Solved

exchange 2007 , 2008 sbs

Posted on 2013-12-26
17
254 Views
Last Modified: 2014-01-12
have a 2008 sbs running exchange 2007 service pack 2 and wanted to hook up to new internet provider, and take out the sonic wall and just run direct to the internet...if i change the ip address on the exchange server is there something else i need to do to make it work ???? so far i can just get email to work local but not all the way to the wan (outside world) please any help , or step by step would be great...
0
Comment
Question by:gstevederby
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
17 Comments
 
LVL 96

Expert Comment

by:Lee W, MVP
ID: 39741257
SBS cannot (should not) be connected directly to the internet.  It does not support dual NIC configurations that SBS 2003 and earlier did.  You NEED a router.  If you want to get rid of the sonic wall, I'd suggest adding an Untangle system as a router.
0
 

Author Comment

by:gstevederby
ID: 39741265
ok, i can add a router but what else do i need to do?
0
 
LVL 9

Expert Comment

by:tsaico
ID: 39741290
1. The first thing will be to make sure your new IP is somewhere in your MX record in the public DNS.
2. While you are here, you may also need to setup a Reverse DNS entry to your IP and make sure your new IP is not already on a blacklist or get a smarthost to skip this part.
3. second thing is to forward the traffic needed for SBS, 25, 80, 443 (for OWA and activesync) to get flowing again.  This would be port forwarding from your Sonicwall (that has been configured for your new IP) to your internal IP of your SBS server (whose IP has stayed the same during all of this)
4. Test by going to Mxtoolbox.com to get the basics.

There are other sites that can test for OWA and activesynce connections, but it sounds like you need to get mail flowing again in the mean time.
0
Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

 

Author Comment

by:gstevederby
ID: 39741306
can you tell me , step by step how to change the reverse dns entry.?? also what if i were to just use the sonicwall as before, but with diff. ip provider--hence new wan address coming into the sonicwall...??
0
 
LVL 9

Expert Comment

by:tsaico
ID: 39741314
Ick, step by step will be hard, since it varies with ISPs and may not be 100% needed.  It is more important to make sure you are not on a blacklist first.  

You also do not mention if your new IP is in the mix for MX records.  Without this, external traffic will not be able to reach you and they will start getting NDRs.  If you at least get the MX record, and the port 25 then your inbound mail will be delivered, even if you cannot respond.

The reverse DNS entry is generally mapped to your host name for the server, and will have to match the banner that is being broadcast by your exchange server.  Generally it requires calling them to make the entry to it.

So for example, in your DNS, you want your host name to be mail.domain.com.  You will make an A record for mail.domain.com and point it to your new IP.  Then in the MX section, you will make the 10 spot mail.domain.com.

Then call your new ISP and tell them you need a RPTR record for your IP and its value needs to be mail.domain.com.  ATT and Verizon required me to fill out a form or send an email, Telepacific and Cbyond (t1 providers here in the states) accepted over the phone request, so it depends, but they will need to be involved.

Again, this part is pointless if the outside world doesn't know where your email server is (by your MX record), and if that traffic doesn't get to your server through your firewall via a port forward.
0
 
LVL 9

Expert Comment

by:tsaico
ID: 39741316
Oh as for using the sonicwall as before, it still won't work until you update your new IP.  You may have to re-do your port forwards since they will reflect the old IP not your new one.

in this example, think of your IP (old or new) as your mailing address.  Then think of your firewall as the receptionist who accepts everyone's mail and then delivers it to who it is addressed to.  The outside world needs your address to even get anything to you, and your receptionist needs to be working otherwise it just piles up at your door.
0
 
LVL 37

Expert Comment

by:Mahesh
ID: 39741332
As long as your DNS entries \ NetBIOS name are not changed, you can change IP addresses without any issues and if you do so, you need to change it to all respective DNS hostnames registered in DNS (Ex: owa, autodiscover records and its public to private IP mappings and so on)

Outlook client may need to be restarted to make changes effective

if you setup exchange IPs any where in any apps like backup etc., that's need to be addressed

Mahesh
0
 

Author Comment

by:gstevederby
ID: 39741525
Thx, I will check into all of that tomorrow when I am at the server again....hopefully one way or the other it will work....they use a service called "soap spam" which captures their email's and filters out all the spam, does an excellent job to...about 97% is cleaned fyi, and then it is sent to the server..so they use the "mx' items you speak of...I am calling them too...I am hoping that their, only 2-3 people, email's can just be forwarded via the soap spam people and thus eliminate the email server all to together...company is shutting its doors permanently...
0
 
LVL 9

Expert Comment

by:tsaico
ID: 39742040
Oh, in this case that takes quite a bit of pressure off.  You will need to update them on the your new IP.  All of the services I have used like this will only speak with the designated server, and from their perspective, a new IP address isn't what they are expecting.  So their service is working correctly by not delivering the mail or relaying your outbound.

Chances are your mx is already pointed to them which is good, since you don't want people to bypass the washing service and deliver direct to you. And they are spooling your mail while your connection is down.  You should be able to tell them your new IP, and you won't even have to bother with the other stuff.

There are two settings you generally will have to check with your "soap spam", (which as a service I refer to all those vendors as "email washing services") and update your inbound mail server address (should just be IP), and then also update your smarthost (outbound) settings with them.

Good luck!
0
 

Author Comment

by:gstevederby
ID: 39744414
ok, i am almost done, do you know how/where the port 25 out for smtp is in 2008 sbs and how can i change if needed..??
0
 

Author Comment

by:gstevederby
ID: 39744416
soap has changed the mx so now it's pointed in correct direction, however comcast residential does not allow port 25 to be opened up...so they are asking if i can re-route to port 465 and i don't know how to do that or if it is even possible. i read how 465 is used for smtp but usually for ssl type of items...???
0
 
LVL 9

Expert Comment

by:tsaico
ID: 39744881
There are some problems with this, the most being the IP will change from time to time if you are on a residential DHCP, so you will have to constantly update Soap.  And I am not sure if Soap can handle a host name instead of IP.  If they can you will need to register your IP with a dynamic DNS provider, like no-ip.com.

As for changing the port to a smarthost,
https://support.prolateral.com/index.php?/Knowledgebase/Article/View/159/0/how-to-use-an-alternate-smarthost-smtp-port-in-exchange-2007-and-exchange-2010

But that is only if your smarthost is relaying on that port.

I would just buy the commercial version of comcast, even if it is in your home and I would also again pay the extra fee for the static IP.  Doing these two will ease up your life in re: to setting up resources and servers that need access to and from the outside world.
0
 

Author Comment

by:gstevederby
ID: 39769730
We Are on Biz line now..so it is static.  so i have not changed Anything on the server and STILL we can't get out. the tests show port 25 blocked,even though comcast says they don't block ANY ports on their biz line. so that's the quandry. i can: telnet servername 25 and connect fine from a work station. I can send an email to myself and rec. local just fine from a workstation...so i would think that port 25 on the server is just fine, Right? doesn't logic dictate that if server has not changed and provider has that the prob. is with the provider? i had several years ago,on same server, changed provider and didn't have to change anything on server.....only tell spam soap people so they could re-route the mx records.
0
 
LVL 9

Expert Comment

by:tsaico
ID: 39769828
When you are testing, how are you testing.  If you are going internal workstation to the server, it is not a good test since that would only apply the internal firewall rules.  You should do a telnet test from your workstation (or server) to known working server like Google's email server.  If you get any response, then you know you are not being blocked.

I have never come across any ISP that has filtered static biz lines.  This is true for both home based businesses and regular commercial.
0
 

Author Comment

by:gstevederby
ID: 39770926
so i tried what i belive you are saying by going to both the work station and the server and typing in the following at cmd prompt:

telnet comcast.net 25
telnet comcast.net
telnet hp.com 25

etc.

none of those let me through, and it is on a business line...so what more can i do to prove that they, comcast, are blocking the ports?
0
 
LVL 9

Accepted Solution

by:
tsaico earned 500 total points
ID: 39771317
none of those are the smtp servers of those companies...  Those are their web domains.

try this at command prompt

nslookup
set type=mx
comcast.net

which should show you the comcast MX addresses of:

5 mx1.comcast.net
5 mx2.comcast.net

then

telnet mx1.comcast.net 25

which should then show you

220 imta20.westchester.pa.mail.comcast.net comcast ESMTP server ready

meaning you have confirmed made a connection with them.  If you can get to this, then port 25 is not your problem and you should go back to looking at your send connectors on your exchange server.  There are a lot of other tests to perform after this, but for right now, we are trying to figure out if 25 is being blocked or not.  By even responding to your request (even if it is to reject you), it confirms communication is happening.

I would disable the smart host for now, and have the send connector resolve though dns directly.  If after doing that, you can send out (even if it ends up as spam, or you get a rejection from the recipient mail server), we know the problem lies with your smarthost, not the ISP and email server.

If you cannot get to the above connection text and the connection times out, I would look at firewall rules on server (software), then the appliance, or perhaps they are blocking 25.

Also, you may want to consider bringing in someone who has some more experience with troubleshooting email servers, then watch over their shoulder to learn some of the troubleshooting practices, or better yet, head to a boot camp to get a little formal training.
0
 

Author Closing Comment

by:gstevederby
ID: 39775554
BRINGING in a more experienced tech--thx for all your help
0

Featured Post

Salesforce Has Never Been Easier

Improve and reinforce salesforce training & adoption using WalkMe's digital adoption platform. Start saving on costly employee training by creating fast intuitive Walk-Thrus for Salesforce. Claim your Free Account Now

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You need to know the location of the Office templates folder, so that when you create new templates, they are saved to that location, and thus are available for selection when creating new documents.  The steps to find the Templates folder path are …
This article describes how to import Lotus Notes Contacts into Outlook 2016, 2013, 2010 and 2007 etc. with a few manual steps. You can easily export and migrate Lotus Notes contacts into Microsoft Outlook without having to use any third party tools.
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
Suggested Courses

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question