Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 492
  • Last Modified:

Three Exchange servers on the same network, diff domains, can't send mail

We run a small IT shop.  In the building, we have our own exchange server, a hosted mail server for customer mail and a test mail server.

On the WAN side of the router, we have Comcast inbound with 15 static IPs and ATT inbound with 10 static IPs.  On the router, the Comcast is the primary with ATT as secondary.

Exchange1 has mail coming in from public IP xx.xx.xx.138 (Comcast)
Exchange2 has mail coming in from public IP xx.xx.xx.105 (ATT)
Exchange3 has mail coming in from public IP xx.xx.xx.109 (ATT)

Our problem was that mail coming in on 109 (ATT) was going out on 138 (Comcast) and that was giving us some grief for obvious reasons.  So, we wrote some policy rules in our firewall that forced traffic coming in on a public IP to go out on the same public IP.  However, when that rule is in place, Exchange3 cannot send mail to Exchange1.

Remove the rule and Exchange3 can send mail to Exchange1, but it goes out on the wrong public IP.  With the rule in place, everything is good, except Exchange3 cannot send mail to Exchange1.  We need to rule to make sure traffic leaves on the same IP it entered on.

Remember, all three Exchange servers are on the same 10.50.0.x network and we suspect that has something to do with it, but we are striking out homing in on the specific problem.

Ideas?

Thanks

Cliff
0
crp0499
Asked:
crp0499
1 Solution
 
Simon Butler (Sembee)ConsultantCommented:
You should have the servers send email between themselves directly, rather than trying to use public records and going out and back in again through the same firewall.

There are two ways to do this.

1. Split DNS for the MX record.
This is where you use an additional entry in the local DNS server of each server for the MX record for the other two servers.
For example, if the MX record mail.example.com, then you create a zone for mail.example.com then create a blank entry with the local IP address in it.

2. Send/SMTP Connector for each domain.
This bypasses the MX record lookup. You create a Send Connector for the other two servers. Set them to use a smart host, entering it in the format of [192.168.1.1]. On the Address space, enter the domain the remote server is responsible for.

Of the two, option 2 is probably the easiest and keeps everything in Exchange.

Simon.
0

Featured Post

New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now