Solved

Sonic Wall to Barracuda

Posted on 2013-01-16
7
448 Views
Last Modified: 2015-05-22
I have just stepped into a networking job that has a sonic wall gateway that I am no familiar with. It is a model: TZ 100 running firmware SonicOS Enhanced 5.8.1.5-46o. It has a public static IP address and a DNS A record is pointed at that IP, the domain's mx record is pointed at the A record which should land at the doorstep of my sonic wall. I have an Exchange server 2003 in my LAN and a Barracuda Spam Filter in my LAN.
I would like to forward mail traffic both in and out through the sonicwall to the Barracuda and from the exchange server to the web.

When sending mail from my gmail account (Outside In) it bounces immediately with this message:
Technical details of permanent failure:
Google tried to deliver your message, but it was rejected by the recipient domain. We recommend contacting the other email provider for further information about the cause of this error. The error that the other server returned was: 550 550 5.7.1 Unable to relay (state 13).

When sending mail from exchange account (Inside out) I get this after the timeout,
Your message did not reach some or all of the intended recipients.

      Subject:      test
      Sent:      1/14/2013 11:06 AM

The following recipient(s) cannot be reached:

      user@email.com on 1/16/2013 11:21 AM
            Could not deliver the message in the time limit specified.  Please retry or contact your administrator.
            <wactwfs02.warecpa.com #4.4.7>


Any assistance will be appreciated.
0
Comment
Question by:PaulBurton83709
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
7 Comments
 
LVL 16

Expert Comment

by:Syed_M_Usman
ID: 38786136
Dear,

Just to let very simple, do followings (take your SNA backup and reset you firewall to default or make sure you undo all changes realted to exchange)

1) Make sure you have Public ip on your SNA WAN
2) please be sure mail.yourdoamin is a associated with your SNA Public IP

to drill down the issue please leave spam filtering aside,,, simply logon to SNA and on the top right side use Wizard to configure your exchange.

Exchange Wizard-01Exchange Wizard-02Exchange Wizard-03Exchange Wizard-04
once above complated you will be able to send and receive emails... if yes we go to next step if no we will troubleshoot exchange.

please also test sending email from internal user to another internal user.
0
 
LVL 14

Expert Comment

by:Kaffiend
ID: 38786182
Let's take a step back here.

While the solution above may help you get a little further along, it does not take the Barracuda into account.

What you should be doing (if you want to use the Barracuda box for spam filtering) is to have the Sonicwall send incoming port 25 traffic to the Barracuda.  Then have the Barracuda send sanitized email traffic to your Exchange box.  If you go this route, you need to make sure your Exchange server accepts port 25 traffic only from the Barracuda box.

As for sending email, you can either send directly from Exchange, or use the Barracuda as a "Smart Host".  No matter which way you wish to send out, you need to have a Pointer (aka Reverse DNS) record.  I cannot say for certain, but it might be that if you don't have a Pointer record created, that your outgoing emails are being rejected.

If you suspect the Sonicwall is the cause of your problems, look at the firewall > access rules and look for anything that has to do with port 25.  (See what the Sonicwall does with port 25 traffic coming in - does it go to the Barracuda box, or to Exchange, or is it not set up at all?  Also, for outgoing port 25 is there any kind of rule, or NAT policies?

Hint: when looking at the Sonicwall's firewall rules, look for WAN - LAN to troubleshoot incoming mail flow, and look at LAN - WAN to troubleshoot outgoing mail flow.  Also, hovering the mouse over certain fields will show more information
0
 

Author Comment

by:PaulBurton83709
ID: 38789463
The bulk of the problem was Century Link blocking port 25. After I discovered that there was no traffic on port 25 making it to our Sonic Wall I called Century Link and they removed the block.
Now I can send email, but I am not receiving and mail.

...any thoughts?
0
 
LVL 14

Expert Comment

by:Kaffiend
ID: 38790235
Look at the Sonicwall and see what it is set up to do with incoming smtp traffic - if it goes to the Barracuda box, then troubleshoot that, if it goes directly to Exchange, look at that.

Sorry, but without actually being there, a lot of the "work" is up to you.  If you provide more detailed information on what you have observed, we can provide more specific advice/suggestions.  The problem (of not being able to receive email) could be any one, or a combination of, 3 things: Sonicwall, Barracuda, Exchange.  

I suggest you unplug the Barracuda box, and use Gmail to send another test message.  If you see the same error message that you saw earlier, then it will indicate that either the Barracuda is not the problem, or that port 25 traffic is not even making it to the Barracuda box.  If the error message is different, please report back.  (Well, please report back no matter what  :-)  )
0
 

Accepted Solution

by:
PaulBurton83709 earned 0 total points
ID: 38895915
This install was using a Century Link DSL with statics. I had the DSL modem configured with the Gateway address of our static block and all firewall features disabled. The Sonic Wall had one of our usable IP's assigned.
It turns out that despite configuring the modem with a static IP, the firmware for the modem was still employing the NAT rules and blocking all the ports that it would have if I were using the modem in Gateway mode.
Weak Century Link... Weak!

Thanks for all your help.
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
This article will help to fix the below error for MS Exchange server 2010 I. Out Of office not working II. Certificate error "name on the security certificate is invalid or does not match the name of the site" III. Make Internal URLs and External…
This video discusses moving either the default database or any database to a new volume.
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question