ReallyWildStuff
Guest
|
 Posted:
Tue Nov 08, 2005 1:58 am Post subject:
dualhoming with a new domain |
|
|
This problem involves hosting multiple domains on a dual-homed Exchange 2000
server. I am not a novice but have not setup a dual-homed environment on
Exchange before. On top of that, it's not about just swapping a working
single-nic solution to dual-nic, it's about adding another domain at the same
time. Details follow.
Exchange 2000 has a nic with an internal LAN IP address and a recipient
policy for "@existing.com". There is an SMTP Virtual Server defined on the
internal LAN IP - this SMTP server sends mail out the door sometimes. It
also passes mail back and forth between people inside the LAN.
It does NOT host any Internet e-mail - that task is handled by a third-party
hosting company. Outlook clients inside the LAN establish SMTP and POP
sessions with the third party provider to collect their Internet E-mail. I
did _not_ set this up this way, this is what I'm trying to fix.
Looking for a phased-in solution that incorporates our firewall's
capabilities and a second nic in the Exchange box (i am aware of the security
risks associated with having Exchange on the Internet, everybody's just going
to have deal with that for the moment, maybe I'll put a Linux spam killer
in-between later). I would like to setup a different test domain to test the
Exchange server's ability to host Internet mail and deliver it in the
dual-homed topology.
To that end:
a) a second nic with a public ip address on the DMZ behind our firewall
b) a test domain (test.com)
c) MX 10 record for test.com = mail.test.com
d) A record of mail.test.com = public IP of the 2nd nic
I can ping the A record by name and IP. I have allowed traffic on port 25
into and out of the DMZ. I am certain that I have seutp the public routing
part of this equation properly.
When I setup a virutal SMTP server as "mail.test.com" and bind it to the
public IP I can get responses out of the mail server using web-based
open-relay and "does my mail server work?"-type tools on the web - it
responds, doesn't relay etc.
However, I can't ever get it to actually accept and deliver mail - I get a
return NDR "no such user". I am unable to successfully deliver mail to
myself@test.com despite:
a) setting up an SMTP connector between the two SMTP servers...I am not
sure if I'm doing this correctly, should the address space be * or test.com
or...?
Also, "bridgehead" refers to a "military fortification that protects the end
of a bridge that is closest to the enemy", strictly by definition it seems
like "Local Bridgeheads" on the SMTP connection should be the Public IP
Server, but after reading Micro$oft's documentation I'm now thinking that
"Local Bridgehead" = Internal SMTP server...correct?
During one of my tests of the SMTP connector part of the equation, I managed
to stop the internal SMTP server from being able to push any mail out the
door at all. I had to tear all my changes down because I didn't know what
the problem was.
b) manually defining a new e-mail address @test.com on my AD account
c) in addition to a) above, setting up a new recipient policy.
Twice now I have tried to setup @test.com as a recipient policy that only
applies to my AD account, however it invariably creates @test.com addresses
for everyone in the OU and better than _that_ it makes the @test.com address
the default e-mail (so people come screaming down the hall "this e-mail I
sent says my address is username@test.com oh my God! and similar).
There are several steps here that I'm not getting, i.e.: how do I tell
Exchange to accept mail for test.com? Is that ONLY through a "Recipient
Policy" - even if I have the e-mail address defined in the "E-mail addresses"
tab of an AD user?
Can you make recipient policies that only apply to one person? Is this
about disabling the Recipient Update Service?
Once I get the public SMTP server to accept mail for the test.com domain, I
will need it to accept mail for two more domains as well (existing.com and
aliasforexisting.com), but when I experimented with creating a third SMTP
servers it said there was already an SMTP server defined on that public
IP...how is this done?
Pending a working solution, I have brought everything back down to zero
(internal smtp only), so if somebody could just tell me how to do it from
scratch (instead of trying to fix my rambling above) that would be super.
Thanks in advance.
|
|
Tom Felts
Guest
|
| Posted:
Tue Nov 08, 2005 1:58 am Post subject:
Re: dualhoming with a new domain |
|
|
Not sure why you need the dual nic. We just forward the port 25 traffic
through to our internal SMTP server.
