RE: Back to back DMZ Exchange and SMTP relay

Great news!
 
Based on Tom's suggestion that it "might be a problem with the Server
Publishing Rule on the internal ISA Server", I went ahead and deleted
the rule - client sets and protocol rules, restarted the ISA server,
created the server publishing rule again with the secure mail publishing
wizard and it's working fine.  This fixed the Internet to internal mail
flow.  Outbound from internal network to Internet had been working.
 
The odd thing is I had done this step before, without restarting the
server - and it didn't work.  Oh well...
 
The great news is it's working!  Thanks to all, especially Tom, for all
of your help and input.  Very much appreciated!
 
Gillian

        -----Original Message-----
        From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] 
        Sent: Wednesday, April 30, 2003 12:43 PM
        To: [ISAserver.org Discussion List]
        Subject: [isalist] RE: Back to back DMZ Exchange and SMTP relay
        
        
        http://www.ISAserver.org
        
        
        Hi Gillain,
         
        They might be a problem with the Server Publishing Rule on the
internal ISA Server. Here's what I do when this kind of thing happens:
         
        Run NetMon on the SMTP Relay
         
        Run NetMon on the external interface of the internal ISA Server
         
        Run NetMon on the Exchange Server on the internal network
         
        If the packets make it to the Exchange Server, it indicates an
Exchange config problem -- then John Tolmachoff will have to take over,
becuase I only understand the very basics of Exchange :)
         
        HTH,
        Tom
         
        Thomas W Shinder
        www.isaserver.org/shinder <http://www.isaserver.org/shinder>  
        ISA Server and Beyond: http://tinyurl.com/1jq1
        Configuring ISA Server: http://tinyurl.com/1llp
<http://tinyurl.com/1llp> 
        
         

                -----Original Message-----
                From: Gillian Cook [mailto:gcook@xxxxxxx] 
                Sent: Wednesday, April 30, 2003 10:40 AM
                To: [ISAserver.org Discussion List]
                Subject: [isalist] RE: Back to back DMZ Exchange and
SMTP relay
                
                
                http://www.ISAserver.org
                
                
                Yes, the [external interface of internal ISA server] for
the Remote Domain config.  This is correct, yes?
                 
                -----Original Message-----
                From: Edward Sullivan [mailto:esullivan@xxxxxxx] 
                Sent: Wednesday, April 30, 2003 10:45 AM
                To: [ISAserver.org Discussion List]
                Subject: [isalist] RE: Back to back DMZ Exchange and
SMTP relay
                
                

                        http://www.ISAserver.org
                        
                        
                        Meant to ask that question of Gillian. Anyway,
whoever, did you specify the Smart Host in your configuration?

                                -----Original Message-----
                                From: Edward Sullivan 
                                Sent: Wednesday, April 30, 2003 9:44 AM
                                To: [ISAserver.org Discussion List]
                                Subject: [isalist] RE: Back to back DMZ
Exchange and SMTP relay
                                
                                
                                http://www.ISAserver.org
                                
                                
                                Winston, did you specify that your
frontend mail server should use the Exchange server as its Smart Host?
                                 
                                Ed Sullivan 
                                IT Director 
                                esullivan@xxxxxxx
<mailto:esullivan@xxxxxxx> 
                                KMA Direct Communications 
                                Confidential and Proprietary 

                                -----Original Message-----
                                From: Thomas W Shinder
[mailto:tshinder@xxxxxxxxxxxxxxxxxx]
                                Sent: Wednesday, April 30, 2003 9:42 AM
                                To: [ISAserver.org Discussion List]
                                Subject: [isalist] RE: Back to back DMZ
Exchange and SMTP relay
                                
                                
                                http://www.ISAserver.org
                                
                                
                                Hi Winston,
                                 
                                Perhaps we're not talking about the same
thing. But if you want to put an SMTP relay on the DMZ that relays
inbound and outbound mail, and an Exchange Server on the internal
network, there is NOTHING to prevent it from working. That's why its
always works :-)
                                 
                                Putting Exchange in the DMZ does NOT
work, because you've just exposed your user accounts and internal
security zone to the public, and you certianly do *not* want to do that!
                                 
                                Your setup may have factors outside of
these very basic constraints.
                                 
                                HTH,
                                Tom
                                 
                                Thomas W Shinder
                                www.isaserver.org/shinder
<http://www.isaserver.org/shinder>  
                                ISA Server and Beyond:
http://tinyurl.com/1jq1
                                Configuring ISA Server:
http://tinyurl.com/1llp <http://tinyurl.com/1llp> 
                                
                                 

                                -----Original Message-----
                                From: Winston Akin-Cole
[mailto:wcole@xxxxxxx] 
                                Sent: Wednesday, April 30, 2003 9:10 AM
                                To: [ISAserver.org Discussion List]
                                Subject: [isalist] RE: Back to back DMZ
Exchange and SMTP relay
                                
                                
                                http://www.ISAserver.org
                                
                                

                                Sorry but according to MS this setup
does not work.  My company was going to do the B2B setup but after
spending a couple of days with MS they could not resolve the e-mail flow
problem.  The only way to get it to work is if you put the EXCH in the
DMZ zone.  We had to change our design.  Let me know if anyone has been
successful in this design.

                                 

                                -----Original Message-----
                                From: Gillian Cook
[mailto:gcook@xxxxxxx] 
                                Sent: Wednesday, April 30, 2003 10:01 AM
                                To: [ISAserver.org Discussion List]
                                Subject: [isalist] RE: Back to back DMZ
Exchange and SMTP relay

                                 

                                http://www.ISAserver.org

                                Sorry I wasn't clear.

                                 

                                Mail is flowing from the internal
network to the Internet via B2B ISA's and DMZ SMTP server.  Mail is NOT
flowing from Internet to the DMZ SMTP rely to the internal mail server.

                                 

                                Still curious the best way to
troubleshoot this.  I did double-check the server publishing rules and
the remote domains config on the DMZ SMTP mail relay server.  Maybe I'm
missing something obvious but can't find it.

                                 

                                Hhmmm....  Any ideas?

                                 

                                TIA,

                                 

                                Gillian

                                 

Other related posts: