The front end server has to be able to pass SMTP to the backend servers, because I'm betting the backend server(s) are the ones with an allowable IMS for outbound mail?
------------------------------------------------------ Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis - Formerly Harbinger and Extricity Atlanta, GA > -----Original Message----- > From: Jeffrey Dubyn [mailto:jdubyn@;optonline.net] > Sent: Tuesday, October 29, 2002 7:34 PM > To: Exchange Discussions > Subject: RE: Troubleshooting POP3 Access to a Front-End > server in a DMZ > > > Thanks to everyone for the feedback on this issue. I didn't have > control (or the skill set) over the PIX but the mail was magically > flowing out of Outlook Express via POP3. I'm assuming Port 25 wasn't > open as was originally promised. > > Trouble is, the mail is staying in the SMTP queue on the Front-End > server. > I'm not sure why the messages are flowing to the front-end server, but > they > are. I was under the impression that this server was only supposed to > forward requests, not send mail. When I look at the properties of the > domains awaiting delivery in the SMTP queue on the Front-End Server, I > see this message: "An > internal DNS error caused a failure to find the remote server". > > From the front-end server, I can do an nslookup of the mail server for > the > domains in question. I can also telnet to port 25 of the mail servers > for > the remote domains. Not sure why these are sitting in the queue. > > When the external PIX firewall is opened up from the DMZ to a specific > domain, the mail flows. > > Any ideas why we would have to open up the external firewall > to a domain to send it mail or how can I get the Internal > server to send > the > Mail instead? > > Thanks! > > > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:bounce-exchange-211474@;ls.swynk.com] On Behalf Of > Jeffrey Dubyn > Sent: Monday, October 28, 2002 3:47 PM > To: Exchange Discussions > Subject: Troubleshooting POP3 Access to a Front-End server in a DMZ > > > Having trouble getting POP3 access to work using Front-End server in a > DMZ. > > Here's the environment: > > PIX firewall>DMZ that houses a Front-End Exchange SP3 server>PIX > Firewall>Local LAN with Back-End Exchange SP3 server. > > Originally, POP3 was setup on the Back-End server and is presently > functioning perfectly. In order to secure the environment, we are > testing a Front-End server to offload and secure that functionality. > > When a POP3 account is inside the firewall or on the DMZ, there is no > problem with connectivity. Unfortunately, when it is on the Internet, > email times out with the following error: > > "The connection to the server has failed. Account "ACCOUNT", Server: > "SERVER", Protocol:SMTP, Port 25, Secure(SSL); NO, Socket > Error: 10061, > error Number 0x800CCCoE" > > We have disabled Anonymous logon and are using Windows Authentication > for POP3 clients on the Exchange server(s). > > We cannot seem to find why it works from the inside and not from the > outside. > > We've been using a number of different documents for reference, > including: > > Q278339 - TCP/UDP Ports Used By Exchange 2000 Server > Q278339 - Exchange 2000 Windows 2000 Connectivity Through Firewalls > Exchange 2000 Deployment Guide (Chapter 6) E2KFrontBack.doc > > but cannot find a definitive answer. > > Any suggestions on how to troubleshoot why POP3 is not working for the > machines on the Internet? > > Thanks! > > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:leave-exchange@;ls.swynk.com > Exchange List admin: [EMAIL PROTECTED] > > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:leave-exchange@;ls.swynk.com > Exchange List admin: [EMAIL PROTECTED] > _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:leave-exchange@;ls.swynk.com Exchange List admin: [EMAIL PROTECTED]
