Hi Jim, 1. On the external ISA configuration the decon config program was setup following instructions found on isaserver.org 2. With 2 IP address on external NIC of external ISA machine netstat -a or -an would show the correct IP address that I was using as my (mail.domain.com) mapped to port 25 after I setup the appropriate rules in ISA. 3. With multiple IP'S on the exteranl nic the log entries for packet filters always showed the ip listed first when doing IPCONFIG /ALL so, I was not able to debug the second Ip address to see what was going on and why mail was not being forwarded out to my relay server. I think that is centraly a flaw in how ISA looks at the ISA cards. When you setup the registry setting to show all IP address it does show log entries for both external and internal nics, However the external nic second IP address still would not appear in the logs so I could track down why mail was not being forward to my mail relay machine in the DMZ. 4. On the mail relay in the DMZ I setup the smtpcred tool pointing to my external ISA server machine. I also setup my smtp to point to smarthost of my internal isa (exteranl nic card) [198.162.100.100] I'm using IIS with the mail service as a relay machine. 5. I added domains *.forensicsdude.com, *.wccas.com etc and still could not receive mail. 6. I double checked all my domains to make sure that the MX record was pointing to the root of each domain forensicsdude.com etc Everything looked OK but still no mail. 7. It could have been a DNS issue since I basicaly had 2 ip address for each domain (198.162.0.1 webs) and (198.162.0.2 mail) However when I was using postfix and sendmail as relays for testing I did not have the same issue and could receive mail. It's when I went to using the ISA Smtp screener and the IIS relay is when I started having issues. 8. I removed the second ip address off my external ISA (external nic) changed all my DNS settings to use only 1 IP address. rebooted external ISA. reran smtpcred.exe on IIS/smtp relay machine and rebooted and things started to work the way they should. I can duplicate this process or at least I setup it up the same way 3 times just to make sure I could duplicate the issues. So, I'm guessing with the vendor class setup pointing to everyone, the dcomconfg program for that process was only looking at 1 ip ADDRESS. Just a guess since it appears that none of those programs logs a darn thing to any type of log file for review. Besides, that's why I pointed at the deconcnfg stuff. Joseph ----- Original Message ----- From: "Jim Harrison" <jim@xxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Thursday, April 29, 2004 8:47 AM Subject: [isalist] Re: Publishing two different Exchange Servers on my internal network http://www.ISAserver.org Hiya Joe, I'm not real clear what "doesn't work well" and what dcomcnfg had to do with any errors you saw? I do know that during a send session from you, if your source-IP doesn't match your MX lookup, many mail servers will drop your incoming connection. My mail server does this. It's a side-effect of the fact that any Windows host (ISA included) will use the default IP as the source IP when originating any IP traffic. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://www.microsoft.com/isaserver http://isaserver.org/Jim_Harrison http://isatools.org Read the help, books and articles! ----- Original Message ----- From: "cismic" <cismic@xxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Thursday, April 29, 2004 08:27 Subject: [isalist] Re: Publishing two different Exchange Servers on my internal network http://www.ISAserver.org Hi all, I have 1 exchange server that handles mail for 15 domains. My setup is as follows: ISA --> DMZ(MAIL RELAY) --> ISA --> INTERNAL EXCHANGE --> THEN ROUTE TO ANOTHER EXCHANGE The domains don't receive a heck of a lot of email and was mainly for testing but things work quite well. I used to have two IP address on my external ISA machine. I had one for webs and one for mail. That did not work well at all with the SMTP service and then routing to dmz relay machine. It was almost like the dcomcnfg file did not like the fact that I had 2 ip address but only 1 listening on port 25. After removing the 2nd ip address and changing all MX records to point to new ip address things started working great! Thanks to all those on this list! Joseph ----- Original Message ----- From: "Jim Harrison" <jim@xxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Thursday, April 29, 2004 8:19 AM Subject: [isalist] Re: Publishing two different Exchange Servers on my internal network http://www.ISAserver.org Two choices: 1. get another external IP 2. use an internal SMTP relay that understands how to route on a per-domain basis. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://www.microsoft.com/isaserver http://isaserver.org/Jim_Harrison http://isatools.org Read the help, books and articles! ----- Original Message ----- From: "Nabil, Ahmed" <anmahmou@xxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Thursday, April 29, 2004 07:32 Subject: [isalist] Publishing two different Exchange Servers on my internal network http://www.ISAserver.org We are currently hosting two Exchange servers, each is representing different organization. I published the First Exchange fine and I can see my e-mails from the internet using VPN client. The problem is when I try to publish the second interface, it didn't accept this because I have one external IP. How can I get around this problem to publish the two Exchanges ? Thanks and have a nice day, Ahmed ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: cismic@xxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: cismic@xxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')