Exchange 2013 - False FQDN in Email Header

Hello,

we have an exchange 2013 cluster:

2x CAS-Server
2x Mailbox-Server (DAG)

CAS-Server 1:
smtp1.domainname.de
IP: xxx.xxx.xxx.150

CAS-Server 2:
smtp2.domainname.de
IP: xxx.xxx.xxx.151

The FQDN is correctly set on sendconnector on both cas servers.
Now we have the following problem:

We send many emails to externa mail system and then check the header on received mails.

Received: from smtp1.domainname.de (xxx.xxx.xxx.150) => That's right

or

Received: from smtp1.domainname.de (xxx.xxx.xxx.151) => That's false. We have false fqdn here. fqdn does not match with ip-adress. Correctly it must be smtp2.domainname.de

We could not find any false configuration on our side.
Do you have an idea how we can fix this problem?

Thanks
uhscaleAsked:
Who is Participating?
 
Simon Butler (Sembee)Connect With a Mentor ConsultantCommented:
"And for high availability we must have a minimum of 2 cas servers. "

That is indeed the case, but you can combine them with the mailbox role servers and use hardware load balancers. The only designs I have seen that split out the CAS role are those that use WNLB - I don't use WNLB for any reason or purpose (it isn't recommended by the Exchange product team and generally sucks) so I have no reason to split the role out.

With Exchange 2013 you cannot use the CAS role to proxy SMTP traffic out to the internet because that is done by the mailbox role. The CAS role is purely CAS.
If you were expecting something different then you have designed your implementation wrong.

Simon.
0
 
Simon Butler (Sembee)ConsultantCommented:
Do you have one or two Send Connectors?
If you have two send connectors, are both servers on the Send Connectors?

Simon.
0
 
uhscaleAuthor Commented:
Hello,

we have two send connectors.

EXCAS01
EXCAS02

On both send connectors we have both mailbox-servers added.
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
Simon Butler (Sembee)ConsultantCommented:
That is the problem then.
You need to have each server listed only on the connector that matches its FQDN.

Simon.
0
 
uhscaleAuthor Commented:
Hello,

sorry but your answer is not clear for me.

We have 2 mailbox-servers running in a dag. So all mailbox-servers must be able to use both send connectors. If one cas-server is down, mailbox-servers should be able to send using another cas-server.
So we need to add all mailbox-servers to all send-connectors.
0
 
Simon Butler (Sembee)ConsultantCommented:
That isn't how Send Connectors work.
Send connectors belong to the org, not to a server.

Therefore if you have two send connectors with each server listed on one each, then email will flow no matter what. Exchange is quite capable of sending email from one server to another for delivery, which is what is happening now.

Simon.
0
 
uhscaleAuthor Commented:
Hello,

thanks for your answer. I understand, but how to configure it correctly.

If we have only one send connector with fqdn = smtp.domainname.de
So we would still found two different ip-adresses in header

Received: from smtp.domainname.de (xxx.xxx.xxx.150)
and
Received: from smtp.domainname.de (xxx.xxx.xxx.151)

But A Record for smtp.domainname.de can only be set to one ip-adress. For example xxx.xxx.xxx.150

But if email is send from
Received: from smtp.domainname.de (xxx.xxx.xxx.151)
This would can be seen as spam on some mailservers, because hostname and ip-adress does not match.

Thanks
0
 
ITConnectionCommented:
Can you post the full header for both servers?  Also is the IP you are exing out internal or external?
0
 
Simon Butler (Sembee)Connect With a Mentor ConsultantCommented:
You need two connectors, with the correct FQDN on it.
Then set each source server as the correct one that matches the external IP address.

That is it.
It doesn't matter which server is up, because there is a valid Send Connector. As I wrote above, send connectors do not belong to a server, they are an org setting.

Simon.
0
 
uhscaleAuthor Commented:
Hello,

sorry but your solution is not clear for me.

We have two send connectors

EXCAS01
EXCAS02

Both of them have as Source-Server our mailbox-server (these servers have no external ip-adress, only internal and using CAS-Servers as outgoing proxy)

On both send connectors we have correct FQDN set.
But how to assign to send connectors our cas-servers?

Thanks
0
 
Simon Butler (Sembee)Connect With a Mentor ConsultantCommented:
You will need to adjust the NAT configuration so that the mailbox servers are sending out email with the correct external IP address.

I don't have access to a platform with the CAS and mailbox roles separated out. I haven't deployed separate servers for over three years on any deployment that I do, so it hasn't been an issue that I have come across. The best practise is all roles on all servers.

Simon.
0
 
uhscaleAuthor Commented:
Hello,

there must be a general solution directly from microsoft, how to configure such a scenario. As it is a normal scenario to use cas servers as proxy for outgoing mails. And for high availability we must have a minimum of 2 cas servers.
0
 
ITConnectionCommented:
I agree with Simon.  It sounds like you have the two servers set up properly and it is just a NAT issue you are having.  You have to set your firewall or NAT device to have both servers send with the same IP address.
0
 
uhscaleAuthor Commented:
Hello,

we are still searching for a solution here. Mailbox Server have no public IP-Adress because of security reasons. To protect customers data, mailbox server holding the mailbox stores should have only backnet ip-adress, an no front net ip-adress.
That's why microsoft included option to send using cas server proxy option.

So we are still searching for a solution of our problem.

At: http://technet.microsoft.com/en-us/library/aa996349%28v=exchg.150%29.aspx
you see that mails are send using cas servers.

Mailbox server send only internal mails, to other mailbox servers inside the same organization.

Thanks
0
 
ITConnectionCommented:
So are these IP addresses:
Received: from smtp.domainname.de (xxx.xxx.xxx.150)
and
Received: from smtp.domainname.de (xxx.xxx.xxx.151)
Internal or External?
0
 
uhscaleAuthor Commented:
Those are External.
0
 
ITConnectionCommented:
And your issue is that both should have the same ip correct? Can you not set your firewall to send email from the problem server with the same external ip?
0
 
uhscaleAuthor Commented:
Hello,

the problem is not sending from only one ip-adress. the problem is that we can not find association between IP-Adress and FQDN.

At the moment we have only one FQDN (smtp.domainname.de), but it is sending from two different ip-adress.
This is false!

So it must be possible to set fqdn per each sending ip-adress like:

Received: from smtp1.domainname.de (xxx.xxx.xxx.150)
and
Received: from smtp2.domainname.de (xxx.xxx.xxx.151)

On Exchange 2010 this was working fine. On Exchange 2013 we can not find how to do the same.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.