Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

SMTP Relay from perimeter to internal Exchange

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> DMZ >> SMTP Relay from perimeter to internal Exchange Page: [1]
Login
Message << Older Topic   Newer Topic >>
SMTP Relay from perimeter to internal Exchange - 30.Jun.2005 11:06:00 PM   
theblacksmith

 

Posts: 46
Joined: 24.Jun.2002
Status: offline 		How can i install a IIS5 SMTP server (this server must not be an open relay for the internet) in a Back to Back DMZ with Private Addresses on DMZ Segment than can relay mails to an internal exchange server?

NE tutorials on this configuration?
Post #: 1
RE: SMTP Relay from perimeter to internal Exchange - 3.Jul.2005 3:02:00 PM   
tshinder

 

Posts: 47659
Joined: 10.Jan.2001
From: Texas
Status: offline 		Hi TBS,

TONS of tutorials and how to's on how to do this on this site, and in the ISA/Exchange Deployment kits.

HTH,
Tom

(in reply to theblacksmith)
Post #: 2
RE: SMTP Relay from perimeter to internal Exchange - 13.Jul.2005 4:16:00 PM   
theblacksmith

 

Posts: 46
Joined: 24.Jun.2002
Status: offline 		So far, so good... i had configured the IIS's SMTP service to recieve mails for domains i host, but now comes the "BIG" part.... which IP address i must supply to the smarthost for each domain?, the external ip address of the internal ISA or the IP address of the Internal Network Exchange Server?

(in reply to theblacksmith)
Post #: 3
RE: SMTP Relay from perimeter to internal Exchange - 14.Jul.2005 10:30:00 PM   
isawader

 

Posts: 420
Joined: 27.Apr.2005
Status: offline 		The smarthost should point to the external NIC of the back end ISA. You should've server published the internal exchange server or created an access rule depending on how you defined the Network Rule between the DMZ Network and Internal Network.

(in reply to theblacksmith)
Post #: 4
RE: SMTP Relay from perimeter to internal Exchange - 15.Jul.2005 10:16:00 AM   
theblacksmith

 

Posts: 46
Joined: 24.Jun.2002
Status: offline 		Great...!, i'll try it today...! [Smile] ...

(in reply to theblacksmith)
Post #: 5
RE: SMTP Relay from perimeter to internal Exchange - 15.Jul.2005 7:09:00 PM   
theblacksmith

 

Posts: 46
Joined: 24.Jun.2002
Status: offline
quote:
Originally posted by ISAwader:
The smarthost should point to the external NIC of the back end ISA. You should've server published the internal exchange server or created an access rule depending on how you defined the Network Rule between the DMZ Network and Internal Network.
Damn..! this thing is giving me big troubles, i can't make ISA Server (Internal) to forward e-mails to LAN's Exchange, i just don't get it..., i had published SMTP Server to listen from the external nic and forward to internal exchange. Let me tell you that i've been telneting the DMZ's E-mail Server (setted up as a smarthost) and when checking the Log i can see an error: Could not deliver this message to the remote server because the connection either failed or was refused.

When i try to telnet from the DMZ to the Internal external nic on the internal isa there is a timeout on port 25... so it seems that internal isa is not "recognizing" the server publishing rule.

BTW: i have A LOOOOOOOT of this error, and i can't fix it...

Description: ISA Server detected routes through adapter Novell 2000 Adapter. (Microsoft's Packet Scheduler) that do not correlate with the network element to which this adapter belongs. For best practice, the address range of an ISA Server network should match the address ranges routable through the associated network adapter as defined in the routing table. Otherwise valid packets may be dropped as spoofed. (This alert may occur momentarily when you create a remote site network. You may safely ignore this message if it does not reoccur.) The address ranges in conflict are: 192.168.0.0-192.168.0.0;192.168.0.15-192.168.0.15;.

(in reply to theblacksmith)
Post #: 6
RE: SMTP Relay from perimeter to internal Exchange - 15.Jul.2005 7:34:00 PM   
theblacksmith

 

Posts: 46
Joined: 24.Jun.2002
Status: offline 		Finally got it to work, it seems that all the problem was about this error i previously posted, so now it's forwarding mails as it should be...

BUT.... now i'm trying to "specify" what servers are in the DMZ, so i create a network definition at the internal isa using this range "172.16.0.1 TO 172.16.0.20", not adding any special sub-net mask, just the 255.255.255.0, but when i create the network, the SMTP Server publishing rule fails... i would like to go even further, telling isa to listen SMTP request ONLY for the mail relay server (on the DMZ) and nothing else.... what can i do here to acomplish this task?.

[ July 15, 2005, 07:36 PM: Message edited by: TheBlackSmith ]

(in reply to theblacksmith)
Post #: 7
RE: SMTP Relay from perimeter to internal Exchange - 15.Jul.2005 9:29:00 PM   
isawader

 

Posts: 420
Joined: 27.Apr.2005
Status: offline 		What IP address range did you add for the Internal Network?

What IP address range did you add for the DMZ Network?

What is the External IP number and Internal IP number for the back end ISA?

What is the IP number on the DMZ mail relay server?

What's the IP number of internal Exchange server?

Do you Route or NAT between DMZ and Internal Networks?

quote:
i would like to go even further, telling isa to listen SMTP request ONLY for the mail relay server (on the DMZ) and nothing else....
If you NAT between DMZ and Internal Networks, create this server publishing rule:

Name: Relay <-> Exchange
Server IP: <exchange server's IP>
Select Protocol: SMTP server
IP addresses: Select the DMZ Network, click "Address.." button and select an IP from the DMZ Network.

After creating this rule, right click on it and select properties. Click on the "From" tab and remove the DMZ Network. Click on the Add button and create a new Computer Object. In that, type in the DMZ mail relay's IP number and finally add that computer object to the FROM tab. Apply this configuration. This should make sure only mail relay from dmz can send emails to exchange.

[ July 15, 2005, 09:48 PM: Message edited by: ISAwader ]

(in reply to theblacksmith)
Post #: 8
RE: SMTP Relay from perimeter to internal Exchange - 16.Jul.2005 12:37:00 AM   
theblacksmith

 

Posts: 46
Joined: 24.Jun.2002
Status: offline 		Cool...!, got it working..! now everything works like a charm... [Smile] ... Yahoooo....!

Thanks for all the help guys..!

Ps: It's allways a good thing getting some help from more xpert users..

(in reply to theblacksmith)
Post #: 9
RE: SMTP Relay from perimeter to internal Exchange - 16.Jul.2005 1:09:00 AM   
isawader

 

Posts: 420
Joined: 27.Apr.2005
Status: offline 		Glad to hear you resolved the problems! [Smile]

(in reply to theblacksmith)
Post #: 10

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> DMZ >> SMTP Relay from perimeter to internal Exchange Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts