exchange 2007 , 2008 sbs

have a 2008 sbs running exchange 2007 service pack 2 and wanted to hook up to new internet provider, and take out the sonic wall and just run direct to the internet...if i change the ip address on the exchange server is there something else i need to do to make it work ???? so far i can just get email to work local but not all the way to the wan (outside world) please any help , or step by step would be great...
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Lee W, MVPTechnology and Business Process AdvisorCommented:
SBS cannot (should not) be connected directly to the internet.  It does not support dual NIC configurations that SBS 2003 and earlier did.  You NEED a router.  If you want to get rid of the sonic wall, I'd suggest adding an Untangle system as a router.
gstevederbyAuthor Commented:
ok, i can add a router but what else do i need to do?
1. The first thing will be to make sure your new IP is somewhere in your MX record in the public DNS.
2. While you are here, you may also need to setup a Reverse DNS entry to your IP and make sure your new IP is not already on a blacklist or get a smarthost to skip this part.
3. second thing is to forward the traffic needed for SBS, 25, 80, 443 (for OWA and activesync) to get flowing again.  This would be port forwarding from your Sonicwall (that has been configured for your new IP) to your internal IP of your SBS server (whose IP has stayed the same during all of this)
4. Test by going to to get the basics.

There are other sites that can test for OWA and activesynce connections, but it sounds like you need to get mail flowing again in the mean time.
Get Blueprints for Increased Customer Retention

The IT Service Excellence Tool Kit has best practices to keep your clients happy and business booming. Inside, you’ll find everything you need to increase client satisfaction and retention, become more competitive, and increase your overall success.

gstevederbyAuthor Commented:
can you tell me , step by step how to change the reverse dns entry.?? also what if i were to just use the sonicwall as before, but with diff. ip provider--hence new wan address coming into the sonicwall...??
Ick, step by step will be hard, since it varies with ISPs and may not be 100% needed.  It is more important to make sure you are not on a blacklist first.  

You also do not mention if your new IP is in the mix for MX records.  Without this, external traffic will not be able to reach you and they will start getting NDRs.  If you at least get the MX record, and the port 25 then your inbound mail will be delivered, even if you cannot respond.

The reverse DNS entry is generally mapped to your host name for the server, and will have to match the banner that is being broadcast by your exchange server.  Generally it requires calling them to make the entry to it.

So for example, in your DNS, you want your host name to be  You will make an A record for and point it to your new IP.  Then in the MX section, you will make the 10 spot

Then call your new ISP and tell them you need a RPTR record for your IP and its value needs to be  ATT and Verizon required me to fill out a form or send an email, Telepacific and Cbyond (t1 providers here in the states) accepted over the phone request, so it depends, but they will need to be involved.

Again, this part is pointless if the outside world doesn't know where your email server is (by your MX record), and if that traffic doesn't get to your server through your firewall via a port forward.
Oh as for using the sonicwall as before, it still won't work until you update your new IP.  You may have to re-do your port forwards since they will reflect the old IP not your new one.

in this example, think of your IP (old or new) as your mailing address.  Then think of your firewall as the receptionist who accepts everyone's mail and then delivers it to who it is addressed to.  The outside world needs your address to even get anything to you, and your receptionist needs to be working otherwise it just piles up at your door.
As long as your DNS entries \ NetBIOS name are not changed, you can change IP addresses without any issues and if you do so, you need to change it to all respective DNS hostnames registered in DNS (Ex: owa, autodiscover records and its public to private IP mappings and so on)

Outlook client may need to be restarted to make changes effective

if you setup exchange IPs any where in any apps like backup etc., that's need to be addressed

gstevederbyAuthor Commented:
Thx, I will check into all of that tomorrow when I am at the server again....hopefully one way or the other it will work....they use a service called "soap spam" which captures their email's and filters out all the spam, does an excellent job to...about 97% is cleaned fyi, and then it is sent to the they use the "mx' items you speak of...I am calling them too...I am hoping that their, only 2-3 people, email's can just be forwarded via the soap spam people and thus eliminate the email server all to is shutting its doors permanently...
Oh, in this case that takes quite a bit of pressure off.  You will need to update them on the your new IP.  All of the services I have used like this will only speak with the designated server, and from their perspective, a new IP address isn't what they are expecting.  So their service is working correctly by not delivering the mail or relaying your outbound.

