Tim Brewer wrote:
> Weird Question - may not neccesarily be to do woth m0n0wall, but would
> GREATLY appreciate any help!
> I have searched the mailing list, but no seems to have exactly what we do.
> We have multiple external ip addresses and websites, and our setup as is
> internet -- router -- mono1 192.168.11.1/24 --packetcshaper -- LAN1
> (192.168.11.10) SME ServerA (10.0.0.10) --- LAN2 -- (10.0.0.5) Exchange Mail
> (192.168.11.10) mono2 (10.0.0.1) --- LAN2
> (192.168.11.50) SME ServerB
> (192.168.11.55) IIS Web Server
> I have set up mono1 rules/nat/proxy arp so incoming traffic from the
> internet (http, smtp, vpn etc) all works fine.
> I have set up mono1 as a DNS forwarder with www.a.b.c <http://www.a.b.c>
> for websites on the SME ServerB and IIS Web Server so anything that is
> behind mono1 can access them.
> Our email comes through mono1, gets nat'd to SME Server A, which then passes
> it onto Exchange Mail Server - this works perfectly.
> The Problem:
> SME Server B has it's own smtp server and sends out alerts to firstname.lastname@example.org
> <mailto:email@example.com> - these emails never get to Exchange mail Server.
> If we set the alerts to go to another completely external domain (yahoo,
> ihug etc) - it works fine.
> From the logging on SME Server B, the email either appears to work, or get
> the message 'Couldn't Establish an SMTP Connection'
> We have tried making a firstname.lastname@example.org <mailto:email@example.com> and
> pointing this to a different external address, which then should (rules are
> set up for this) through mono1then mono2 to Exchange Mail Server, but the
> same issue.
> It appears that for any domain we host ourselves, that we cannot email from
> LAN1 to LAN2.
Here are my suggestions:
1- try a
telnet exchange 25
If you get a prompt like "220 exchange Microsoft ESMTP MAIL Service...
Then your firewall rules are OK.
If you get a connexion refused or a time out, your firewall rules aren't ok.
If your firewall rules are OK, I suggest a few things:
1- set an alias for the user "test" in your alias file, to an external
address. What MTA is the SME using? Sendmail, postfix, exim, qmail?
2- If the SME server is running Sendmail, check the "MASQUERADE_DOMAIN"
option. However, I'm not sure if you should play with that on SME.
Let me know how it goes.
-> Please don't send a copy of your reply by e-mail. I read the list.
-> Please avoid top-posting, long signatures and HTML, and cut the
irrelevant parts in your replies.