[ previous ] [ next ] [ threads ]
 From:  Ugo Bellavance <ugob at camo dash route dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: Sending Email from m0n0 lan to m0n0 lan - sort of
 Date:  Fri, 22 Jul 2005 09:29:57 -0400
Tim Brewer wrote:
> Weird Question - may not neccesarily be to do woth m0n0wall, but would
> GREATLY appreciate any help!
> I have searched the mailing list, but no seems to have exactly what we do.
> We have multiple external ip addresses and websites, and our setup as is
> follows
> internet -- router -- mono1 --packetcshaper -- LAN1
>                                                                 --
> ( SME ServerA ( --- LAN2 -- ( Exchange Mail
> Server
>                                                                 --
> ( mono2 ( --- LAN2
>                                                                 --
> ( SME ServerB
>                                                                 --
> ( IIS Web Server
> I have set up mono1 rules/nat/proxy arp so incoming traffic from the
> internet (http, smtp, vpn etc) all works fine.
> I have set up mono1 as a DNS forwarder with www.a.b.c <http://www.a.b.c>
> for websites on the SME ServerB and IIS Web Server so anything that is
> behind mono1 can access them.
> Our email comes through mono1, gets nat'd to SME Server A, which then passes
> it onto Exchange Mail Server - this works perfectly.
> The Problem:
> SME Server B has it's own smtp server and sends out alerts to tech@a.b.c
> <mailto:tech@a.b.c>  - these emails never get to Exchange mail Server.
> If we set the alerts to go to another completely external domain (yahoo,
> ihug etc) - it works fine.
> From the logging on SME Server B, the email either appears to work, or get
> the message 'Couldn't Establish an SMTP Connection'
> We have tried making a test@test.a.b.c <mailto:test@test.a.b.c>  and
> pointing this to a different external address, which then should (rules are
> set up for this) through mono1then mono2 to Exchange Mail Server, but the
> same issue.
> It appears that for any domain we host ourselves, that we cannot email from
> LAN1 to LAN2.

Here are my suggestions:

1- try a

telnet exchange 25

If you get a prompt like "220 exchange Microsoft ESMTP MAIL Service...

Then your firewall rules are OK.

If you get a connexion refused or a time out, your firewall rules aren't ok.

If your firewall rules are OK, I suggest a few things:

1- set an alias for the user "test" in your alias file, to an external
address.  What MTA is the SME using?  Sendmail, postfix, exim, qmail?

2- If the SME server is running Sendmail, check the "MASQUERADE_DOMAIN"
option.  However, I'm not sure if you should play with that on SME.

Let me know how it goes.


-> Please don't send a copy of your reply by e-mail.  I read the list.
-> Please avoid top-posting, long signatures and HTML, and cut the
irrelevant parts in your replies.