the public ip (whatismyip.com). Our MX record points to 1.1.1.57. I have the rules setup in the sonicwall to allow SMTP traffic to flow from the 1.1.1.57 to the exchange server and everything looks good except for the NDR's.

Before this upgrade we had a Pix firewall and when doing an IP check on the old server you would get the IP address of the MX record. I want to try and eliminate these NDR issues so I am trying to figure out how I can get the 1.1.1.57 to show up on outbound messages so the hosts are able to find the correct MX record and process the email.
0
nirsait
Asked:
nirsait
  • 6
  • 2
  • 2
  • +1
1 Solution
 
SuperTacoCommented:
Are your NAT rules set up to nat 1.1.1.58 to you internal server?  You may need to adjust a public SPF Record.  Do you have any kind of SPAM filter deployed to send through?  (Postini MX logic?)
0
 
nirsaitAuthor Commented:
The 1.1.1.58 address is assigned to the WAN port on the Sonicwall. The 1.1.1.57 does have a NAT rule that allows SMTP, HTTPS, IMAP, and POP3 through to the internal server. I have on my list to look into SPF records so maybe I just bunch these together and see if I can't get them both taken care of. What do I need to look at for creating a correct SPF record? There are no SPAM filters deployed besides Symantec Mail Security (which I will probably end up replacing with the built in Exchange spam filters).
0
 
aucklandnzCommented:
did you configure your MX Record with reverse DNS lookup at your ISP end ?
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
nirsaitAuthor Commented:
My understanding was that it was up prior to us changing servers but I suppose I should check with comcast and verify they have setup the reverse dns record, since it could have been the fact that the old server had the ip address of 1.1.1.57 so there were never any issues.
0
 
nirsaitAuthor Commented:
I don't know if this provides any more information or not but when I run the outbound email test on testexchangeconnectivity.com the 1.1.1.58 record is coming back with the correct reverse dns the only error I get is the SPF record one. I can also run the test on 1.1.1.57 and I get the same results as the 1.1.1.58 test with the SPF record error.
0
 
aucklandnzCommented:
is only one domain rejecting your emails ?

Try adding SPF record
0
 
madhatter5501Commented:
lookup with that ip at dnsgoodies


Server:       192.168.5.6
Address:      192.168.5.6#53

** server can't find 58.1.1.1.in-addr.arpa: NXDOMAIN


you do not have a ptr record setup, which most domains are requiring to accept mail, set that up and you should be good
0
 
nirsaitAuthor Commented:
@madhatter5501 Those IP addresses aren't the actual IP's they are just for demo purposes.

I am going to look into adding an SPF record since most mail seems to be arriving without issue.

I am still concerned about how the outside world is seeing the 1.1.1.58 address when I want everything exchange related to appear from the 1.1.1.57 address since I think that would solve the issue since the A record points the mail.company.org address to the 1.1.1.57 like it should. Is there perhaps something I need to change on my exchange 2007 server or would it need to be addressed at the sonicwall end?
0
 
SuperTacoCommented:
Shouldn't have to change anything on that end.  your nat rule works both ways so anything that the server is sending out gets translated to the 1.1.1.57
0
 
nirsaitAuthor Commented:
Ok, after doing some more looking and SPF records not solving the issues I took a look at the headers from messages being sent and the messages are originating from the 1.1.1.58 address when they should be coming from the 1.1.1.57 address since all the MX and A records expect this 1.1.1.57 address. The headers are also reporting the exchange server name in the message. So I am seeing exchangeserver.company.org listed in the message headers. So how do I go about making sure that these sent messages don't have reference to the 1.1.1.58 address?
0
 
nirsaitAuthor Commented:
Took a look at the NAT policies and ended up deleting and recreating them. When I recreated it the appropriate reflexive policy was created for outbound messages. Thanks for the tip that got me looking in the right place.
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

  • 6
  • 2
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now