Microsoft
Software
Hardware
Network
Question : How to route mail from mail server to correct public IP address
Hello Expert:
Last night, I configured and installed a SSG-5 (Juniper) firewall and all was going great until I found out my mail was rejected by one of my customers. Below is the rejection notice. The problem is I am sending out mail through my 208.47.92.149 address when should be my public address of 208.47.92.145 which resloves back to my correct public dns records. I tried several test polices but still can't get it to go out the 208.47.92.145 IP address. The mail is going out the 208.47.92.149 address because I have it assigned to Ethernet 0/0. I have 208.47.92.145 setup as a Virtual IP address with the correct ports opened for services I need. My question is how do I set up the SSG-5 Firewall to send out mail through the correct public IP address? I hope this makes sense. Thanks
Delivery has failed to these recipients or distribution lists:
[email protected]
An error occurred while trying to deliver this message to the recipient's e-mail address. Microsoft Exchange will not try to redeliver this message for you. Please try resending this message, or provide the following diagnostic text to your system administrator.
The following organization rejected your message: steel.aasteel.com.
--------------------------
----------
----------
----------
----------
----------
----
Sent by Microsoft Exchange Server 2007
Diagnostic information for administrators:
Generating server: commserver1.titanfabricato
rs.com
[email protected]
steel.aasteel.com #550-Your mail server does not resolve REVERSE DNS for IP 208.47.92.149 550-or a mismatch exists with name resolving back to 208.47.92.149 550 Please report this to your IS Staff or ISP (Internet Service Provider). ##
Original message headers:
Received: from commserver1.titanfabricato
rs.com ([192.168.0.5]) by
commserver1.titanfabricato
rs.com ([192.168.0.5]) with mapi; Thu, 28 Feb 2008
17:08:21 -0600
From: Stephen Hunter
To: "
[email protected]
"
Date: Thu, 28 Feb 2008 17:08:20 -0600
Subject: test from me
Thread-Topic: test from me
Thread-Index: AQHIel7PGlAzK4Ilf026BiosJb
YAnA==
Message-ID:
2781545BCB
CC98461@co
mmserver1.
titanfabri
cators.com
>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding:
quoted-printable
MIME-Version: 1.0
Answer : How to route mail from mail server to correct public IP address
Hello Hunter,
set interface ethernet0/0 dip 208.47.92.145 208.47.92.145
set policy from trust to untrust any any smtp nat src dip-id 1 permit
These commands on the CLI should create a source address translation policy for outgoing SMTP traffic which replaces the source address in the outgoing packets with the 208.47.92.145 address.
From the Juniper ScreenOS concepts and examples guide volume 8 pg. 91:
"The security device forwards incoming traffic destined for a VIP to the host with the
address to which the VIP points. However, when a VIP host initiates outbound
traffic, the security device only translates the original source IP address to another
address if you have previously configured NAT on the ingress interface or NAT-src in
a policy that applies to traffic originating from that host. Otherwise, the security
device does not translate the source IP address on traffic originating from a VIP
host."
Random Solutions
ssl cert installation, and passkey removal?
connecting to a mapped network drive on boot
WIFI/HOTSPOT SOFTWARE
Local Network Printer isn't available to Remote Desktop (RDP) Session
GPS design help required
WINS Server
Internet Printing between 2 windows XP Pro PC's
Log on Message, how to do?
domain purchase
Application development for windows based mobiles/mobiles computers