+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 28
Internet Related/Filtering/Firewall Thread, Help with our Exchange & TMG Setup - No External Mail! in Technical; We use to have our exchange on one public external IP address. I have now moved Exchange over to use ...
  1. #1
    pritchardavid's Avatar
    Join Date
    Sep 2009
    Location
    South Ockendon, Thurrock, United Kingdom
    Posts
    932
    Thank Post
    18
    Thanked 64 Times in 58 Posts
    Rep Power
    26

    Help with our Exchange & TMG Setup - No External Mail!

    We use to have our exchange on one public external IP address. I have now moved Exchange over to use TMG.

    I done this by creating three rules

    1- OWA
    2- ActiveSync
    3- Outlook Anywhere

    However we now have a major problem.

    We cant receive external mail!
    I can seem to send mail out, but for some reason when I look at the source of the message, its still using the old public external IP address.

    ----------------------------------------
    The only DNS records externally we have is

    * CNAME Record - remote.ockendon.thurrock.e2bn.org
    www CNAME Record - remote.ockendon.thurrock.e2bn.org

    mail.messaging.microsoft.com - MX Record

    ----------------------------------------
    remote.ockendon.thurrock.e2bn.org then goes to the council DNS and then to our TMG server.
    mail.messaging.microsoft.com is Forefront Online Protection, this has got both the outgoing and incoming IP address (updated to match the same IP address of the TMG server)

    Also have got the council to delete the old NAT settings for the old external public IP address so it would not interfere.

    Is there something I have missed?

    Many thanks

  2. #2


    Join Date
    Feb 2007
    Location
    Northamptonshire
    Posts
    4,692
    Thank Post
    352
    Thanked 797 Times in 716 Posts
    Rep Power
    347
    Can mail.messaging.microsoft.com contact your exchange server on tcp 25 / smtp?

    (I can't on your remote.ockendon.thurrock.e2bn.org but you've probably denied that intentionally so just worth checking your MX can reach your exchange)

  3. #3
    pritchardavid's Avatar
    Join Date
    Sep 2009
    Location
    South Ockendon, Thurrock, United Kingdom
    Posts
    932
    Thank Post
    18
    Thanked 64 Times in 58 Posts
    Rep Power
    26
    thanks.... sorry how would I check that? I have even disabled the firewall temporary on the exchange server just in case

  4. #4


    Join Date
    Feb 2007
    Location
    Northamptonshire
    Posts
    4,692
    Thank Post
    352
    Thanked 797 Times in 716 Posts
    Rep Power
    347
    I was poking remote.ockendon.* on port 25 and it refused it, normally for a mail server that means nothing can send mail to it.

    Though in your case because you have a separate server in place receiving the mail first (mail.messaging.microsoft.com) and then passing it over to you, as long as the mail.messaging one can talk to your server on port 25 you should be fine.

    I'm not an exchange guy though, so I could be wrong completely

  5. #5

    Join Date
    Feb 2007
    Location
    Wolverhampton
    Posts
    330
    Thank Post
    18
    Thanked 35 Times in 33 Posts
    Rep Power
    21
    Quote Originally Posted by kmount View Post
    I was poking remote.ockendon.* on port 25 and it refused it, normally for a mail server that means nothing can send mail to it.

    Though in your case because you have a separate server in place receiving the mail first (mail.messaging.microsoft.com) and then passing it over to you, as long as the mail.messaging one can talk to your server on port 25 you should be fine.

    I'm not an exchange guy though, so I could be wrong completely
    Have you tried Microsoft's Exchange Connectivity Analyzer website

  6. #6
    pritchardavid's Avatar
    Join Date
    Sep 2009
    Location
    South Ockendon, Thurrock, United Kingdom
    Posts
    932
    Thank Post
    18
    Thanked 64 Times in 58 Posts
    Rep Power
    26
    ah forgot about using that site

    Incoming SMTP test

    Testing inbound SMTP mail flow for domain adaout@theockendonacademy.com.
    Inbound SMTP mail flow was verified successfully.
    Test Steps
    Attempting to retrieve DNS MX records for domain theockendonacademy.com.
    One or more MX records were successfully retrieved from DNS.
    Additional Details
    MX Records Host mail.messaging.microsoft.com, Preference 10
    Testing Mail Exchanger mail.messaging.microsoft.com.
    This Mail Exchanger was tested successfully.
    Test Steps
    Attempting to resolve the host name mail.messaging.microsoft.com in DNS.
    The host name resolved successfully.
    Additional Details
    IP addresses returned: 216.32.180.22, 216.32.180.190
    Testing TCP port 25 on host mail.messaging.microsoft.com to ensure it's listening and open.
    The port was opened successfully.
    Additional Details
    Banner received: 220 VA3EHSMHS022.bigfish.com Microsoft ESMTP MAIL Service ready at Fri, 24 Aug 2012 10:28:30 +0000
    Attempting to send a test e-mail message to adaout@theockendonacademy.com using MX mail.messaging.microsoft.com.
    The test message was delivered successfully.
    Testing the MX mail.messaging.microsoft.com for open relay by trying to relay to user Admin@TestExchangeConnectivity.com.
    The Open Relay test passed. This mx isn't an open relay.
    Additional Details
    The open relay test message delivery failed, which is a good thing.
    The exception detail:
    Exception details:
    Message: Mailbox unavailable. The server response was: 5.4.1 Relay Access Denied
    Type: System.Net.Mail.SmtpFailedRecipientException
    Stack trace:
    at System.Net.Mail.SmtpTransport.SendMail(MailAddress sender, MailAddressCollection recipients, String deliveryNotify, SmtpFailedRecipientException& exception)
    at System.Net.Mail.SmtpClient.Send(MailMessage message)
    at Microsoft.Exchange.Tools.ExRca.Tests.SmtpOpenRelay Test.PerformTestReally()
    Outcoming SMTP test

