Re: Combination ISA/Exchange issue. Help, please!!!?! I'm stumped!!
- From: "Jim Harrison" <jim@xxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 23 Jan 2002 06:54:35 -0800
One thing that I've seen is that some domains reverse-verify the sending IP.
If your ISA primary IP isn't the same as the one used in the MX record for
your domain, that might be your problem.
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/authors/harrison/
Read the books!
----- Original Message -----
From: "Ian Sterling" <i_sterling@xxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Tuesday, January 22, 2002 12:35
Subject: [isalist] Combination ISA/Exchange issue. Help, please!!!?! I'm
stumped!!
http://www.ISAserver.org
OK, I’m stumped. I am posting this to both the ISAServer.org list and the
Exchangeserver.org list, so please excuse the cross-post, but I just haven’t
been able to determine where my main problem is coming from. Any
help/suggestions would be greatly appreciated.
I have Back Office Server 2000 on a multi-server setup. I have 3 servers
(192.168.1.1 & external = ISA; 192.168.1.2 = SQL/PDC; 192.168.1.3 =
Exchange).
The PDC is also internal DNS (with a forwarder to our ISP’s DNS set-up),
DHCP, and the main file server. All clients are running Outlook 2000 or XP.
My problem comes with trying to send mail to a specific external domain
(user@xxxxxxxxx). When sending mail to a contact in the fedex.com domain,
any user inside the network will receive an NDR and then a delay
notification. The Exchange manager shows that the messages are in the
queue, but they show (Remote Delivery). Eventually, a final NDR will be
delivered to the sender of the e-mail, and the message times out.
(Fedex.com seems to be the only domain I have had this issue with.) {Of
course, I’m not blocking fedex.com—that I’m aware of, at least. The only
things that are blocked using filters are message attachments (.exe, .ini,
.scr, etc.) and known virus subject lines (I Love you, “Hi”, etc).
I’m pretty sure that the internal servers are both working fine as Secure
NAT clients, because I can fully access the internet from both servers using
the standard allowed protocols. However, I have noticed that I cannot do a
NSLOOKUP from either internal machine. The ISA server, of course, can do
full NSLOOKUP without any problems. (I installed DNS on it to see if maybe
that was an issue, and the results are the same from the internal servers.)
Fedex.com is the only domain that I can’t send e-mail to, though, even with
the NSLOOKUP issues.
Help!!!!! Can someone point me in the right direction here? I thought all
rules & protocol definitions were set up correctly (I even have a client set
defined for the internal servers, and I’ve checked the protocol definitions
and rules to no avail.)
Thank you for your help,
Ian Sterling
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp.
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