Chances are your mx is already pointed to them which is good, since you don't want people to bypass the washing service and deliver direct to you. And they are spooling your mail while your connection is down.  You should be able to tell them your new IP, and you won't even have to bother with the other stuff.

There are two settings you generally will have to check with your "soap spam", (which as a service I refer to all those vendors as "email washing services") and update your inbound mail server address (should just be IP), and then also update your smarthost (outbound) settings with them.

Good luck!
gstevederbyAuthor Commented:
ok, i am almost done, do you know how/where the port 25 out for smtp is in 2008 sbs and how can i change if needed..??
gstevederbyAuthor Commented:
soap has changed the mx so now it's pointed in correct direction, however comcast residential does not allow port 25 to be opened they are asking if i can re-route to port 465 and i don't know how to do that or if it is even possible. i read how 465 is used for smtp but usually for ssl type of items...???
There are some problems with this, the most being the IP will change from time to time if you are on a residential DHCP, so you will have to constantly update Soap.  And I am not sure if Soap can handle a host name instead of IP.  If they can you will need to register your IP with a dynamic DNS provider, like

As for changing the port to a smarthost,

But that is only if your smarthost is relaying on that port.

I would just buy the commercial version of comcast, even if it is in your home and I would also again pay the extra fee for the static IP.  Doing these two will ease up your life in re: to setting up resources and servers that need access to and from the outside world.
gstevederbyAuthor Commented:
We Are on Biz line it is static.  so i have not changed Anything on the server and STILL we can't get out. the tests show port 25 blocked,even though comcast says they don't block ANY ports on their biz line. so that's the quandry. i can: telnet servername 25 and connect fine from a work station. I can send an email to myself and rec. local just fine from a i would think that port 25 on the server is just fine, Right? doesn't logic dictate that if server has not changed and provider has that the prob. is with the provider? i had several years ago,on same server, changed provider and didn't have to change anything on server.....only tell spam soap people so they could re-route the mx records.
When you are testing, how are you testing.  If you are going internal workstation to the server, it is not a good test since that would only apply the internal firewall rules.  You should do a telnet test from your workstation (or server) to known working server like Google's email server.  If you get any response, then you know you are not being blocked.

I have never come across any ISP that has filtered static biz lines.  This is true for both home based businesses and regular commercial.
gstevederbyAuthor Commented:
so i tried what i belive you are saying by going to both the work station and the server and typing in the following at cmd prompt:

telnet 25
telnet 25


none of those let me through, and it is on a business what more can i do to prove that they, comcast, are blocking the ports?
none of those are the smtp servers of those companies...  Those are their web domains.

try this at command prompt

set type=mx

which should show you the comcast MX addresses of:



telnet 25

which should then show you

220 comcast ESMTP server ready

meaning you have confirmed made a connection with them.  If you can get to this, then port 25 is not your problem and you should go back to looking at your send connectors on your exchange server.  There are a lot of other tests to perform after this, but for right now, we are trying to figure out if 25 is being blocked or not.  By even responding to your request (even if it is to reject you), it confirms communication is happening.

I would disable the smart host for now, and have the send connector resolve though dns directly.  If after doing that, you can send out (even if it ends up as spam, or you get a rejection from the recipient mail server), we know the problem lies with your smarthost, not the ISP and email server.

If you cannot get to the above connection text and the connection times out, I would look at firewall rules on server (software), then the appliance, or perhaps they are blocking 25.

Also, you may want to consider bringing in someone who has some more experience with troubleshooting email servers, then watch over their shoulder to learn some of the troubleshooting practices, or better yet, head to a boot camp to get a little formal training.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
gstevederbyAuthor Commented:
BRINGING in a more experienced tech--thx for all your help
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.