Thanks to everyone for the feedback on this issue. I didn't have control (or the skill set) over the PIX but the mail was magically flowing out of Outlook Express via POP3. I'm assuming Port 25 wasn't open as was originally promised.
Trouble is, the mail is staying in the SMTP queue on the Front-End server. I'm not sure why the messages are flowing to the front-end server, but they are. I was under the impression that this server was only supposed to forward requests, not send mail. When I look at the properties of the domains awaiting delivery in the SMTP queue on the Front-End Server, I see this message: "An internal DNS error caused a failure to find the remote server". >From the front-end server, I can do an nslookup of the mail server for the domains in question. I can also telnet to port 25 of the mail servers for the remote domains. Not sure why these are sitting in the queue. When the external PIX firewall is opened up from the DMZ to a specific domain, the mail flows. Any ideas why we would have to open up the external firewall to a domain to send it mail or how can I get the Internal server to send the Mail instead? Thanks! -----Original Message----- From: [EMAIL PROTECTED] [mailto:bounce-exchange-211474@;ls.swynk.com] On Behalf Of Jeffrey Dubyn Sent: Monday, October 28, 2002 3:47 PM To: Exchange Discussions Subject: Troubleshooting POP3 Access to a Front-End server in a DMZ Having trouble getting POP3 access to work using Front-End server in a DMZ. Here's the environment: PIX firewall>DMZ that houses a Front-End Exchange SP3 server>PIX Firewall>Local LAN with Back-End Exchange SP3 server. Originally, POP3 was setup on the Back-End server and is presently functioning perfectly. In order to secure the environment, we are testing a Front-End server to offload and secure that functionality. When a POP3 account is inside the firewall or on the DMZ, there is no problem with connectivity. Unfortunately, when it is on the Internet, email times out with the following error: "The connection to the server has failed. Account "ACCOUNT", Server: "SERVER", Protocol:SMTP, Port 25, Secure(SSL); NO, Socket Error: 10061, error Number 0x800CCCoE" We have disabled Anonymous logon and are using Windows Authentication for POP3 clients on the Exchange server(s). We cannot seem to find why it works from the inside and not from the outside. We've been using a number of different documents for reference, including: Q278339 - TCP/UDP Ports Used By Exchange 2000 Server Q278339 - Exchange 2000 Windows 2000 Connectivity Through Firewalls Exchange 2000 Deployment Guide (Chapter 6) E2KFrontBack.doc but cannot find a definitive answer. Any suggestions on how to troubleshoot why POP3 is not working for the machines on the Internet? Thanks! _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:leave-exchange@;ls.swynk.com Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:leave-exchange@;ls.swynk.com Exchange List admin: [EMAIL PROTECTED]
