Go Back  DVD Talk Forum > General Discussions > Tech Talk
Reload this Page >

Exchange and DNS problem

Tech Talk Discuss PC Hardware, Software, Internet and Other Technology

Exchange and DNS problem

Old 12-21-03, 08:26 PM
  #1  
DVD Talk Hall of Fame
Thread Starter
 
Lateralus's Avatar
 
Join Date: Jun 2001
Location: Valley of Megiddo
Posts: 9,569
Likes: 0
Received 0 Likes on 0 Posts
Exchange and DNS problem

I setup my Exchange server last week and now I'm trying to run Outlook Web Access. I got my domain all setup and my DNS Host A through www.no-ip.com I also set up my mail servers MX record with the same company.

Yesterday I could send and receive email no problem. This morning I setup my Outlook web access and had some problems. Sometimes I could log in to my web access and sometimes it said "page not found" there was no rhyme or reason for it.

Finally I added my WAN IP address and my zapto.org to my hosts file and I could sucessfully log in every time. However, while I can send email, I can't receive any email. I checked my router and the ports are forwarded to my exchange server.

I'm thinking since I can't receive any email, that it is the MX entry that is hosted on no-ip.com that is causing the problem.

Suggestions?
Old 12-21-03, 10:36 PM
  #2  
DVD Talk Gold Edition
 
Join Date: Aug 1999
Location: Chicago, IL
Posts: 2,539
Likes: 0
Received 0 Likes on 0 Posts
try this site to check your domain/mx settings
http://www.dnsstuff.com/
the link to dnsreports.com is there too, and that will give you
some pretty good detailed info on your mx records, and mail settings.
Old 12-22-03, 08:05 AM
  #3  
DVD Talk Hall of Fame
Thread Starter
 
Lateralus's Avatar
 
Join Date: Jun 2001
Location: Valley of Megiddo
Posts: 9,569
Likes: 0
Received 0 Likes on 0 Posts
Originally posted by Neitzl
try this site to check your domain/mx settings
http://www.dnsstuff.com/
the link to dnsreports.com is there too, and that will give you
some pretty good detailed info on your mx records, and mail settings.
Great stuff thanks! Hmmmm I tired their email test and I got this as an error when they tried to send an email

Got an unknown MAIL FROM response: 454 5.7.3 Client does not have permission to submit mail to this server.
Old 12-22-03, 08:31 AM
  #4  
DVD Talk Hall of Fame
Thread Starter
 
Lateralus's Avatar
 
Join Date: Jun 2001
Location: Valley of Megiddo
Posts: 9,569
Likes: 0
Received 0 Likes on 0 Posts
The problem was with my SMTP virtual server.



If I allow anonymous access it gets through. If I allow this is it a secuirty risk?
Old 12-22-03, 09:02 AM
  #5  
DVD Talk Hero
 
Join Date: Aug 2001
Location: in da cloud
Posts: 26,196
Likes: 0
Received 0 Likes on 0 Posts
Since it's accepting messages from the internet then it needs to be set up for anonymous access. One way to get around this is to set up an SMTP gateway and keep your exchange 2000 servers inside the firewall and not visible to the outside.
Old 12-22-03, 09:08 AM
  #6  
DVD Talk Hall of Fame
Thread Starter
 
Lateralus's Avatar
 
Join Date: Jun 2001
Location: Valley of Megiddo
Posts: 9,569
Likes: 0
Received 0 Likes on 0 Posts
Originally posted by al_bundy
Since it's accepting messages from the internet then it needs to be set up for anonymous access. One way to get around this is to set up an SMTP gateway and keep your exchange 2000 servers inside the firewall and not visible to the outside.
I have a router that is my gateway. I setup UPnP FORWARDING to allow SMTP to forward to my Exhcange server which is behind the router. Is this what your talking about?
Old 12-22-03, 10:33 AM
  #7  
DVD Talk Hero
 
Join Date: Aug 2001
Location: in da cloud
Posts: 26,196
Likes: 0
Received 0 Likes on 0 Posts
Our is set up differently. We used to have an exchange 2000 server as a smtp gateway. It had 2 IP iddresses. Public and NAT. The firewall would allow only port 25 connections directly to the server. Now we are migrating to a dedicated SMTP gateway. It's going to be a win2003 server with spam filtering software that is also a dumbed down smtp server. It's going to send and receive messages to the internet and the exchange servers won't be visible to the internet at all.

The reason to allow anonymous conncetions is that computers on the internet are unknown to your mail server. If you set up to only authenticate then anyone who sends mail to you will need to know the authentication credentials to connect to your mail server.
Old 12-22-03, 11:19 AM
  #8  
DVD Talk Gold Edition
 
Join Date: Aug 1999
Location: Chicago, IL
Posts: 2,539
Likes: 0
Received 0 Likes on 0 Posts
If you allow anonymous authentication, aren't you opening yourself to open relay? Big no no, which will get you blacklisted faster than a dvdtalker using a coupon at amazon. I'm not familiar with Exchange, used it for a few weeks, then dumped it. I run an IMail server but there is NO anonymous access, that usually is a bad thing, except on web servers, and even then.....
Old 12-22-03, 11:40 AM
  #9  
Mod Emeritus
 
Join Date: Feb 1999
Location: Gone to the islands - 'til we meet again.
Posts: 19,053
Likes: 0
Received 0 Likes on 0 Posts
Originally posted by Neitzl
If you allow anonymous authentication, aren't you opening yourself to open relay? Big no no, which will get you blacklisted faster than a dvdtalker using a coupon at amazon. I'm not familiar with Exchange, used it for a few weeks, then dumped it. I run an IMail server but there is NO anonymous access, that usually is a bad thing, except on web servers, and even then.....

