Re: Publishing two different Exchange Servers on my internal network
- From: "cismic" <cismic@xxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 29 Apr 2004 09:35:30 -0700
Hi Jim,
1. On the external ISA configuration the decon config program was setup
following instructions found on isaserver.org
2. With 2 IP address on external NIC of external ISA machine netstat -a
or -an would show the correct IP address that I was using as my
(mail.domain.com) mapped to port 25 after I setup the appropriate rules in
ISA.
3. With multiple IP'S on the exteranl nic the log entries for packet
filters always showed the ip listed first when doing IPCONFIG /ALL so, I was
not able to debug the second Ip address to see what was going on and why
mail was not being forwarded out to my relay server. I think that is
centraly a flaw in how ISA looks at the ISA cards. When you setup the
registry setting to show all IP address it does show log entries for both
external and internal nics, However the external nic second IP address still
would not appear in the logs so I could track down why mail was not being
forward to my mail relay machine in the DMZ.
4. On the mail relay in the DMZ I setup the smtpcred tool pointing to my
external ISA server machine. I also setup my smtp to point to smarthost of
my internal isa (exteranl nic card) [198.162.100.100]
I'm using IIS with the mail service as a relay machine.
5. I added domains *.forensicsdude.com, *.wccas.com etc and still could not
receive mail.
6. I double checked all my domains to make sure that the MX record was
pointing to the root of each domain forensicsdude.com etc Everything looked
OK but still no mail.
7. It could have been a DNS issue since I basicaly had 2 ip address for
each domain (198.162.0.1 webs) and (198.162.0.2 mail) However when I was
using postfix and sendmail as relays for testing I did not have the same
issue and could receive mail. It's when I went to using the ISA Smtp
screener and the IIS relay is when I started having issues.
8. I removed the second ip address off my external ISA (external nic)
changed all my DNS settings to use only 1 IP address. rebooted external
ISA. reran smtpcred.exe on IIS/smtp relay machine and rebooted and things
started to work the way they should.
I can duplicate this process or at least I setup it up the same way 3 times
just to make sure I could duplicate the issues.
So, I'm guessing with the vendor class setup pointing to everyone, the
dcomconfg program for that process was only looking at 1 ip ADDRESS. Just a
guess since it appears that none of those
programs logs a darn thing to any type of log file for review.
Besides, that's why I pointed at the deconcnfg stuff.
Joseph
----- Original Message -----
From: "Jim Harrison" <jim@xxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Thursday, April 29, 2004 8:47 AM
Subject: [isalist] Re: Publishing two different Exchange Servers on my
internal network
http://www.ISAserver.org
Hiya Joe,
I'm not real clear what "doesn't work well" and what dcomcnfg had to do with
any errors you saw?
I do know that during a send session from you, if your source-IP doesn't
match your MX lookup, many mail servers will drop your
incoming connection.
My mail server does this.
It's a side-effect of the fact that any Windows host (ISA included) will use
the default IP as the source IP when originating any IP
traffic.
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://www.microsoft.com/isaserver
http://isaserver.org/Jim_Harrison
http://isatools.org
Read the help, books and articles!
----- Original Message -----
From: "cismic" <cismic@xxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Thursday, April 29, 2004 08:27
Subject: [isalist] Re: Publishing two different Exchange Servers on my
internal network
http://www.ISAserver.org
Hi all,
I have 1 exchange server that handles mail for 15 domains.
My setup is as follows:
ISA --> DMZ(MAIL RELAY) --> ISA --> INTERNAL EXCHANGE --> THEN ROUTE TO
ANOTHER EXCHANGE
The domains don't receive a heck of a lot of email and was mainly for
testing but things work quite well.
I used to have two IP address on my external ISA machine. I had one for webs
and one for mail.
That did not work well at all with the SMTP service and then routing to dmz
relay machine. It was almost like the dcomcnfg file did not like the fact
that I had 2 ip address but only 1 listening on port 25. After removing the
2nd ip address and changing all MX records to point to new ip address things
started working great!
Thanks to all those on this list!
Joseph
----- Original Message -----
From: "Jim Harrison" <jim@xxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Thursday, April 29, 2004 8:19 AM
Subject: [isalist] Re: Publishing two different Exchange Servers on my
internal network
http://www.ISAserver.org
Two choices:
1. get another external IP
2. use an internal SMTP relay that understands how to route on a per-domain
basis.
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://www.microsoft.com/isaserver
http://isaserver.org/Jim_Harrison
http://isatools.org
Read the help, books and articles!
----- Original Message -----
From: "Nabil, Ahmed" <anmahmou@xxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Thursday, April 29, 2004 07:32
Subject: [isalist] Publishing two different Exchange Servers on my internal
network
http://www.ISAserver.org
We are currently hosting two Exchange servers, each is representing
different organization. I published the First Exchange fine and
I can see my e-mails from the internet using VPN client.
The problem is when I try to publish the second interface, it didn't accept
this because I have one external IP. How can I get
around this problem to publish the two Exchanges ?
Thanks and have a nice day,
Ahmed
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
cismic@xxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
cismic@xxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