    Performing Outbound SMTP Test
    The outbound SMTP test was successful.
    Test Steps
    Attempting reverse DNS lookup for IP address 85.12.92.88.
    ExRCA successfully resolved IP address 85.12.92.88 via reverse DNS lookup.
    Additional Details
    ExRCA resolved IP address 85.12.92.88 to host remote.ockendon.thurrock.e2bn.org.
    Performing Real-Time Black Hole List (RBL) Test
    Your IP address wasn't found on any of the block lists selected.
    Test Steps
    Checking Block List "SpamHaus Block List (SBL)"
    The address isn't on the block list.
    Additional Details
    IP address 85.12.92.88 wasn't found on RBL.
    Checking Block List "SpamHaus Exploits Block List (XBL)"
    The address isn't on the block list.
    Additional Details
    IP address 85.12.92.88 wasn't found on RBL.
    Checking Block List "SpamHaus Policy Block List (PBL)"
    The address isn't on the block list.
    Additional Details
    IP address 85.12.92.88 wasn't found on RBL.
    Checking Block List "SpamCop Block List"
    The address isn't on the block list.
    Additional Details
    IP address 85.12.92.88 wasn't found on RBL.
    Checking Block List "NJABL.ORG Block List"
    The address isn't on the block list.
    Additional Details
    IP address 85.12.92.88 wasn't found on RBL.
    Checking Block List "SORBS Block List"
    The address isn't on the block list.
    Additional Details
    IP address 85.12.92.88 wasn't found on RBL.
    Checking Block List "MSRBL Combined Block List"
    The address isn't on the block list.
    Additional Details
    IP address 85.12.92.88 wasn't found on RBL.
    Checking Block List "UCEPROTECT Level 1 Block List"
    The address isn't on the block list.
    Additional Details
    IP address 85.12.92.88 wasn't found on RBL.
    Checking Block List "AHBL Block List"
    The address isn't on the block list.
    Additional Details
    IP address 85.12.92.88 wasn't found on RBL.
    Performing Sender ID validation.
    Sender ID validation was performed successfully.
    Test Steps
    Attempting to find the SPF record using a DNS TEXT record query.
    ExRCA wasn't able to find the SPF record.
    Additional Details
    No records were found.
    Any ideas?

  7. #7

    Join Date
    Dec 2008
    Location
    Essex
    Posts
    2,144
    Thank Post
    1
    Thanked 326 Times in 316 Posts
    Rep Power
    77
    Just to confirm the issue now is only with External>Internal?

    What NDR do you get if any?

  8. #8
    pritchardavid's Avatar
    Join Date
    Sep 2009
    Location
    South Ockendon, Thurrock, United Kingdom
    Posts
    932
    Thank Post
    18
    Thanked 64 Times in 58 Posts
    Rep Power
    26
    Hi such

    Internal mail works fine (active directory user to another active directory user in the same domain)

    External mail we just don't receive

    Now I have again just look at the Forefront Online and I decided to take a look at the reports, email is getting to Fore Front Online, no problem.
    So the problem lays between either


    Forefront to TMG server

    or


    TMG Server to Exchange server

    I have noticed a error with I have corrected on the Forefront Site. Each domain you also have to change the Outbound Mail Server IP Addresses, I didn't notice this. Wouldn't have even thought you would have that there because on the main page it's got the same option.
    Still not receiving after changing that.


    We don't seem to be getting any NDRs
    Last edited by pritchardavid; 24th August 2012 at 06:34 PM.

  9. #9

    Join Date
    Dec 2008
    Location
    Essex
    Posts
    2,144
    Thank Post
    1
    Thanked 326 Times in 316 Posts
    Rep Power
    77
    FOPE changes can take up tp 45mins or 2 hours, if the issue is still there, then up the logging on exch server to verbose on the receive connector.