This explains about recipient policies:
http://www.petri.co.il/configure_exchange_2000_2003_to_receive_email_for_other_domains.htm
"ReallyWildStuff" <ReallyWildStuff@discussions.microsoft.com> wrote in
message news:6A9C6B3B-15D6-493E-8116-0B3186BCB441@microsoft.com...
| Quote: | This problem involves hosting multiple domains on a dual-homed Exchange
2000
server. I am not a novice but have not setup a dual-homed environment on
Exchange before. On top of that, it's not about just swapping a working
single-nic solution to dual-nic, it's about adding another domain at the
same
time. Details follow.
Exchange 2000 has a nic with an internal LAN IP address and a recipient
policy for "@existing.com". There is an SMTP Virtual Server defined on the
internal LAN IP - this SMTP server sends mail out the door sometimes. It
also passes mail back and forth between people inside the LAN.
It does NOT host any Internet e-mail - that task is handled by a
third-party
hosting company. Outlook clients inside the LAN establish SMTP and POP
sessions with the third party provider to collect their Internet E-mail.
I
did _not_ set this up this way, this is what I'm trying to fix.
Looking for a phased-in solution that incorporates our firewall's
capabilities and a second nic in the Exchange box (i am aware of the
security
risks associated with having Exchange on the Internet, everybody's just
going
to have deal with that for the moment, maybe I'll put a Linux spam killer
in-between later). I would like to setup a different test domain to test
the
Exchange server's ability to host Internet mail and deliver it in the
dual-homed topology.
To that end:
a) a second nic with a public ip address on the DMZ behind our firewall
b) a test domain (test.com)
c) MX 10 record for test.com = mail.test.com
d) A record of mail.test.com = public IP of the 2nd nic
I can ping the A record by name and IP. I have allowed traffic on port 25
into and out of the DMZ. I am certain that I have seutp the public
routing
part of this equation properly.
When I setup a virutal SMTP server as "mail.test.com" and bind it to the
public IP I can get responses out of the mail server using web-based
open-relay and "does my mail server work?"-type tools on the web - it
responds, doesn't relay etc.
However, I can't ever get it to actually accept and deliver mail - I get a
return NDR "no such user". I am unable to successfully deliver mail to
myself@test.com despite:
a) setting up an SMTP connector between the two SMTP servers...I am not
sure if I'm doing this correctly, should the address space be * or
test.com
or...?
Also, "bridgehead" refers to a "military fortification that protects the
end
of a bridge that is closest to the enemy", strictly by definition it seems
like "Local Bridgeheads" on the SMTP connection should be the Public IP
Server, but after reading Micro$oft's documentation I'm now thinking that
"Local Bridgehead" = Internal SMTP server...correct?
During one of my tests of the SMTP connector part of the equation, I
managed
to stop the internal SMTP server from being able to push any mail out the
door at all. I had to tear all my changes down because I didn't know what
the problem was.
b) manually defining a new e-mail address @test.com on my AD account
c) in addition to a) above, setting up a new recipient policy.
Twice now I have tried to setup @test.com as a recipient policy that only
applies to my AD account, however it invariably creates @test.com
addresses
for everyone in the OU and better than _that_ it makes the @test.com
address
the default e-mail (so people come screaming down the hall "this e-mail I
sent says my address is username@test.com oh my God! and similar).
There are several steps here that I'm not getting, i.e.: how do I tell
Exchange to accept mail for test.com? Is that ONLY through a "Recipient
Policy" - even if I have the e-mail address defined in the "E-mail
addresses"
tab of an AD user?
Can you make recipient policies that only apply to one person? Is this
about disabling the Recipient Update Service?
Once I get the public SMTP server to accept mail for the test.com domain,
I
will need it to accept mail for two more domains as well (existing.com and
aliasforexisting.com), but when I experimented with creating a third SMTP
servers it said there was already an SMTP server defined on that public
IP...how is this done?
Pending a working solution, I have brought everything back down to zero
(internal smtp only), so if somebody could just tell me how to do it from
scratch (instead of trying to fix my rambling above) that would be super.
Thanks in advance.
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in