Mail servers should generally have SMTP set to accept anonymous connections, otherwise only mail servers that know a username and password can transfer mail to your server. Use of validation like this is generally only the done for internal mail servers in large corporate settings.

SMTP servers should generally have mail relaying turned off completely, set to only relay to (or from) specific domains, or set to only relay for authenticated users.
Old 12-22-03, 11:50 AM
  #10  
DVD Talk Hero
 
Join Date: Aug 2001
Location: in da cloud
Posts: 26,196
Likes: 0
Received 0 Likes on 0 Posts
Originally posted by Neitzl
If you allow anonymous authentication, aren't you opening yourself to open relay? Big no no, which will get you blacklisted faster than a dvdtalker using a coupon at amazon. I'm not familiar with Exchange, used it for a few weeks, then dumped it. I run an IMail server but there is NO anonymous access, that usually is a bad thing, except on web servers, and even then.....
No. You need an anonymous connection to accept mail from the internet no matter what mail server you use.

Relaying is different. Relaying is allowing outside parties to relay mail through your mail server. Where I work we only allow it for a few internal servers to send email to customers. It's pretty easy to set up exchange 2000 not to allow relaying. As far as a mail server, exchange 2000 is great as a mailbox server and for it's workgroup features but it's pretty weak as a smtp gateway.
Old 12-22-03, 11:59 AM
  #11  
DVD Talk Gold Edition
 
Join Date: Aug 1999
Location: Chicago, IL
Posts: 2,539
Likes: 0
Received 0 Likes on 0 Posts
Yah, sorry guys, brain fart...
I get easily confused, especially after i haven't touched stuff after it's all set up. When I go back to revisit things, it takes a while for me to remember it all. Good thing I write things down.


Also, if this is the case, shouldn't he take off the Window Integrated Authentication, and just leave anonymous?
Old 12-22-03, 01:03 PM
  #12  
Mod Emeritus
 
Join Date: Feb 1999
Location: Gone to the islands - 'til we meet again.
Posts: 19,053
Likes: 0
Received 0 Likes on 0 Posts
Originally posted by Neitzl
Also, if this is the case, shouldn't he take off the Window Integrated Authentication, and just leave anonymous?

It all depends on what he's doing. If he's got users he wants to relay for, then he would need some from of authentiation.
Old 12-22-03, 01:09 PM
  #13  
DVD Talk Hero
 
Join Date: Aug 2001
Location: in da cloud
Posts: 26,196
Likes: 0
Received 0 Likes on 0 Posts
I forgot, but I think it's required for the exchange 2000 servers to authenticate to each other. Exch2000 is all smtp based, unlike exch 5.5.

A month ago my company was hit by a spam attack. Even though relaying was locked down they still found a way to relay through us. We had relaying locked down to a few IP's and anyone who could authenticate with a domain account. Someone with credentials relayed through us even though all the internet relay tests said that we weren't relaying. Anyway, I turned smtp logging on to max and saw the exchange servers authenticate with their computer accounts when sending mail.
Old 12-22-03, 01:11 PM
  #14  
DVD Talk Hall of Fame
Thread Starter
 
Lateralus's Avatar
 
Join Date: Jun 2001
Location: Valley of Megiddo
Posts: 9,569
Likes: 0
Received 0 Likes on 0 Posts
Originally posted by Dead
It all depends on what he's doing. If he's got users he wants to relay for, then he would need some from of authentiation.
No users for me to relay for. I guess I should turn that off as well.

Is there any internet site that shows me how to lock down an exchange server so I don't get hit by spam attacks or anything of the sort?
Old 12-22-03, 03:19 PM
  #15  
DVD Talk Hero
 
Join Date: Jun 2000
Location: Words
Posts: 28,207
Likes: 0
Received 0 Likes on 0 Posts
Originally posted by Lateralus
No users for me to relay for. I guess I should turn that off as well.

Is there any internet site that shows me how to lock down an exchange server so I don't get hit by spam attacks or anything of the sort?
That would require microsoft to make too many patches.

-pedagogue
Old 12-22-03, 03:53 PM
  #16  
DVD Talk Hero
 
Join Date: Aug 2001
Location: in da cloud
Posts: 26,196
Likes: 0
Received 0 Likes on 0 Posts
Originally posted by Lateralus
No users for me to relay for. I guess I should turn that off as well.

Is there any internet site that shows me how to lock down an exchange server so I don't get hit by spam attacks or anything of the sort?
It's pretty easy. On your SMTP virtual server go to properties and then to access tab then relay button. Select only the list below option to relay and input any IP's that need to relay through your server. Also deselect the box to allow relaying for anyone that authenticates.

Check yourself through www.ordb.org or telnet into your server on port 25 and try to relay using the command line.
Old 12-23-03, 03:36 PM
  #17  
DVD Talk Hall of Fame
Thread Starter
 
Lateralus's Avatar
 
Join Date: Jun 2001
Location: Valley of Megiddo
Posts: 9,569
Likes: 0
Received 0 Likes on 0 Posts
Originally posted by al_bundy
It's pretty easy. On your SMTP virtual server go to properties and then to access tab then relay button. Select only the list below option to relay and input any IP's that need to relay through your server. Also deselect the box to allow relaying for anyone that authenticates.

Check yourself through www.ordb.org or telnet into your server on port 25 and try to relay using the command line.
Thanks for the instructions, in Exchange 2003 all that was default.

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Thread Tools
Search this Thread

Archive - Advertising - Cookie Policy - Privacy Statement - Terms of Service - Do Not Sell My Personal Information

Copyright 2018 MH Sub I, LLC dba Internet Brands. All rights reserved. Use of this site indicates your consent to the Terms of Use.