Firewall rule help
I set these outgoing rules in our firewall:-
ALLOW ALL USERS PORT 53(DNS) WAN 220.127.116.11
ALLOW ALL USERS PORT 53(DNS) WAN 18.104.22.168
BLOCK ALL USERS PORT 53(DNS)
This had the desired effect of only allowing people internet access using the OpenDNS | Providing A Safer And Faster Internet DNS servers.
The problem I had is that it no one was getting any emails from the exchange server. As soon as I took the rules off all emails came through.
What do I need to change to allow the emails to work?
Do you mean outbound or inbound email?
Assuming your Exchange server could not send mail out, do you have your Exchange server SMTP set to deliver directly via DNS or via an upstream SMTP server? If you have it set to deliver directly using DNS and have different DNS servers manually configured on the Exchange server, I'd have thought this was nobbling all its lookups...
Inbound email was stopped and I will have to check if the outgoing email gets affected by the rules. I'll post back this evening once I have checked.
Run wireshark somewhere and finsd out what exchange is trying to do - in fact, should be easier in your firewall logs...
Are you running Exchange 'properly' or using a catchall/POP3? Any situation where the exchange server has to lookup then make an outbound connection - eg to pick up POP3 mail then distribute would also be affected if your DNS settings on the server are for an external DNS which isn't the OpenDNS ones.
Originally Posted by IA76
Why are you letting all users out to their dns? wont the clients point to your internal dns?
Does your exchange point to your internal DNS?
Have you setup the dns forwarding for your internal DNS?
What version of exchange?
Is your exchange your SMTP?
IIRC Exchange does a reverse lookup of the incoming ip's connection as well as a few other checks for IMF so it would need some sort of forwarding.