From: Atlanta, Ga
I have a single external interface with multiple IPs bound to it. I am using one of the "additional" IPs on the external interface to publish my mail server. The publishing works fine with the exception that all outbound SMTP packets are going out on the "primary" IP and not the one that I have the server publishing configured for. This is a problem since many are using reverse DNS lookups and are rejecting mail we send out.
I have deleted the publishing rules, rebuilt the LAT, and republished with no change.
Anyone have any thoughts on how to force outgoing SMTP to send on the "additional" IP?
by design, all outbound traffic is sourced from the primary IP address assigned to the ISA external interface. You simply can't change that behaviour. So, it is strongly adviced to publish your internal mailserver on the primary IP address.
From: Atlanta, Ga
Thanks for your confirmation on what was happening. I had to simply shuffle my IPs around as none of the other functions were so dependent upon outbound address. JOC, how is one to publish multiple mail servers behind ISA and provide reverse DNS lookup support if the external NIC will always "send" data out on the primary IP?
From: Seattle, WA
I got nailed by this myself a while back. Though I didn't implement this solution myself it would seem your most likely solution would be to use a smart host to concentrate the mail flow from the multiple servers before flowing the mail out through isa. If this solution doesn't scale to your needs I think you are out of luck.
If you need to publish multiple internal mail servers and must be sure that the same IP address is used for the outbound mail too, setup a secure mail relay and publish this one instead of each individual mail server. The secure mail relay server is then responsible for routing all inbound mail to the correct internal mail server.