Exchange 2010 not able to send email when behind our NG Firewall (Untangle)

OK, here is the scenario:  We use untangle V9 for our firewall, gateway, filter, etc, and it works well.  No problems with email whatsoever.  Unfortunately, V9 is now past end of life, so we have the new NG server ready to go.  Same IP, same everything.  Put the NG in place, incoming email works, internal email works, outbound email all gets bounced back by the 2010 server that permission is denied.  Went through an uninstalled everything on NG.  No change.  Internet works, remote access works, everything is good except outbound.  Set a rule to bypass all traffic from the exchange server IP - no change.   All modules are disabled on NG - no change.  The NG is basically just a coupler at this point between our network and the t1 router, but the NG seems to have taken a "You Shall Not Pass" attitude.  Pull the NG, put v9 back online, everything works fine.    Untangle has spent a week with me trying to troubleshoot this, and came back tonight with a "this is an exchange problem, not our firewall, and we do not support exchange.  Good luck and have a nice day."

The exact error message is "mail.mydomainname.com gave this error:  Unable to relay.  Your message wasn't delivered due to a permission or security issue.  It may have been rejected by a moderator, the address may only accept email from certain senders, or another restriction may be preventing delivery."

We are not using moderators.    The address I am currently testing with is my outside email address, which has no sender restrictions, and as mentioned above, if I put the old V9 firewall back in place, it sends fine.  Put the NG in place, and this is all I get on outbounds.  And yes, I am sure I have my inbound and outbound cables correct.

I REALLY want to continue using Untangle, but apparently Exchange doesn't like something, and they are sure its a setting on my exchange server.

We are not using a smart host.   Outbound is by DNS.  The Untangle is our gateway, and the gateway address is the same as its always been.  Its a single exchange server setup, all functions contained in the one box.  No weird or awkward setups that I can see, anyway.  Pretty basic setup

If in fact this could be an Exchange issue, where do I start?  The NG does offer a lot of advantages, IF I can make it work.  Any ideas or help would be greatly appreciated!!
CrimsonwingzAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Will SzymkowskiSenior Solution ArchitectCommented:
outbound email goes through Send Connectors. So you need to check your send connectors first. You need to make sure that if you were using authentication against the old appliance that you have the same username and password configured on that new appliance.

I would test this by setting up a new Exchange Send Connector pointing the IP of your NG and not using any Authentication. See if that works and then if you want to use Basic Auth over TLS you can also do this as well.

Will.
0
CrimsonwingzAuthor Commented:
No authentication setup, it just sees the untangle as the gateway.  No user or password.   Tried a new send connector too.  If I pull the device entirely and throw a netgear wireless cheapie router in with the IP address (porting 25 etc back to exchange) all works fine.  WIth a Cisco ASA (same setup) works fine.  Its only the Untangle NG that's causing the problem.  I have even done a complete software reinstall 3x on the untanble already thinking I MUST have missed something.   No luck.
0
CrimsonwingzAuthor Commented:
Still no luck on this on my side :(  Everything seems to work fine until I put the new firewall/NG box in line.  I have even tried changing the gateway address on the exchange server, clearing the DNS cache, then changing the gateway back to the ip address.  Anyone got any other tips?
0
Vaseem MohammedCommented:
Does it make sense looking at SMTP logs?
See if logging is enabled on send connector, if not.
Set-SendConnector “Send Connector” -ProtocolLoggingLevel verbose

Logs are located at <Ex-Install-Drive>\V14\TransportRoles\Logs\ProtocolLog\SmtpSend
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.