Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


Sendmail in dmz to exchange inside

Posted on 2011-09-30
Medium Priority
Last Modified: 2013-03-08

I have a xampp server serving a website on my dmz interface of my cisco asa.
on the inside interface i have exchange running.
The sendmail has default configuration for now. I have statically mapped exchange on the DMZ and created all the proper access lists. In fact on the ubuntu server running the sendmail i can telnet test using the dmz ip address of exchange.

Basically this is for a webpage that sends emails, the emails are for users in my exchange server so i only need sendmail to deliver emails to my exchange.

What is needed to make sendmail send emails to my exchange ?

Question by:ifred
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 3
LVL 21

Accepted Solution

wyliecoyoteuk earned 1000 total points
ID: 36896014
You will need to enable the sendmail PC as a relay in exchange.
What version of Exchange are you running?

Author Comment

ID: 36902841
See ... when i check my mail.log on the machine i see it giving me a connection timeout to my
I believe my issue is related to dns. Though i have never told sendmail to relay mail, it knows somehow that needs to send email to (my exchage mx record). The problem might be happening because if it resolves the dns of the it will resolve to an ip it will not have access to, as it is on the inside network and this box is on the dmz. For that purpose i created a static map of the exchange to the dmz and i added this ip on the hosts file.
Since the box is set to resolve first by hosts then by dns i thought it would use the ip on the hosts file. If it did though i would be connecting for sure as i have tested connecting to exchange via telnet from this box.
But unfort. it is not connecting and it makes me think it really does not care about my entry on hosts and is still using the dns entry.

Sooo .... how the heck to i make (at least) sendmail send email direct to the internet ???

Author Comment

ID: 36902847
And just to add, i had a similar box inside my network (same as exchange) and it was connecting and using exchange no problems without me adding anything to exchange.
Moving data to the cloud? Find out if you’re ready

Before moving to the cloud, it is important to carefully define your db needs, plan for the migration & understand prod. environment. This wp explains how to define what you need from a cloud provider, plan for the migration & what putting a cloud solution into practice entails.

LVL 21

Expert Comment

ID: 36905938
That is because Exchange 2003 by default allows relays from the local subnet.

Author Comment

ID: 36906319
Humn interesting. O Will try and let you know, thanks amigo!
LVL 21

Expert Comment

ID: 36909296
We tend to get this all the time when setting up MFDs to scan to email.
This might help

Author Comment

ID: 36913722
did not seem to help adding the ip of the sendmail box to the allowed list of smtp relay of exchange. Guess i should figure a way to have sendmail send emails directly to the internet instead of trying my domain, just not sure how as i see it probably getting the mx record from my dns.


Assisted Solution

ifred earned 0 total points
ID: 36913873
Finally i fixed it :D
I will explain my "String pulling" thoughts here if anybody has this problem.
Sendmail queries the dns the server has set for the mx record of the domain. In my case the mail server i will be using as a relay is behind my firewall sitting on the inside interface. Since i opted to have my server using my dns inside as it proved to be faster, it was also resolving the mx record of my domain to an ip my Linux server would not have access to, this ip being the ip of my exchange server. I have the exchage server ip mapped on the dmz for the purpose of this linux server accessing it for smtp connections but i was not able to figure out how to force sendmail to use it.
Attempts to have the ip hard-coded on the hosts file failed, as sendmail will always query the dns directly.
After a lot of trial i found i could solve the problems two ways:

1) I setup the first dns to be Google dns: Sure enough the box resolved my mx records on the internet and was able to deliver the message using those addresses. That is great but the dns resolution time on my box decreased significantly.

2) I found out that you can configure your with: FEATURE(`nullclient', `[x.x.x.x]')dnl
As long as you put the brackets on the ip address, i will force sendmail not to do a mx lookup on the dns and instead blindly use the x.x.x.x email provided as the relay host.

After you chage the file, do the m4 command to re-compile your
m4 /etc/mail/ > /etc/

No firewall changes, no funky setup.  opted for choice #2.
Since wylie had a valid point about the relay on exchange i will assign part of the points. Thanks amigo!

Author Closing Comment

ID: 36938215
I was able to through trial and error figure the solution.

Author Comment

ID: 36913887
As i said i was able to figure this myself but wylies comments helped on the relay part.

Featured Post

Veeam Task Manager for Hyper-V

Task Manager for Hyper-V provides critical information that allows you to monitor Hyper-V performance by displaying real-time views of CPU and memory at the individual VM-level, so you can quickly identify which VMs are using host resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There’s a movement in Information Technology (IT), and while it’s hard to define, it is gaining momentum. Some call it “stream-lined IT;” others call it “thin-model IT.”
We aren’t perfect, just like everyone else.  Check out the email errors our community caught and learn the top errors every email marketer should avoid.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Suggested Courses

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question