Go Premium for a chance to win a PS4. Enter to Win


Sendmail in dmz to exchange inside

Posted on 2011-09-30
Medium Priority
Last Modified: 2013-03-08

I have a xampp server serving a website on my dmz interface of my cisco asa.
on the inside interface i have exchange running.
The sendmail has default configuration for now. I have statically mapped exchange on the DMZ and created all the proper access lists. In fact on the ubuntu server running the sendmail i can telnet test using the dmz ip address of exchange.

Basically this is for a webpage that sends emails, the emails are for users in my exchange server so i only need sendmail to deliver emails to my exchange.

What is needed to make sendmail send emails to my exchange ?

Question by:ifred
  • 7
  • 3
LVL 21

Accepted Solution

wyliecoyoteuk earned 1000 total points
ID: 36896014
You will need to enable the sendmail PC as a relay in exchange.
What version of Exchange are you running?

Author Comment

ID: 36902841
See ... when i check my mail.log on the machine i see it giving me a connection timeout to my mail.domain.com
I believe my issue is related to dns. Though i have never told sendmail to relay mail, it knows somehow that needs to send email to mail.mydomain.xxx (my exchage mx record). The problem might be happening because if it resolves the dns of the mail.mydomain.xxx it will resolve to an ip it will not have access to, as it is on the inside network and this box is on the dmz. For that purpose i created a static map of the exchange to the dmz and i added this ip on the hosts file.
Since the box is set to resolve first by hosts then by dns i thought it would use the ip on the hosts file. If it did though i would be connecting for sure as i have tested connecting to exchange via telnet from this box.
But unfort. it is not connecting and it makes me think it really does not care about my entry on hosts and is still using the dns entry.

Sooo .... how the heck to i make (at least) sendmail send email direct to the internet ???

Author Comment

ID: 36902847
And just to add, i had a similar box inside my network (same as exchange) and it was connecting and using exchange no problems without me adding anything to exchange.
Choose an Exciting Career in Cybersecurity

Help prevent cyber-threats and provide solutions to safeguard our global digital economy. Earn your MS in Cybersecurity. WGU’s MSCSIA degree program was designed in collaboration with national intelligence organizations and IT industry leaders.

LVL 21

Expert Comment

ID: 36905938
That is because Exchange 2003 by default allows relays from the local subnet.

Author Comment

ID: 36906319
Humn interesting. O Will try and let you know, thanks amigo!
LVL 21

Expert Comment

ID: 36909296
We tend to get this all the time when setting up MFDs to scan to email.
This might help


Author Comment

ID: 36913722
did not seem to help adding the ip of the sendmail box to the allowed list of smtp relay of exchange. Guess i should figure a way to have sendmail send emails directly to the internet instead of trying my domain, just not sure how as i see it probably getting the mx record from my dns.


Assisted Solution

ifred earned 0 total points
ID: 36913873
Finally i fixed it :D
I will explain my "String pulling" thoughts here if anybody has this problem.
Sendmail queries the dns the server has set for the mx record of the domain. In my case the mail server i will be using as a relay is behind my firewall sitting on the inside interface. Since i opted to have my server using my dns inside as it proved to be faster, it was also resolving the mx record of my domain to an ip my Linux server would not have access to, this ip being the ip of my exchange server. I have the exchage server ip mapped on the dmz for the purpose of this linux server accessing it for smtp connections but i was not able to figure out how to force sendmail to use it.
Attempts to have the ip hard-coded on the hosts file failed, as sendmail will always query the dns directly.
After a lot of trial i found i could solve the problems two ways:

1) I setup the first dns to be Google dns: Sure enough the box resolved my mx records on the internet and was able to deliver the message using those addresses. That is great but the dns resolution time on my box decreased significantly.

2) I found out that you can configure your sendmail.mc with: FEATURE(`nullclient', `[x.x.x.x]')dnl
As long as you put the brackets on the ip address, i will force sendmail not to do a mx lookup on the dns and instead blindly use the x.x.x.x email provided as the relay host.

After you chage the sendmail.mc file, do the m4 command to re-compile your sendmail.cf
m4 /etc/mail/sendmail.mc > /etc/sendmail.cf

No firewall changes, no funky setup.  opted for choice #2.
Since wylie had a valid point about the relay on exchange i will assign part of the points. Thanks amigo!

Author Closing Comment

ID: 36938215
I was able to through trial and error figure the solution.

Author Comment

ID: 36913887
As i said i was able to figure this myself but wylies comments helped on the relay part.

Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

One-stop solution for Exchange Administrators to address all MS Exchange Server issues, which is known by the name of Stellar Exchange Toolkit.
The core idea of this article is to make you acquainted with the best way in which you can export Exchange mailbox to PST format.
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Suggested Courses
Course of the Month8 days, 4 hours left to enroll

824 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question