Solved

Sendmail in dmz to exchange inside

Posted on 2011-09-30
10
664 Views
Last Modified: 2013-03-08
Gents,

I have a xampp server serving a website on my dmz interface of my cisco asa.
on the inside interface i have exchange running.
The sendmail has default configuration for now. I have statically mapped exchange on the DMZ and created all the proper access lists. In fact on the ubuntu server running the sendmail i can telnet test using the dmz ip address of exchange.

Basically this is for a webpage that sends emails, the emails are for users in my exchange server so i only need sendmail to deliver emails to my exchange.

What is needed to make sendmail send emails to my exchange ?



0
Comment
Question by:ifred
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 3
10 Comments
 
LVL 21

Accepted Solution

by:
wyliecoyoteuk earned 250 total points
ID: 36896014
You will need to enable the sendmail PC as a relay in exchange.
What version of Exchange are you running?
0
 

Author Comment

by:ifred
ID: 36902841
See ... when i check my mail.log on the machine i see it giving me a connection timeout to my mail.domain.com
I believe my issue is related to dns. Though i have never told sendmail to relay mail, it knows somehow that needs to send email to mail.mydomain.xxx (my exchage mx record). The problem might be happening because if it resolves the dns of the mail.mydomain.xxx it will resolve to an ip it will not have access to, as it is on the inside network and this box is on the dmz. For that purpose i created a static map of the exchange to the dmz and i added this ip on the hosts file.
Since the box is set to resolve first by hosts then by dns i thought it would use the ip on the hosts file. If it did though i would be connecting for sure as i have tested connecting to exchange via telnet from this box.
But unfort. it is not connecting and it makes me think it really does not care about my entry on hosts and is still using the dns entry.

Sooo .... how the heck to i make (at least) sendmail send email direct to the internet ???
0
 

Author Comment

by:ifred
ID: 36902847
And just to add, i had a similar box inside my network (same as exchange) and it was connecting and using exchange no problems without me adding anything to exchange.
0
PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

 
LVL 21

Expert Comment

by:wyliecoyoteuk
ID: 36905938
That is because Exchange 2003 by default allows relays from the local subnet.
0
 

Author Comment

by:ifred
ID: 36906319
Humn interesting. O Will try and let you know, thanks amigo!
0
 
LVL 21

Expert Comment

by:wyliecoyoteuk
ID: 36909296
We tend to get this all the time when setting up MFDs to scan to email.
This might help

http://www.petri.co.il/preventing_exchange_2000_2003_from_relaying.htm
0
 

Author Comment

by:ifred
ID: 36913722
did not seem to help adding the ip of the sendmail box to the allowed list of smtp relay of exchange. Guess i should figure a way to have sendmail send emails directly to the internet instead of trying my domain, just not sure how as i see it probably getting the mx record from my dns.

:(
0
 

Assisted Solution

by:ifred
ifred earned 0 total points
ID: 36913873
Finally i fixed it :D
I will explain my "String pulling" thoughts here if anybody has this problem.
Sendmail queries the dns the server has set for the mx record of the domain. In my case the mail server i will be using as a relay is behind my firewall sitting on the inside interface. Since i opted to have my server using my dns inside as it proved to be faster, it was also resolving the mx record of my domain to an ip my Linux server would not have access to, this ip being the ip of my exchange server. I have the exchage server ip mapped on the dmz for the purpose of this linux server accessing it for smtp connections but i was not able to figure out how to force sendmail to use it.
Attempts to have the ip hard-coded on the hosts file failed, as sendmail will always query the dns directly.
After a lot of trial i found i could solve the problems two ways:

1) I setup the first dns to be Google dns: Sure enough the box resolved my mx records on the internet and was able to deliver the message using those addresses. That is great but the dns resolution time on my box decreased significantly.

2) I found out that you can configure your sendmail.mc with: FEATURE(`nullclient', `[x.x.x.x]')dnl
As long as you put the brackets on the ip address, i will force sendmail not to do a mx lookup on the dns and instead blindly use the x.x.x.x email provided as the relay host.

After you chage the sendmail.mc file, do the m4 command to re-compile your sendmail.cf
m4 /etc/mail/sendmail.mc > /etc/sendmail.cf
Voila!

Bingo.
No firewall changes, no funky setup.  opted for choice #2.
Since wylie had a valid point about the relay on exchange i will assign part of the points. Thanks amigo!
0
 

Author Closing Comment

by:ifred
ID: 36938215
I was able to through trial and error figure the solution.
0
 

Author Comment

by:ifred
ID: 36913887
As i said i was able to figure this myself but wylies comments helped on the relay part.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Outlook & Word 2016 - Emoji in AutoCorrect screwed up 31 319
Cisco Anyconnect on MS Surface 12 49
VPN - Site to Site  not decapsulating (ASA-Sophos XG85) 1 32
Earthlink.net 6 52
Concerto Cloud Services, a provider of fully managed private, public and hybrid cloud solutions, announced today it was named to the 20 Coolest Cloud Infrastructure Vendors Of The 2017 Cloud  (http://www.concertocloud.com/about/in-the-news/2017/02/0…
Many of the companies I’ve worked with have embraced cloud solutions due to their desire to “get out of the datacenter business.” The ability to achieve better security and availability, and the speed with which they are able to deploy, is far grea…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question