Solved

Exchange 2013 - False FQDN in Email Header

Posted on 2014-01-13
19
35 Views
Last Modified: 2016-05-18
Hello,

we have an exchange 2013 cluster:

2x CAS-Server
2x Mailbox-Server (DAG)

CAS-Server 1:
smtp1.domainname.de
IP: xxx.xxx.xxx.150

CAS-Server 2:
smtp2.domainname.de
IP: xxx.xxx.xxx.151

The FQDN is correctly set on sendconnector on both cas servers.
Now we have the following problem:

We send many emails to externa mail system and then check the header on received mails.

Received: from smtp1.domainname.de (xxx.xxx.xxx.150) => That's right

or

Received: from smtp1.domainname.de (xxx.xxx.xxx.151) => That's false. We have false fqdn here. fqdn does not match with ip-adress. Correctly it must be smtp2.domainname.de

We could not find any false configuration on our side.
Do you have an idea how we can fix this problem?

Thanks
0
Comment
Question by:uhscale
  • 8
  • 6
  • 4
19 Comments
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39776328
Do you have one or two Send Connectors?
If you have two send connectors, are both servers on the Send Connectors?

Simon.
0
 

Author Comment

by:uhscale
ID: 39776350
Hello,

we have two send connectors.

EXCAS01
EXCAS02

On both send connectors we have both mailbox-servers added.
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39776357
That is the problem then.
You need to have each server listed only on the connector that matches its FQDN.

Simon.
0
 

Author Comment

by:uhscale
ID: 39776371
Hello,

sorry but your answer is not clear for me.

We have 2 mailbox-servers running in a dag. So all mailbox-servers must be able to use both send connectors. If one cas-server is down, mailbox-servers should be able to send using another cas-server.
So we need to add all mailbox-servers to all send-connectors.
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39776382
That isn't how Send Connectors work.
Send connectors belong to the org, not to a server.

Therefore if you have two send connectors with each server listed on one each, then email will flow no matter what. Exchange is quite capable of sending email from one server to another for delivery, which is what is happening now.

Simon.
0
 

Author Comment

by:uhscale
ID: 39776505
Hello,

thanks for your answer. I understand, but how to configure it correctly.

If we have only one send connector with fqdn = smtp.domainname.de
So we would still found two different ip-adresses in header

Received: from smtp.domainname.de (xxx.xxx.xxx.150)
and
Received: from smtp.domainname.de (xxx.xxx.xxx.151)

But A Record for smtp.domainname.de can only be set to one ip-adress. For example xxx.xxx.xxx.150

But if email is send from
Received: from smtp.domainname.de (xxx.xxx.xxx.151)
This would can be seen as spam on some mailservers, because hostname and ip-adress does not match.

Thanks
0
 

Expert Comment

by:ITConnection
ID: 39776866
Can you post the full header for both servers?  Also is the IP you are exing out internal or external?
0
 
LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 500 total points
ID: 39777059
You need two connectors, with the correct FQDN on it.
Then set each source server as the correct one that matches the external IP address.

That is it.
It doesn't matter which server is up, because there is a valid Send Connector. As I wrote above, send connectors do not belong to a server, they are an org setting.

Simon.
0
 

Author Comment

by:uhscale
ID: 39778603
Hello,

sorry but your solution is not clear for me.

We have two send connectors

EXCAS01
EXCAS02

Both of them have as Source-Server our mailbox-server (these servers have no external ip-adress, only internal and using CAS-Servers as outgoing proxy)

On both send connectors we have correct FQDN set.
But how to assign to send connectors our cas-servers?

Thanks
0
[Webinar] Disaster Recovery and Cloud Management

Learn from Unigma and CloudBerry industry veterans which providers are best for certain use cases and how to lower cloud costs, how to grow your Managed Services practice in IaaS clouds, and how to utilize public cloud for Disaster Recovery

 
LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 500 total points
ID: 39785125
You will need to adjust the NAT configuration so that the mailbox servers are sending out email with the correct external IP address.

I don't have access to a platform with the CAS and mailbox roles separated out. I haven't deployed separate servers for over three years on any deployment that I do, so it hasn't been an issue that I have come across. The best practise is all roles on all servers.

Simon.
0
 

Author Comment

by:uhscale
ID: 39785323
Hello,

there must be a general solution directly from microsoft, how to configure such a scenario. As it is a normal scenario to use cas servers as proxy for outgoing mails. And for high availability we must have a minimum of 2 cas servers.
0
 

Expert Comment

by:ITConnection
ID: 39785353
I agree with Simon.  It sounds like you have the two servers set up properly and it is just a NAT issue you are having.  You have to set your firewall or NAT device to have both servers send with the same IP address.
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 500 total points
ID: 39785913
"And for high availability we must have a minimum of 2 cas servers. "

That is indeed the case, but you can combine them with the mailbox role servers and use hardware load balancers. The only designs I have seen that split out the CAS role are those that use WNLB - I don't use WNLB for any reason or purpose (it isn't recommended by the Exchange product team and generally sucks) so I have no reason to split the role out.

With Exchange 2013 you cannot use the CAS role to proxy SMTP traffic out to the internet because that is done by the mailbox role. The CAS role is purely CAS.
If you were expecting something different then you have designed your implementation wrong.

Simon.
0
 

Author Comment

by:uhscale
ID: 39832450
Hello,

we are still searching for a solution here. Mailbox Server have no public IP-Adress because of security reasons. To protect customers data, mailbox server holding the mailbox stores should have only backnet ip-adress, an no front net ip-adress.
That's why microsoft included option to send using cas server proxy option.

So we are still searching for a solution of our problem.

At: http://technet.microsoft.com/en-us/library/aa996349%28v=exchg.150%29.aspx
you see that mails are send using cas servers.

Mailbox server send only internal mails, to other mailbox servers inside the same organization.

Thanks
0
 

Expert Comment

by:ITConnection
ID: 39832489
So are these IP addresses:
Received: from smtp.domainname.de (xxx.xxx.xxx.150)
and
Received: from smtp.domainname.de (xxx.xxx.xxx.151)
Internal or External?
0
 

Author Comment

by:uhscale
ID: 39832589
Those are External.
0
 

Expert Comment

by:ITConnection
ID: 39832966
And your issue is that both should have the same ip correct? Can you not set your firewall to send email from the problem server with the same external ip?
0
 

Author Comment

by:uhscale
ID: 39834873
Hello,

the problem is not sending from only one ip-adress. the problem is that we can not find association between IP-Adress and FQDN.

At the moment we have only one FQDN (smtp.domainname.de), but it is sending from two different ip-adress.
This is false!

So it must be possible to set fqdn per each sending ip-adress like:

Received: from smtp1.domainname.de (xxx.xxx.xxx.150)
and
Received: from smtp2.domainname.de (xxx.xxx.xxx.151)

On Exchange 2010 this was working fine. On Exchange 2013 we can not find how to do the same.
0

Featured Post

The curse of the end user strikes again      

You’ve updated all your end user’s email signatures. Hooray! But guess what? They’re playing around with the HTML, adding stupid taglines and ruining the imagery. Find out how you can save your signatures from end users today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
Find out what you should include to make the best professional email signature for your organization.
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now