Email internet headers mapping the gateway IP

Tags:
Microsoft Exchange
Hi all! Whenever an email leaves my Exchange 2003 server it gets the IP of the main gateway instead of the IP of the SMTP server. This has caused my organization to be blocked since the reverse lookup of the address (smtp.some-org.org) does not resolve in the external IP of the machine but the IP of the gateway. How can I fix this? The same is true for my Merak server, nothing can go through if I don't realy off from Exchange, and when it does, it gets the gateway IP. Is it my DNS who appends the gateway to the email? Is it my firewall? Is it Exchange? Please help!!!!!!! Thank you,
ASKED: July 11, 2006  8:11 PM
UPDATED: July 15, 2006  12:31 PM

Answer Wiki

Thanks. We'll let you know when a new response is added.

Ok. If I understand your statement correctly, I believe your org is using PAT (port address translation – all to one) for all your external traffic. You don’t set up separate one to one NAT for your SMTP server.
So, the question is: Do you have a chunk of IP addresses so that you can assign one-to-one NAT for your mail server?
If you have only one IP address to use, you have to do something else.
Another questions: How do external emails arrive to your org?
Do you have firewall admin in your org to talk to?
I need more info from you.

Discuss This Question: 8  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Mrmetry
    I believe all that would be required would be for you would be to set up the correct reverse entry (pointer) record in DNS. This would correspond to your gateway IP. When email servers (configured to do so) do a reverse lookup on the name of your email server and cannot find it the mail is dropped.
    0 pointsBadges:
    report
  • Humbleapprentice
    Hi all, I have a 1 to 1 translation in the NAT at the firewall (from anywhere to the alias to the destination address) and rules for SMTP to go to the email server (from/to SMTP server to/from anywhere but only SMTP). Does this help? Cheers,
    0 pointsBadges:
    report
  • Serendipity
    As mrmetry said, you just need a reverse DNS pointer record in DNS for the gateway server that sends the e-mail out, and the pointer should be on whatever DNS server maintains your publicly accessed MX record. The IP address of the last server in your organization that sends the message out appears in the message header. If external organizations are set up to do reverse DNS lookups on incoming mail, the IP address in the header (gateway server)needs to be able to be translated to the name of the gateway server. We had the same problem of messages being blocked by reverse DNS lookups, and adding the reverse DNS pointer record solved it.
    100 pointsBadges:
    report
  • Humbleapprentice
    Hi people, Thank you all for your time and help. I have the DNS records for everything and that is the weird part! See, I have a Host(A) and a MX record with the name of my email server in the forward lookup zone and in the reverse, a Pointer(PTR) record for the same server. Still, it takes the gateway IP address (named "gateway" also in the DNS records) and uses that one instead of the one it is supposed to be using. It makes no sense at least to me why it will do that. Any more ideas? Thank you,
    0 pointsBadges:
    report
  • Mrmetry
    The reverse pointer record for your mail server must match the "gateway" IP.
    0 pointsBadges:
    report
  • Humbleapprentice
    Thanks Mr.Metry, I will try your idea but still I am kinda puzzled since I thought it should be mapping to the IP address we got for it on the internet (basically, why do I have to get it an external IP address on the internet if I have to map it only to the gateway of my firewall?) Cheers, humble.apprentice P.S.: Since I am the humble apprentice there is a lot to learn.
    0 pointsBadges:
    report
  • Mrmetry
    Hi, I believe it's because there is a mismatch between what your DNS MX record shows and the IP (gateway IP) in the email message header that's shown for your email server. I believe the quickest fix right now would be to change your MX record in DNS to match the gateway IP. How is your network set up? What type of internet connection do you have? What type of firewall? Does your email server have a (your present DNS MX record)a publicly addressable IP or is it on an internal network and you're trying to NAT (forward from the firewall to the server) to it?
    0 pointsBadges:
    report
  • Humbleapprentice
    Hi all, My network configuration is like this: I have a firewall that translates my external IPs into their internal IPs (NAT, 1 to 1 translation). One of my email servers is in the DMZ and it relays on another in the LAN (this is because for some reason it can not send on its own). There is a rule open on the firewall for it to cross SMTP between that machine on the DMZ with the one on the LAN as well to the outside. The DMZ email server has a web interface as well so whenever I point the Host(A) record or any pointer to the gateway IP that cacks out. All the records seem to match, at least that's what me and other two guys have determined, could be the firewall? If so, HOW??? Thanks people, humble.apprentice
    0 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following