Announcement

Collapse
No announcement yet.

SBS and FRONT problem with Exchange 2003

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • SBS and FRONT problem with Exchange 2003

    Hello,

    I've got a big problem on my hands that I spend a lot of time on. To give you full overview I'll tell you a bit about our setup and our network in general.

    We have 2 servers:
    - Microsoft Windows 2003 Small Bussiness Server with Exchange 2003 (SBS)
    - Microsoft Windows 2003 with Exchange 2003 (FRONT)

    Those 2 servers were on hosting to which we were connected thru VPN. But now we have moved them to our internal network at our main location and we had to change all ip's on them.

    Our network in our main location consist of:
    - 10.10.14.0 (255.255.255.0) (LAN)
    - 10.10.15.0 (255.255.255.0) (WIFI)
    - 10.10.16.0 (255.255.255.0) (DMZ in our main location)
    Our network in our 2nd location consists of:
    - 10.10.10.0 (255.255.255.0) (LAN of our second location VPN-ed thru)
    - 10.10.11.0 (255.255.255.0) (WIFI of our second location VPN-ed thru)


    I've put SBS on IP 10.10.14.100, and FRONT on 10.10.16.229. I've created connection between SBS and FRONT and I've not configured yet any firewall between those 2 so there should be no problems in communication between those two. I've also configured Virtual IP for 10.10.16.229 and assigned it public IP that is available outside (lets say it's 90.90.90.90).

    Now my problem is that in our hosting location we had SBS where all our mailboxes are and clients connect to it to get emails and to send emails. When ppl send email SBS forwarded them to FRONT and FRONT forwarded them further to next mail server (wasn't a part of my company network but hosting guys had it configured that way).

    After moving it i've reconfigured a lot of stuff with it to conform with our needs and the problem is:
    - Mails from outside are comming to FRONT without problems, and then are moved to mailboxes on SBS (althought some ppl complained that they don't get some emails).
    - Mails inside company are going thru without problems.
    - Mails from inside sent to outside when forced thru FRONT are bounced back to clients with following message:
    <sbs.domain.corp #5.7.1 smtp;550 5.7.1 Unable to relay for [email protected]>


    When i reconfigure SBS to send emails directly to internet and don't push it thru FRONT mails go thru and go as expected (althought the problem is some domains won't accept such sent email because MX server address doesn't match the IP it's sent thru).


    More info on the case:
    - There's no problem to connect with Telnet to SBS on 25 port from FRONT, and there's no problem to connect with Telnet to FRONT o 25 port from SBS.
    - SBS is the only DNS server in our location. It's set on FRONT and SBS as main DNS server.

    - SBS is domain controler, front is added to domain.


    SMTP settings for FRONT -> connection control (All except the list below is the main choice): Nothing is on the list.
    SMTP settings for FRONT -> relay restrictions (Only the list below):
    Granted -> 10.10.14.100
    Granted -> 10.10.16.229
    Granted -> 10.10.14.0 (255.255.255.0) -> added recently to see if anything changes
    Allow all computers which successfully authenticate to relay regardless of the list above is CHECKED.

    SMTP settings for SBS -> connection control (Only the list below):
    Granted -> 10.10.10.0 (255.255.255.0)
    Granted -> 10.10.11.0 (255.255.255.0)
    Granted -> 10.10.14.0 (255.255.255.0)
    Granted -> 10.10.15.0 (255.255.255.0)
    Granted -> 10.10.16.0 (255.255.255.0)
    Granted -> 127.0.0.1

    SMTP settings for SBS -> relay restrictions (Only the list below):
    Granted -> 10.10.10.0 (255.255.255.0)
    Granted -> 10.10.11.0 (255.255.255.0)
    Granted -> 10.10.14.0 (255.255.255.0)
    Granted -> 10.10.15.0 (255.255.255.0)
    Granted -> 10.10.14.100
    Granted -> 127.0.0.1
    Allow all computers which successfully authenticate to relay regardless of the list above is UNCHECKED.

    On connectors i've got:
    FRONT <-> RELAY:
    * Use DNS to route to each address space on this connector
    * Local bridgeheads: FRONT

    SBS <-> FRONT
    * Use DNS to route to each address space on this connector
    * Local bridgehead: SBS

    Now if i change Forward all mail thru this connector to the following smart hosts to: [10.10.16.229] i get the RELAY problem, if i leave it like it is now all mails go out straight from SBS (which is not what i want).

    If you have any more questions that may help in helping me resolve the problem please let me know Hopefully i can have it fixed before the end of the week.

    Cheers,

    Przemek
    My website with some small projects - http://www.pro-solutions.pl

  • #2
    Re: SBS and FRONT problem with Exchange 2003

    Whatever your reasons for wanting to put an Exchange server in the DMZ, they are wrong.
    There is no valid reason to put a frontend server in the DMZ, so I would suggest that you drop that idea to begin with. The number of holes in the firewall to make it work make the DMZ practically useless.

    As this is SBS, I would actually go as far as to say that a frontend server is a waste and would consider dropping it. While I have deployed a frontend server with an SBS server in the past, the value of doing so is limited.

    As for email flow, to get email to flow from the backend server to the frontend for delivery requires an SMTP connector with the frontend server listed as the only bridgehead.
    Ensure that there is no smart host set on the SMTP virtual server of any machine, which can affect the delivery of email. SMTP scanning in any file system AV can also cause email flow between the servers to stop.

    Simon.
    --
    Simon Butler
    Exchange MVP

    Blog: http://blog.sembee.co.uk/
    More Exchange Content: http://exchange.sembee.info/
    Exchange Resources List: http://exbpa.com/
    In the UK? Hire me: http://www.sembee.co.uk/

    Sembee is a registered trademark, used here with permission.

    Comment


    • #3
      Re: SBS and FRONT problem with Exchange 2003

      @Sembee
      The reason for front server might have been because hosting company wanted us to pay more money to get one. I wasn't there at company so bosses belived everything they said (althought it made sense to have FRONT server for me aswell). Right now i would like to get this thing working in current format. Later on i may change things around but don't want to mess things up right now.

      So you're saying that under Connectors in:
      FRONT <-> RELAY i should have local bridgehead FRONT and Use DNS ... checked

      SBS <-> FRONT i should have local bridghead FRONT and Forward all mail through this connector to the following smarthost and there [10.10.16.229]

      Also should there be any changees to RELAY/Connection in Default SMTP Virtual Server setting? Remember that only SBS has direct access to FRONT and clients that are connecting to SBS don't see the FRONT at all.

      THere's no AV and there's no SmartHost set (empty fields for both SMTP) unless there's an entry hidden somewhere that i've missed.


      Thank you for your help so far. Please let me know if my assumptions are correct in here?
      My website with some small projects - http://www.pro-solutions.pl

      Comment


      • #4
        Re: SBS and FRONT problem with Exchange 2003

        You only need one SMTP connector, not two.
        You do not need an SMTP connector to send mail between the two Exchange servers.

        Furthermore no SMTP connector should have a smart host set as an internal Exchange server as that can cause email transport issues.

        I have to disagree on your view that a frontend server makes sense. It does not in this scenario. Frontend servers have two functions - to take off the load on the backend server, and to provide a single point of entry for multiple servers.

        You do not have multiple servers, and the built in limit of SBS of 75 users means that the load on the server will be minimal at best, even if you had all of your users working remotely. A single server would easily cope.

        Relay/Connection settings should be as per the default. Relaying is not required for Exchange to pass email between servers for delivery. You do not have to have other Exchange servers listed as relays.

        Simon.
        --
        Simon Butler
        Exchange MVP

        Blog: http://blog.sembee.co.uk/
        More Exchange Content: http://exchange.sembee.info/
        Exchange Resources List: http://exbpa.com/
        In the UK? Hire me: http://www.sembee.co.uk/

        Sembee is a registered trademark, used here with permission.

        Comment


        • #5
          Re: SBS and FRONT problem with Exchange 2003

          So i have changed Connector:



          SBS <-> FRONT to local bridghead to FRONT (from SBS), and i have pointed to [10.10.16.229] in Forward all mail through this connector to the following smart hosts.

          i have left FRONT <-> RELAY not changed.

          THe error msg now is:

          <mail2.mymx.pl #5.3.5>

          with adnotation that the message is going between servers or between 2 addresses and that this is configuration problem. I havent deleted SMTP virtual servers as i would do it later on when i knew this setup works fine?

          Anything i did wrong? any more information you require that i could provide?
          My website with some small projects - http://www.pro-solutions.pl

          Comment


          • #6
            Re: SBS and FRONT problem with Exchange 2003

            I have removed the 10.10.16.229 from SBS <-> FRONT connector and set it to DNS, restarted everything and seems it's working

            Hurray

            Thank You very much. I'll report in couple of minutes after test
            My website with some small projects - http://www.pro-solutions.pl

            Comment


            • #7
              Re: SBS and FRONT problem with Exchange 2003

              Hello again,

              I seem to have continuation of this problem. I am sending emails, receiving emails mostly fine. But sending emails that are larger (like 1mb, 10kb, 13kb) seems to queue up on the SBS in SBS <-> FRONT - _ddssdfdsfgdsfsdfs
              so they never get delivered to FRONT. THe problem seems to be that if some larger mail is in the queue (well not SUPER large but like 200kb/3mb) everything is stopped and is not sent.

              THe localbridge head is FRONT and like i said some mails go thru, some don't and queue up.


              In log for a message there's entry:

              SMTP: mesage Routed and Queued for remote deilvery and it's standing in there like that ;(

              Any help on this would be appreciated?
              My website with some small projects - http://www.pro-solutions.pl

              Comment


              • #8
                Re: SBS and FRONT problem with Exchange 2003

                Check for restrictions on the SMTP virtual server, antivirus software scanning something it shouldn't do etc.

                Simon.
                --
                Simon Butler
                Exchange MVP

                Blog: http://blog.sembee.co.uk/
                More Exchange Content: http://exchange.sembee.info/
                Exchange Resources List: http://exbpa.com/
                In the UK? Hire me: http://www.sembee.co.uk/

                Sembee is a registered trademark, used here with permission.

                Comment

                Working...
                X