Solved

Sonic Wall to Barracuda

Posted on 2013-01-16
7
422 Views
Last Modified: 2015-05-22
I have just stepped into a networking job that has a sonic wall gateway that I am no familiar with. It is a model: TZ 100 running firmware SonicOS Enhanced 5.8.1.5-46o. It has a public static IP address and a DNS A record is pointed at that IP, the domain's mx record is pointed at the A record which should land at the doorstep of my sonic wall. I have an Exchange server 2003 in my LAN and a Barracuda Spam Filter in my LAN.
I would like to forward mail traffic both in and out through the sonicwall to the Barracuda and from the exchange server to the web.

When sending mail from my gmail account (Outside In) it bounces immediately with this message:
Technical details of permanent failure:
Google tried to deliver your message, but it was rejected by the recipient domain. We recommend contacting the other email provider for further information about the cause of this error. The error that the other server returned was: 550 550 5.7.1 Unable to relay (state 13).

When sending mail from exchange account (Inside out) I get this after the timeout,
Your message did not reach some or all of the intended recipients.

      Subject:      test
      Sent:      1/14/2013 11:06 AM

The following recipient(s) cannot be reached:

      user@email.com on 1/16/2013 11:21 AM
            Could not deliver the message in the time limit specified.  Please retry or contact your administrator.
            <wactwfs02.warecpa.com #4.4.7>


Any assistance will be appreciated.
0
Comment
Question by:PaulBurton83709
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
7 Comments
 
LVL 16

Expert Comment

by:Syed_M_Usman
ID: 38786136
Dear,

Just to let very simple, do followings (take your SNA backup and reset you firewall to default or make sure you undo all changes realted to exchange)

1) Make sure you have Public ip on your SNA WAN
2) please be sure mail.yourdoamin is a associated with your SNA Public IP

to drill down the issue please leave spam filtering aside,,, simply logon to SNA and on the top right side use Wizard to configure your exchange.

Exchange Wizard-01Exchange Wizard-02Exchange Wizard-03Exchange Wizard-04
once above complated you will be able to send and receive emails... if yes we go to next step if no we will troubleshoot exchange.

please also test sending email from internal user to another internal user.
0
 
LVL 14

Expert Comment

by:Kaffiend
ID: 38786182
Let's take a step back here.

While the solution above may help you get a little further along, it does not take the Barracuda into account.

What you should be doing (if you want to use the Barracuda box for spam filtering) is to have the Sonicwall send incoming port 25 traffic to the Barracuda.  Then have the Barracuda send sanitized email traffic to your Exchange box.  If you go this route, you need to make sure your Exchange server accepts port 25 traffic only from the Barracuda box.

As for sending email, you can either send directly from Exchange, or use the Barracuda as a "Smart Host".  No matter which way you wish to send out, you need to have a Pointer (aka Reverse DNS) record.  I cannot say for certain, but it might be that if you don't have a Pointer record created, that your outgoing emails are being rejected.

If you suspect the Sonicwall is the cause of your problems, look at the firewall > access rules and look for anything that has to do with port 25.  (See what the Sonicwall does with port 25 traffic coming in - does it go to the Barracuda box, or to Exchange, or is it not set up at all?  Also, for outgoing port 25 is there any kind of rule, or NAT policies?

Hint: when looking at the Sonicwall's firewall rules, look for WAN - LAN to troubleshoot incoming mail flow, and look at LAN - WAN to troubleshoot outgoing mail flow.  Also, hovering the mouse over certain fields will show more information
0
 

Author Comment

by:PaulBurton83709
ID: 38789463
The bulk of the problem was Century Link blocking port 25. After I discovered that there was no traffic on port 25 making it to our Sonic Wall I called Century Link and they removed the block.
Now I can send email, but I am not receiving and mail.

...any thoughts?
0
 
LVL 14

Expert Comment

by:Kaffiend
ID: 38790235
Look at the Sonicwall and see what it is set up to do with incoming smtp traffic - if it goes to the Barracuda box, then troubleshoot that, if it goes directly to Exchange, look at that.

Sorry, but without actually being there, a lot of the "work" is up to you.  If you provide more detailed information on what you have observed, we can provide more specific advice/suggestions.  The problem (of not being able to receive email) could be any one, or a combination of, 3 things: Sonicwall, Barracuda, Exchange.  

I suggest you unplug the Barracuda box, and use Gmail to send another test message.  If you see the same error message that you saw earlier, then it will indicate that either the Barracuda is not the problem, or that port 25 traffic is not even making it to the Barracuda box.  If the error message is different, please report back.  (Well, please report back no matter what  :-)  )
0
 

Accepted Solution

by:
PaulBurton83709 earned 0 total points
ID: 38895915
This install was using a Century Link DSL with statics. I had the DSL modem configured with the Gateway address of our static block and all firewall features disabled. The Sonic Wall had one of our usable IP's assigned.
It turns out that despite configuring the modem with a static IP, the firmware for the modem was still employing the NAT rules and blocking all the ports that it would have if I were using the modem in Gateway mode.
Weak Century Link... Weak!

Thanks for all your help.
0

Featured Post

Surfing Is Meant To Be Done Outdoors

Featuring its rugged IP67 compliant exterior and delivering broad, fast, and reliable Wi-Fi coverage, the AP322 is the ideal solution for the outdoors. Manage this AP with either a Firebox as a gateway controller, or with the Wi-Fi Cloud for an expanded set of management features

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Phishing attempts can come in all forms, shapes and sizes. No matter how familiar you think you are with them, always remember to take extra precaution when opening an email with attachments or links.
As cyber crime continues to grow in both numbers and sophistication, a troubling trend of optimization has emerged over the last year.
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question