1. Mail Stuck on the Exchange server could be the result of a SMTP connector
not being configured or not being configured correctly. May also want to
check that the Exchange server can ping the SMTP relay in the DMZ. You can
use TELNET to test connectivity issues.
2. The SMTP in the DMZ does need the ability to query DNS, unless you are
routing it to another SMTP server that can perform that function. If the
SMTP server needs DNS, then you can use your internal DNS servers or
external DNS servers. If you are using external DNS servers, you will need
to open TCP port 53. SMTP uses TCP instead of UDP for DNS queries. Good
info available at ISAserver.org on how to do this.
From: "Gillian Cook" <gcook@xxxxxxx> Reply-To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Subject: [isalist] Back to back DMZ Exchange and SMTP relay Date: Mon, 28 Apr 2003 15:10:30 -0400
http://www.ISAserver.org
I'm working in a lab environment in preparation for a move to a back-to-back DMZ config. All is working perfectly including outgoing web traffic, VPN, Terminal Services published server, OWA published server - thanks to the ISA Server and Beyond book! The only issue is with Exchange and the SMTP mail relay server.
Setup: | Internet------ISA 1-------------------ISA 2---------Internal Network (3 subnets) | | DMZ (Exchange) (SMTP Relay)
The Exchange server is in the internal network on a subnet other than the ISA 2 server. The SMTP mail relay is in the DMZ. The only way I've been able to get mail flowing both directions (through both ISA's and from SMTP and Exchange) is to publish the SMTP mail relay server on the internal network (while keeping it not part of the domain) on the same subnet as ISA 2 server (SecureNAT).
I would like to get it working correctly with the "real" DMZ config. I think I have 2 issues going on with mail flow. Internal mail going out to Internet gets "stuck" in the Exchange server. It doesn't know how to get to the DMZ server. And, does the DMZ SMTP mail relay server need to be able to perform nslookups for domains other than the internal network?
Any ideas? I have read the ISA Server and Beyond book but I'm still having issues. Thanks to the book all other parts of the B2B DMZ are working great! It would have been impossible without it.
TIA, Gillian
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: papexpjboi@xxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
