General discussion


Exchange Servers and Firewalls

By skivtmp ·
We recently had our firewall replaced because our old one was defective. The old one was configured by a company no longer in business. We have a Windows 2000 Server running Microsoft Exchange server for our dedicated domain. We have a high-speed modem that gives us a dynamic IP address and the firewall has a DHCP client resolving our internet connection round-the-clock.

Since installing the new firewall, our internet has been restored to all of the machines including the server and internal messages send and receive fine. Internet e-mail and messages sent outside our domain are currently not working. No settings have been changed on our server since the firewall crash, so is it something with our firewall set up, dns, etc?

Any help is greatly appreciated.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

by Mike Mullins In reply to Exchange Servers and Fire ...

1. Using an outside source - Look up the MX record for your domain and verify that it is set to the external firewall IP.
2. Verify that the firewall is NATing that external IP TCP port 25 traffic to your internal exchange IP address.
3. Verify that your firewall allows your Exchange to do a DNS lookup and send to external IPs to TCP port 25.
4. From your exchange server do an nslookup on an external site.

This is all you need for exchange to send and receive mail outside your domain.

Good Luck,
Mike Mullins

Collapse -

by skivtmp In reply to
Collapse -

by CG IT In reply to Exchange Servers and Fire ...

outbound to the internet fails, port 25 is closed. inbound from the internet fails, either port 25 is closed, port fowarding to wrong server ip address, MX record does not have the right public IP address.

there is a telnet test for exchange to verify port 25 works on the LAN. open a telnet prompt [open command prompt type telnet]
at the telnet prompt type: <server name><space><port #> e.g. server1 25 note: server name can be the actual machine name or your FQDN or the server ip address.

if the connector is working, you should see this message: 220 <your server> Microsoft Exchange Internet Mail Connector <version number of the IMC>

next type ehlo and press enter, you should receive a reply: 250 OK

type exit to quit the telnet session.

Collapse -

by skivtmp In reply to

Poster rated this answer.

Collapse -

by skivtmp In reply to Exchange Servers and Fire ...

This question was closed by the author

Related Discussions

Related Forums