Re: dualhoming with a new domain
- From: "Tom Felts" <tfelts@xxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 7 Nov 2005 20:26:26 -0500
Not sure why you need the dual nic. We just forward the port 25 traffic
through to our internal SMTP server.
This explains about recipient policies:
http://www.petri.co.il/configure_exchange_2000_2003_to_receive_email_for_other_domains.htm
"ReallyWildStuff" <ReallyWildStuff@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:6A9C6B3B-15D6-493E-8116-0B3186BCB441@xxxxxxxxxxxxxxxx
> This problem involves hosting multiple domains on a dual-homed Exchange
2000
> server. I am not a novice but have not setup a dual-homed environment on
> Exchange before. On top of that, it's not about just swapping a working
> single-nic solution to dual-nic, it's about adding another domain at the
same
> time. Details follow.
>
> Exchange 2000 has a nic with an internal LAN IP address and a recipient
> policy for "@existing.com". There is an SMTP Virtual Server defined on the
> internal LAN IP - this SMTP server sends mail out the door sometimes. It
> also passes mail back and forth between people inside the LAN.
>
> It does NOT host any Internet e-mail - that task is handled by a
third-party
> hosting company. Outlook clients inside the LAN establish SMTP and POP
> sessions with the third party provider to collect their Internet E-mail.
I
> did _not_ set this up this way, this is what I'm trying to fix.
>
> Looking for a phased-in solution that incorporates our firewall's
> capabilities and a second nic in the Exchange box (i am aware of the
security
> risks associated with having Exchange on the Internet, everybody's just
going
> to have deal with that for the moment, maybe I'll put a Linux spam killer
> in-between later). I would like to setup a different test domain to test
the
> Exchange server's ability to host Internet mail and deliver it in the
> dual-homed topology.
>
> To that end:
>
> a) a second nic with a public ip address on the DMZ behind our firewall
> b) a test domain (test.com)
> c) MX 10 record for test.com = mail.test.com
> d) A record of mail.test.com = public IP of the 2nd nic
>
> I can ping the A record by name and IP. I have allowed traffic on port 25
> into and out of the DMZ. I am certain that I have seutp the public
routing
> part of this equation properly.
>
> When I setup a virutal SMTP server as "mail.test.com" and bind it to the
> public IP I can get responses out of the mail server using web-based
> open-relay and "does my mail server work?"-type tools on the web - it
> responds, doesn't relay etc.
>
> However, I can't ever get it to actually accept and deliver mail - I get a
> return NDR "no such user". I am unable to successfully deliver mail to
> myself@xxxxxxxx despite:
>
> a) setting up an SMTP connector between the two SMTP servers...I am not
> sure if I'm doing this correctly, should the address space be * or
test.com
> or...?
>
> Also, "bridgehead" refers to a "military fortification that protects the
end
> of a bridge that is closest to the enemy", strictly by definition it seems
> like "Local Bridgeheads" on the SMTP connection should be the Public IP
> Server, but after reading Micro$oft's documentation I'm now thinking that
> "Local Bridgehead" = Internal SMTP server...correct?
>
> During one of my tests of the SMTP connector part of the equation, I
managed
> to stop the internal SMTP server from being able to push any mail out the
> door at all. I had to tear all my changes down because I didn't know what
> the problem was.
>
> b) manually defining a new e-mail address @test.com on my AD account
>
> c) in addition to a) above, setting up a new recipient policy.
>
> Twice now I have tried to setup @test.com as a recipient policy that only
> applies to my AD account, however it invariably creates @test.com
addresses
> for everyone in the OU and better than _that_ it makes the @test.com
address
> the default e-mail (so people come screaming down the hall "this e-mail I
> sent says my address is username@xxxxxxxx oh my God! and similar).
>
> There are several steps here that I'm not getting, i.e.: how do I tell
> Exchange to accept mail for test.com? Is that ONLY through a "Recipient
> Policy" - even if I have the e-mail address defined in the "E-mail
addresses"
> tab of an AD user?
>
> Can you make recipient policies that only apply to one person? Is this
> about disabling the Recipient Update Service?
>
> Once I get the public SMTP server to accept mail for the test.com domain,
I
> will need it to accept mail for two more domains as well (existing.com and
> aliasforexisting.com), but when I experimented with creating a third SMTP
> servers it said there was already an SMTP server defined on that public
> IP...how is this done?
>
> Pending a working solution, I have brought everything back down to zero
> (internal smtp only), so if somebody could just tell me how to do it from
> scratch (instead of trying to fix my rambling above) that would be super.
>
> Thanks in advance.
>
.
- References:
- dualhoming with a new domain
- From: ReallyWildStuff
- dualhoming with a new domain
- Prev by Date: Re: Dual ISP, SMTP settings.. help
- Next by Date: Outlook Web Access - automatic login
- Previous by thread: dualhoming with a new domain
- Next by thread: RE: IIS SMTP Mail sent to Exchange 2003 SP2 not being delivered
- Index(es):
Relevant Pages
|