  10. #10
    pritchardavid's Avatar
    Join Date
    Sep 2009
    Location
    South Ockendon, Thurrock, United Kingdom
    Posts
    932
    Thank Post
    18
    Thanked 64 Times in 58 Posts
    Rep Power
    26
    Just sent out a mail from the exchange server to my personal email, receives fine expect it finds the old external IP address!? how is that possible?

    x-store-info:J++/JTCzmObr++wNraA4Pa4f5Xd6uensxNRGNyaWNyfixa3FbyjfZD +KOBmp4VfRT7yDSXMqZW6aOPhlz5VZqPRnFTFKbdH6t1q1QYGz AuG4qoX3qq1GRGHGANcrheNNNonJHnu5W8o=
    Authentication-Results: hotmail.com; sender-id=none (sender IP is 85.12.92.85) header.from=dpritchard@theockendonacademy.com; dkim=none header.d=theockendonacademy.com; x-hmca=none
    X-SID-PRA: dpritchard@theockendonacademy.com
    X-DKIM-Result: None
    X-SID-Result: None
    X-AUTH-Result: NONE
    X-Message-Status: n:n
    X-Message-Delivery: Vj0xLjE7dXM9MDtsPTE7YT0xO0Q9MTtHRD0xO1NDTD0w
    X-Message-Info: aKlYzGSc+Ll01bU5z89gvAsY2S8105M4khMRlYqDzWDyu/7XDBP8opkoytE/jMb2AkoJFl1XPVDAxT22rH7Ip1P3fMlybd37H1En8ALcMsscp0 ya+eV4Mnb13iL9O5SDe53mw2tFKe2cvNCDDPZ6hg==
    Received: from mail.theockendonacademy.com ([85.12.92.85]) by COL0-MC1-F17.Col0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4900);
    Fri, 24 Aug 2012 11:05:28 -0700
    Received: from EXCHANGE.theockendonacademy.com ([fe80::1c65:2d8:73a:bb8f]) by
    EXCHANGE.theockendonacademy.com ([fe80::1c65:2d8:73a:bb8f%13]) with mapi id
    14.02.0298.004; Fri, 24 Aug 2012 19:04:59 +0100
    From: David Pritchard <dpritchard@theockendonacademy.com>
    To: "pritchard@outlook.com" <pritchard@outlook.com>
    Subject: test
    Thread-Topic: test
    Thread-Index: Ac2CIvlL17gA0mXhSKqhhOThslQTUQ==
    Date: Fri, 24 Aug 2012 18:04:58 +0000
    Message-ID: <919F91E36141E84C8E78046DD648E3BC45635044@EXCHANGE .theockendonacademy.com>
    Accept-Language: en-GB, en-US
    Content-Language: en-GB
    X-MS-Has-Attach:
    X-MS-TNEF-Correlator:
    x-originating-ip: [10.146.65.31]
    Content-Type: multipart/alternative;
    boundary="_000_919F91E36141E84C8E78046DD648E3BC456 35044EXCHANGEtheocke_"
    MIME-Version: 1.0
    Return-Path: dpritchard@theockendonacademy.com
    X-OriginalArrivalTime: 24 Aug 2012 18:05:28.0720 (UTC) FILETIME=[0B368100:01CD8223]

    --_000_919F91E36141E84C8E78046DD648E3BC45635044EXCHA NGEtheocke_
    Content-Type: text/plain; charset="iso-8859-1"
    Content-Transfer-Encoding: quoted-printable

  11. #11
    pritchardavid's Avatar
    Join Date
    Sep 2009
    Location
    South Ockendon, Thurrock, United Kingdom
    Posts
    932
    Thank Post
    18
    Thanked 64 Times in 58 Posts
    Rep Power
    26
    Ah no need to read my post above then, didn't refresh the page before posting that, hopefully after a while it should start working then

    It should state when you change settings that it will take that long to update really on forefront
    Last edited by pritchardavid; 24th August 2012 at 07:12 PM.

  12. #12

    Join Date
    Dec 2008
    Location
    Essex
    Posts
    2,144
    Thank Post
    1
    Thanked 326 Times in 316 Posts
    Rep Power
    77
    FOPE changes can take up tp 45mins or 2 hours, if the issue is still there, then up the logging on exch server to verbose on the receive connector.

  13. #13

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,223
    Thank Post
    874
    Thanked 2,717 Times in 2,302 Posts
    Blog Entries
    11
    Rep Power
    780
    Quote Originally Posted by sukh View Post
    FOPE changes can take up tp 45mins or 2 hours, if the issue is still there, then up the logging on exch server to verbose on the receive connector.
    A ducks quack never echos

  14. #14

    Join Date
    Dec 2008
    Location
    Essex
    Posts
    2,144
    Thank Post
    1
    Thanked 326 Times in 316 Posts
    Rep Power
    77
    So all sorted then?

  15. #15
    pritchardavid's Avatar
    Join Date
    Sep 2009
    Location
    South Ockendon, Thurrock, United Kingdom
    Posts
    932
    Thank Post
    18
    Thanked 64 Times in 58 Posts
    Rep Power
    26
    Nope still not working

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Help with Exchange 2010
    By phreak in forum Enterprise Software
    Replies: 4
    Last Post: 23rd May 2012, 03:14 PM
  2. Replies: 15
    Last Post: 11th January 2011, 09:32 AM
  3. Help with Exchange 2007
    By laputa01 in forum Windows
    Replies: 3
    Last Post: 4th November 2008, 02:00 PM
  4. *CRYING* Help with a BroadBand Router and our Network
    By ninjabeaver in forum Wireless Networks
    Replies: 25
    Last Post: 2nd December 2005, 10:50 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •