Solved

exchange 2007 , 2008 sbs

Posted on 2013-12-26
17
247 Views
Last Modified: 2014-01-12
have a 2008 sbs running exchange 2007 service pack 2 and wanted to hook up to new internet provider, and take out the sonic wall and just run direct to the internet...if i change the ip address on the exchange server is there something else i need to do to make it work ???? so far i can just get email to work local but not all the way to the wan (outside world) please any help , or step by step would be great...
0
Comment
Question by:gstevederby
17 Comments
 
LVL 95

Expert Comment

by:Lee W, MVP
ID: 39741257
SBS cannot (should not) be connected directly to the internet.  It does not support dual NIC configurations that SBS 2003 and earlier did.  You NEED a router.  If you want to get rid of the sonic wall, I'd suggest adding an Untangle system as a router.
0
 

Author Comment

by:gstevederby
ID: 39741265
ok, i can add a router but what else do i need to do?
0
 
LVL 9

Expert Comment

by:tsaico
ID: 39741290
1. The first thing will be to make sure your new IP is somewhere in your MX record in the public DNS.
2. While you are here, you may also need to setup a Reverse DNS entry to your IP and make sure your new IP is not already on a blacklist or get a smarthost to skip this part.
3. second thing is to forward the traffic needed for SBS, 25, 80, 443 (for OWA and activesync) to get flowing again.  This would be port forwarding from your Sonicwall (that has been configured for your new IP) to your internal IP of your SBS server (whose IP has stayed the same during all of this)
4. Test by going to Mxtoolbox.com to get the basics.

There are other sites that can test for OWA and activesynce connections, but it sounds like you need to get mail flowing again in the mean time.
0
 

Author Comment

by:gstevederby
ID: 39741306
can you tell me , step by step how to change the reverse dns entry.?? also what if i were to just use the sonicwall as before, but with diff. ip provider--hence new wan address coming into the sonicwall...??
0
 
LVL 9

Expert Comment

by:tsaico
ID: 39741314
Ick, step by step will be hard, since it varies with ISPs and may not be 100% needed.  It is more important to make sure you are not on a blacklist first.  

You also do not mention if your new IP is in the mix for MX records.  Without this, external traffic will not be able to reach you and they will start getting NDRs.  If you at least get the MX record, and the port 25 then your inbound mail will be delivered, even if you cannot respond.

The reverse DNS entry is generally mapped to your host name for the server, and will have to match the banner that is being broadcast by your exchange server.  Generally it requires calling them to make the entry to it.

So for example, in your DNS, you want your host name to be mail.domain.com.  You will make an A record for mail.domain.com and point it to your new IP.  Then in the MX section, you will make the 10 spot mail.domain.com.

Then call your new ISP and tell them you need a RPTR record for your IP and its value needs to be mail.domain.com.  ATT and Verizon required me to fill out a form or send an email, Telepacific and Cbyond (t1 providers here in the states) accepted over the phone request, so it depends, but they will need to be involved.

Again, this part is pointless if the outside world doesn't know where your email server is (by your MX record), and if that traffic doesn't get to your server through your firewall via a port forward.
0
 
LVL 9

Expert Comment

by:tsaico
ID: 39741316
Oh as for using the sonicwall as before, it still won't work until you update your new IP.  You may have to re-do your port forwards since they will reflect the old IP not your new one.

in this example, think of your IP (old or new) as your mailing address.  Then think of your firewall as the receptionist who accepts everyone's mail and then delivers it to who it is addressed to.  The outside world needs your address to even get anything to you, and your receptionist needs to be working otherwise it just piles up at your door.
0
 
LVL 35

Expert Comment

by:Mahesh
ID: 39741332
As long as your DNS entries \ NetBIOS name are not changed, you can change IP addresses without any issues and if you do so, you need to change it to all respective DNS hostnames registered in DNS (Ex: owa, autodiscover records and its public to private IP mappings and so on)

Outlook client may need to be restarted to make changes effective

if you setup exchange IPs any where in any apps like backup etc., that's need to be addressed

Mahesh
0
 

Author Comment

by:gstevederby
ID: 39741525
Thx, I will check into all of that tomorrow when I am at the server again....hopefully one way or the other it will work....they use a service called "soap spam" which captures their email's and filters out all the spam, does an excellent job to...about 97% is cleaned fyi, and then it is sent to the server..so they use the "mx' items you speak of...I am calling them too...I am hoping that their, only 2-3 people, email's can just be forwarded via the soap spam people and thus eliminate the email server all to together...company is shutting its doors permanently...
0
Wish Marketing would stop bothering you?

Is your marketing department constantly asking for new email signature updates? Are they requesting a different design for every department? Do they need yet another banner added? Don’t let it get you down! There is an easy way to manage all of these requests...

 
LVL 9

Expert Comment

by:tsaico
ID: 39742040
Oh, in this case that takes quite a bit of pressure off.  You will need to update them on the your new IP.  All of the services I have used like this will only speak with the designated server, and from their perspective, a new IP address isn't what they are expecting.  So their service is working correctly by not delivering the mail or relaying your outbound.

Chances are your mx is already pointed to them which is good, since you don't want people to bypass the washing service and deliver direct to you. And they are spooling your mail while your connection is down.  You should be able to tell them your new IP, and you won't even have to bother with the other stuff.

There are two settings you generally will have to check with your "soap spam", (which as a service I refer to all those vendors as "email washing services") and update your inbound mail server address (should just be IP), and then also update your smarthost (outbound) settings with them.

Good luck!
0
 

Author Comment

by:gstevederby
ID: 39744414
ok, i am almost done, do you know how/where the port 25 out for smtp is in 2008 sbs and how can i change if needed..??
0
 

Author Comment

by:gstevederby
ID: 39744416
soap has changed the mx so now it's pointed in correct direction, however comcast residential does not allow port 25 to be opened up...so they are asking if i can re-route to port 465 and i don't know how to do that or if it is even possible. i read how 465 is used for smtp but usually for ssl type of items...???
0
 
LVL 9

Expert Comment

by:tsaico
ID: 39744881
There are some problems with this, the most being the IP will change from time to time if you are on a residential DHCP, so you will have to constantly update Soap.  And I am not sure if Soap can handle a host name instead of IP.  If they can you will need to register your IP with a dynamic DNS provider, like no-ip.com.

As for changing the port to a smarthost,
https://support.prolateral.com/index.php?/Knowledgebase/Article/View/159/0/how-to-use-an-alternate-smarthost-smtp-port-in-exchange-2007-and-exchange-2010

But that is only if your smarthost is relaying on that port.

I would just buy the commercial version of comcast, even if it is in your home and I would also again pay the extra fee for the static IP.  Doing these two will ease up your life in re: to setting up resources and servers that need access to and from the outside world.
0
 

Author Comment

by:gstevederby
ID: 39769730
We Are on Biz line now..so it is static.  so i have not changed Anything on the server and STILL we can't get out. the tests show port 25 blocked,even though comcast says they don't block ANY ports on their biz line. so that's the quandry. i can: telnet servername 25 and connect fine from a work station. I can send an email to myself and rec. local just fine from a workstation...so i would think that port 25 on the server is just fine, Right? doesn't logic dictate that if server has not changed and provider has that the prob. is with the provider? i had several years ago,on same server, changed provider and didn't have to change anything on server.....only tell spam soap people so they could re-route the mx records.
0
 
LVL 9

Expert Comment

by:tsaico
ID: 39769828
When you are testing, how are you testing.  If you are going internal workstation to the server, it is not a good test since that would only apply the internal firewall rules.  You should do a telnet test from your workstation (or server) to known working server like Google's email server.  If you get any response, then you know you are not being blocked.

I have never come across any ISP that has filtered static biz lines.  This is true for both home based businesses and regular commercial.
0
 

Author Comment

by:gstevederby
ID: 39770926
so i tried what i belive you are saying by going to both the work station and the server and typing in the following at cmd prompt:

telnet comcast.net 25
telnet comcast.net
telnet hp.com 25

etc.

none of those let me through, and it is on a business line...so what more can i do to prove that they, comcast, are blocking the ports?
0
 
LVL 9

Accepted Solution

by:
tsaico earned 500 total points
ID: 39771317
none of those are the smtp servers of those companies...  Those are their web domains.

try this at command prompt

nslookup
set type=mx
comcast.net

which should show you the comcast MX addresses of:

5 mx1.comcast.net
5 mx2.comcast.net

then

telnet mx1.comcast.net 25

which should then show you

220 imta20.westchester.pa.mail.comcast.net comcast ESMTP server ready

meaning you have confirmed made a connection with them.  If you can get to this, then port 25 is not your problem and you should go back to looking at your send connectors on your exchange server.  There are a lot of other tests to perform after this, but for right now, we are trying to figure out if 25 is being blocked or not.  By even responding to your request (even if it is to reject you), it confirms communication is happening.

I would disable the smart host for now, and have the send connector resolve though dns directly.  If after doing that, you can send out (even if it ends up as spam, or you get a rejection from the recipient mail server), we know the problem lies with your smarthost, not the ISP and email server.

If you cannot get to the above connection text and the connection times out, I would look at firewall rules on server (software), then the appliance, or perhaps they are blocking 25.

Also, you may want to consider bringing in someone who has some more experience with troubleshooting email servers, then watch over their shoulder to learn some of the troubleshooting practices, or better yet, head to a boot camp to get a little formal training.
0
 

Author Closing Comment

by:gstevederby
ID: 39775554
BRINGING in a more experienced tech--thx for all your help
0

Featured Post

Promote certifications in your email signature

Has your company recently won an award or achieved a certification? They'll no doubt want to show it off. Email signature images used to promote certifications & awards can instantly establish credibility with a recipient and provide you with numerous benefits.

Join & Write a Comment

Sometimes Outlook might have problems sending a message. There may be various causes- corrupted PST, AV scanner etc. The message, instead of going to the Sent Items folder, sits in the Outbox indefinitely. To remove it you can use a free tool cal…
Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
how to add IIS SMTP to handle application/Scanner relays into office 365.

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now