Microsoft
Software
Hardware
Network
Question : How to route mail from mail server to correct public IP address
Hello Expert:
Last night, I configured and installed a SSG-5 (Juniper) firewall and all was going great until I found out my mail was rejected by one of my customers. Below is the rejection notice. The problem is I am sending out mail through my 208.47.92.149 address when should be my public address of 208.47.92.145 which resloves back to my correct public dns records. I tried several test polices but still can't get it to go out the 208.47.92.145 IP address. The mail is going out the 208.47.92.149 address because I have it assigned to Ethernet 0/0. I have 208.47.92.145 setup as a Virtual IP address with the correct ports opened for services I need. My question is how do I set up the SSG-5 Firewall to send out mail through the correct public IP address? I hope this makes sense. Thanks
Delivery has failed to these recipients or distribution lists:
[email protected]
An error occurred while trying to deliver this message to the recipient's e-mail address. Microsoft Exchange will not try to redeliver this message for you. Please try resending this message, or provide the following diagnostic text to your system administrator.
The following organization rejected your message: steel.aasteel.com.
--------------------------
----------
----------
----------
----------
----------
----
Sent by Microsoft Exchange Server 2007
Diagnostic information for administrators:
Generating server: commserver1.titanfabricato
rs.com
[email protected]
steel.aasteel.com #550-Your mail server does not resolve REVERSE DNS for IP 208.47.92.149 550-or a mismatch exists with name resolving back to 208.47.92.149 550 Please report this to your IS Staff or ISP (Internet Service Provider). ##
Original message headers:
Received: from commserver1.titanfabricato
rs.com ([192.168.0.5]) by
commserver1.titanfabricato
rs.com ([192.168.0.5]) with mapi; Thu, 28 Feb 2008
17:08:21 -0600
From: Stephen Hunter
To: "
[email protected]
"
Date: Thu, 28 Feb 2008 17:08:20 -0600
Subject: test from me
Thread-Topic: test from me
Thread-Index: AQHIel7PGlAzK4Ilf026BiosJb
YAnA==
Message-ID:
2781545BCB
CC98461@co
mmserver1.
titanfabri
cators.com
>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding:
quoted-printable
MIME-Version: 1.0
Answer : How to route mail from mail server to correct public IP address
Hello Hunter,
set interface ethernet0/0 dip 208.47.92.145 208.47.92.145
set policy from trust to untrust any any smtp nat src dip-id 1 permit
These commands on the CLI should create a source address translation policy for outgoing SMTP traffic which replaces the source address in the outgoing packets with the 208.47.92.145 address.
From the Juniper ScreenOS concepts and examples guide volume 8 pg. 91:
"The security device forwards incoming traffic destined for a VIP to the host with the
address to which the VIP points. However, when a VIP host initiates outbound
traffic, the security device only translates the original source IP address to another
address if you have previously configured NAT on the ingress interface or NAT-src in
a policy that applies to traffic originating from that host. Otherwise, the security
device does not translate the source IP address on traffic originating from a VIP
host."
Random Solutions
DHCP stops giving out IPs with no errors in logs
Issues with https access to a Aironet 1200
Wallpaper in terminal sessions
Windows 2003 SP 2, Can ping google but I cannot browse it with IE
Enable ICS with Windows Firewall kills Network File/Print Sharing
insert & update query is very slow on weblogic
Restoring Windows 2000 DC server
Wireless, Domain, Group policy
Shadow copy???????? windows 2003
recording on click to call