Discussion:
would using NAT make your exchange server appear to be a relay?
(too old to reply)
Gary M
2007-01-03 14:13:37 UTC
Permalink
we switched internet providers recently, went from cable to a full T1 (yay)

when we did, I was told to setup NAT, we received 10 addresses from bell
south so they wanted to use .20 for our VPN\firewall, address.21 for smtp,
.22 for FTP and so on.

well we have had issues sending email to AOL and others, and when I do a
manual telnet test to AOL it says 550 RELAYING DENIED.

then a user forwarded me a NDR message that stated
"xx.xxx.xxx.20 does not map to ourcompanyemail.com in DNS"

and that is correct, as NAT is using xx.xxx.xxx.21 from smtp while .20 is
for the firewall\vpn box.

is using NAT making it look like we are relaying?

how do we resolve this?

just get rid of NAT, or is there something else we can do?

gary
Gary M
2007-01-03 14:41:01 UTC
Permalink
we are guessing the issue is that although our mx record points to the .21
address all email goes out thru the firewall which has a .20 address.

is there anyway to tell exchange to send email out thru the .21 address?

will this make it look like a relay, am I fighting a losing battle here?

I am beginning to think we just quit trying to use NAT, but they are not
ready to give up on that yet.

gary
Post by Gary M
we switched internet providers recently, went from cable to a full T1 (yay)
when we did, I was told to setup NAT, we received 10 addresses from bell
south so they wanted to use .20 for our VPN\firewall, address.21 for smtp,
.22 for FTP and so on.
well we have had issues sending email to AOL and others, and when I do a
manual telnet test to AOL it says 550 RELAYING DENIED.
then a user forwarded me a NDR message that stated
"xx.xxx.xxx.20 does not map to ourcompanyemail.com in DNS"
and that is correct, as NAT is using xx.xxx.xxx.21 from smtp while .20 is
for the firewall\vpn box.
is using NAT making it look like we are relaying?
how do we resolve this?
just get rid of NAT, or is there something else we can do?
gary
Waleed Omar
2007-01-03 19:54:14 UTC
Permalink
Try to put the primary IP address on the Public interface of your Nat device
as 21.

Regards,
Waleed Omar
Post by Gary M
we are guessing the issue is that although our mx record points to the .21
address all email goes out thru the firewall which has a .20 address.
is there anyway to tell exchange to send email out thru the .21 address?
will this make it look like a relay, am I fighting a losing battle here?
I am beginning to think we just quit trying to use NAT, but they are not
ready to give up on that yet.
gary
Post by Gary M
we switched internet providers recently, went from cable to a full T1 (yay)
when we did, I was told to setup NAT, we received 10 addresses from bell
south so they wanted to use .20 for our VPN\firewall, address.21 for
smtp, .22 for FTP and so on.
well we have had issues sending email to AOL and others, and when I do a
manual telnet test to AOL it says 550 RELAYING DENIED.
then a user forwarded me a NDR message that stated
"xx.xxx.xxx.20 does not map to ourcompanyemail.com in DNS"
and that is correct, as NAT is using xx.xxx.xxx.21 from smtp while .20 is
for the firewall\vpn box.
is using NAT making it look like we are relaying?
how do we resolve this?
just get rid of NAT, or is there something else we can do?
gary
Kevin Longley
2007-01-03 23:24:05 UTC
Permalink
In addition, if successful with Waleeds suggestion, consider changing on the
smtp virtual servers Delivery Tab-Advanced to the fully qualified domain
name that your public mx record points to.
Post by Gary M
we are guessing the issue is that although our mx record points to the .21
address all email goes out thru the firewall which has a .20 address.
is there anyway to tell exchange to send email out thru the .21 address?
will this make it look like a relay, am I fighting a losing battle here?
I am beginning to think we just quit trying to use NAT, but they are not
ready to give up on that yet.
gary
Post by Gary M
we switched internet providers recently, went from cable to a full T1 (yay)
when we did, I was told to setup NAT, we received 10 addresses from bell
south so they wanted to use .20 for our VPN\firewall, address.21 for
smtp, .22 for FTP and so on.
well we have had issues sending email to AOL and others, and when I do a
manual telnet test to AOL it says 550 RELAYING DENIED.
then a user forwarded me a NDR message that stated
"xx.xxx.xxx.20 does not map to ourcompanyemail.com in DNS"
and that is correct, as NAT is using xx.xxx.xxx.21 from smtp while .20 is
for the firewall\vpn box.
is using NAT making it look like we are relaying?
how do we resolve this?
just get rid of NAT, or is there something else we can do?
gary
Continue reading on narkive:
Search results for 'would using NAT make your exchange server appear to be a relay?' (Questions and Answers)
6
replies
Setting an external IP?
started 2009-11-13 12:22:01 UTC
computer networking
Loading...