Link to home
Start Free TrialLog in
Avatar of Yann Shukor
Yann ShukorFlag for France

asked on

Allow external clients SMTP access to exchange server

One of my clients has a Windows 2000 server sp4 running exchange 2003
no firewall, no antivirus
the exchange server is configured with an smtp virtual server, anonymous
access, but authenticated relaying (no ssl, no connectors)

a cisco 831 router sits between the LAN and the Internet

The client want's to access his emails from outside of his office

So I configured the nat and access-list correspondingly on the
Cisco router (see attached excerpt of the running config)
I personally added the FWOUT ip inspect rules, a couple of nat
inside static rules (143, 110), and the 102 set of inbound access-lists

I used both Thunderbird and an Iphone to test the access
From the very beginning IMAP was fully functional

the trouble has been with SMTP - the smtp server doesn't
respond and sent emails aren't handled

The iphone warned that the smtp server wasn't responding
yet apparently made repeated attempts to get through. The
amusing part is that after a considerable amount of time (> 1hr)
the email would eventually get delivered (very odd)

I configured an Outlook express (pop + smtp) on the server
itself to test local direct access and this works fine sending
and receiving - I therefore presume that the exchange server
isn't the problem

One weird thing is that when I telnet to port 25 (putty) while
at the server, all I get is a blank screen. I remain connected, but
nothing is displayed...even if I try to type something e.g. HELO

from outside, telneting to the server's FDDN or IP address ends
with connection refused error

So I assume that the cisco isn't playing well, or that my settings
aren't coherent

any ideas ?

thanks for reading
Avatar of Exchange_Geek
Flag of India image

Here is what I would check

From within your Exchange environment, if telnetting to SMTP works good. If not, there is no point working from outside.

Recycle SMTP Service once.

Run Exchange Best Practice Analyzer tool.

To get OL OR IPhone working from outside, you need to have them configured with RPC over HTTP and webmail to work NOT SMTP.

Run a test against Microsoft site for your RPC/HTTP links

Avatar of Yann Shukor


Cheers EG

Thanks for such a swift response

I ran the connectivity tests the last (smtp in/out) were the only successful ones

I also began running the best practices analyzers.
I'll have to study it in more detail to understand
how best to use it

more importantly I'll take a serious stab at configuring
RPC/HTTP access


Run the test again for RPC/HTTP access on the same site.

Run EXBPA for health check mode, it shouldn't take more than 2 minutes to complete.

By the way, this what I found out on EE :

You can't use RPC over HTTPS.

The requirements for RPC over HTTPS are very strict - Exchange 2003 MUST be installed on Windows 2003.

Can I suggest dropping the inspect and trying again briefly? I have seen a similar issue on the 837 and 85X series routers.
Avatar of Yann Shukor
Yann Shukor
Flag of France image

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
As an aside....   upgrading this Windows server to a supported software version should be strongly indicated;  Windows server 2000 and Exchange server 2003 are both products that are way past end of life.   That is, they  reached end of support by the vendor,  and even a  firewall device such as  a Cisco 8xx  is not able to negate or ameliorate certain major vulnerabilities that exist,  for an  internet connected server.

In addition, there is no 'safety net' option of utilizing vendor support for assistance to assist, should the server experience a severe software issue, making email unavailable.
my mistake