Re: Dual-homed SBS *Standard* server won't accept SMTP connections

From: Les Connor [SBS Community Member - SBS MVP] (les.connor_at_DEL.cfive.ca)
Date: 01/06/05 

Date: Thu, 6 Jan 2005 13:03:07 -0600

Hi Eliot !,

How's the (sox) headache? Replace by a new years celebration, no doubt :-)

A default configuration should allow any client on the lan to send to
exchange. So from a client on the lan, telnet <servername> 25 should bring
up the exchange banner.

ESM | Default Virtual Server Properties
> General Tab
IP addresses (All Unassigned)

>Access Tab
Authentication - Anynymous, Basic and Integrated checked
Connection - All except list below (list empty)
Relay - Only the list below - Internal nic IP, localhost( 127.0.0.1), and
external nic IP

If you make any changes, stop and start the default SMTP Virtual Server. 

-- 
Les Connor [SBS Community Member - SBS MVP]
-----------------------------------------------------------
SBS Rocks !
"Eliot Sennett" <eliot102@hotmail.com> wrote in message 
news:u7wcq%23B9EHA.1564@TK2MSFTNGP09.phx.gbl...
> Perhaps I was indeed to brief.  We did use telnet to test the operations
> from inside the lan, outside the firewall, and on the server itself.
> Responses to telnet were only received from outside the firewall, whose
> internal interface is on the same subnet as the server's external NIC.
>
> We tried every test and configuration you've described below. The port 26 
> on
> the inside NIC plus port 25 on the external NIC was the only configuration
> in which anything on the LAN's subnet could telnet into the Exchange 
> server
> via SMTP, and it still is.
>
> FWIW, I just think this is inconvenient. I disagree with you that this is
> likely to screw anything up. If there's something specific that you think
> can go wrong by virtue of having the two NICs listen on two different 
> ports,
> I'd appreciate it if you'd clarify what that is.
>
> Here's the IP Config you asked about:
>
> Windows IP Configuration
>
>   Host Name . . . . . . . . . . . . : abc-sbs
>   Primary Dns Suffix  . . . . . . . : abc.internal
>   Node Type . . . . . . . . . . . . : Unknown
>   IP Routing Enabled. . . . . . . . : Yes
>   WINS Proxy Enabled. . . . . . . . : Yes
>   DNS Suffix Search List. . . . . . : abc.internal
>
> Ethernet adapter Internal:
>
>   Connection-specific DNS Suffix  . :
>
>   Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
>   Physical Address. . . . . . . . . : 00-11-43-D2-9F-43
>   DHCP Enabled. . . . . . . . . . . : No
>   IP Address. . . . . . . . . . . . : 192.168.16.2
>   Subnet Mask . . . . . . . . . . . : 255.255.255.0
>   Default Gateway . . . . . . . . . :
>   DNS Servers . . . . . . . . . . . : 192.168.16.2
>   Primary WINS Server . . . . . . . : 192.168.16.2
>
> Ethernet adapter External:
>
>   Connection-specific DNS Suffix  . :
>   Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
> #2
>   Physical Address. . . . . . . . . : 00-11-43-D2-9F-44
>   DHCP Enabled. . . . . . . . . . . : No
>   IP Address. . . . . . . . . . . . : 192.168.0.2
>   Subnet Mask . . . . . . . . . . . : 255.255.255.0
>   Default Gateway . . . . . . . . . : 192.168.0.1
>   Primary WINS Server . . . . . . . : 192.168.16.2
>   NetBIOS over Tcpip. . . . . . . . : Disabled
>
> Thanks, Phillip.
>
> "Phillip Windell" <@.> wrote in message
> news:OpciUtB9EHA.4072@TK2MSFTNGP10.phx.gbl...
>> "Eliot Sennett" <eliot102@hotmail.com> wrote in message
>> news:OS48ZYA9EHA.2016@TK2MSFTNGP15.phx.gbl...
>> > We figured the CEICW set the rules so that only the external NIC could
>> > handle inbound SMTP mail,
>>
>> Shouldn't have done that. You need it to listen on all Interfaces for 
>> what
>> you want to do.
>>
>> > So we looked a the Default Virtual Server for SMTP, and couldn't find
>> > anything that made us really believe that.
>>
>> Look at the Relay restrictions in Properties-->Access-->Relay.  Your 
>> LAN's
>> Address Range needs to be in this as "allowed to relay".
>>
>> > In addition, the server was set to listen on all unassigned IP
> Addresses.
>>
>> It should be set to "All Unassigned"
>>
>> > We tested setting up the addresses
>> > specifically (assigning one address in General, then adding the second
> in
>> > the Advanced button window), so that we forced both to be listening.
> Still
>>
>> No. One *normal* address per NIC.  There may be reasons for adding other
>> secondary IP#s,...but this isn't one of them.
>>
>> > Finally, we got the result we needed by assigning a different SMTP port
>> for
>> > the internal NIC and locking that onto the internal NIC's IP Address.
>>
>> Should never have to do that,... you will probably screw something up
>> somewhere by doing that.
>>
>> > What I'm wondering is whether this is expected behavior or whether
> there's
>> a
>> > way to get SMTP to listen on two different NICs on two different IP
>>
>> Did you *Telnet* to that IP#/Port? You never stated *how* you don't think
> it
>> is listening properly. You may be running around in circles thinking that
> it
>> isn't listening on those when it may very well be listening perfectly 
>> fine
>> but it just is "hearing" what it wants to hear.
>>
>> We also don't even know if the TCP/IP config of the Nics is even
>> correct,...you need to post that information.
>>
>> -- 
>>
>> Phillip Windell [MCP, MVP, CCNA]
>> www.wandtv.com
>>
>>
>
>