Outbound e-mails rejected by ISP's smarthost

Gospodin Rasputin
Gospodin Rasputin used Ask the Experts™
on
My ISP has issued a public IP address to be used by my exchange server. However, when I send an external e-mail it bounces back as Undeliverable: The following organisation rejected your message:SMTP smarthost address.

I have spoken to them and they have said that the smarthost will only accept to relay if the e-mails appears to be coming from the public IP they issued me. My exchange sits behind and ISA 2006 server and I have specified the  Internal IP of the Exchange Server in the 'This rule applies to traffic From and in Traffic to I have set that to external. But when I send e-mails to external recipients, I get a"SmartHost #550 Relaying not permitted (3.7).

Where in ISA 2006 do I specify the public IP address as Natting for outbound traffic does not seem to be available on ISA.

Also, is there a way for me to find out what IP the smarthost is seeing my e-mail as coming from?

Thank you.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Distinguished Expert 2017

Commented:
Check with the ISP to see whether your server has to authenticate first.
if you have multiple connections from different ISPs the connection when this error occurs is originating from a different ISP than the one providing the smart host.

Http://whatismyip.com from the mailserver.
Gospodin RasputinIT  Manager

Author

Commented:
When I do whatismyIP, it returns the IP of our whole network rather than that issued specifically for the Exchange server. I think the error is due to how ISA is presenting the e-mil traffic from our exchange. The ISP beleives this traffic should be presented as coming from the Public IP 212.x.x.5, but it is presenting as as coming from 82.x.x.117.

The question is how and where on ISA to make the traffic appear as going out from the 212.x.x.5 public address (which is the public address specifically reserved for use with the Exchange Server.
Distinguished Expert 2017
Commented:
You need to configure Isa outgoing rule to map traffic from the exchange server to the specific public ip that matches the MX record.
I.e. mail.yourdomain.com is 212.x.x.5

But this is not an option
http://joshrobi.blogspot.com/2008/08/you-cant-specify-outbound-ip-address-in.html
http://forums.isaserver.org/m_260027000/mpage_1/key_/tm.htm#260027000
Most Valuable Expert 2011
Commented:
Where in ISA 2006 do I specify the public IP address as Natting for outbound traffic does not seem to be available on ISA.

You DON"T.

You make sure that the IP your mail is expected to come from is the Primary IP of the ISA's External Nic.  So these people either need to change the IP they expect you to come from,...or you need to change the Primary IP of the ISA's external Nic to be the one they expect.

What you really need to do is stop using a Smart Host,...there is just no point in paying someone to do something that you can do yourself for free.  Your Exchange is perfectly capable of delivering mail using DNS instead of relaying to a Smart Host.

The only time I would use a Smart Host is when it is a SPAM Filtering Serivce that I am "paying for",...and if I am "paying for it" then it is up to them to meet my needs,...not me meeting their needs.
Gospodin RasputinIT  Manager

Author

Commented:
I also found the following post useful http://www.experts-exchange.com/Microsoft/Windows_Security/Q_23891905.html  which agrees with what pwindell is syaing above.

But i was wondering, where you have multiple external NICs coming off the same ISA, would a product like IP binder be useful as you cannot have more than one Primary IP of the ISA's External Nic?

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial