Exchange server behind firewall can't send outgoing
From: Antony Gelberg (ag@no_spam.antgel.co.uk)Date: 05/04/02
- Next message: RTH: "kerio log---HELP"
- Previous message: Sven Tantau: "Re: Kerio Firewall; "System" listening to Ports 137-139"
- Next in thread: Erik: "Re: Exchange server behind firewall can't send outgoing"
- Reply: Erik: "Re: Exchange server behind firewall can't send outgoing"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Antony Gelberg" <ag@no_spam.antgel.co.uk> Date: Sat, 4 May 2002 14:05:19 +0100
Hi all,
Sorry for the cross-post, I think it is relevant.
I am having some problems with a firewall, and specifically the Exchange
server communicating with the outside world. Here is a description of the
system.
ADSL router -> Red Hat 7.0 PC, 32MB, configured with ipchains and
sendmail -> hub -> rest of LAN, including Exchange server (10.*.*.*).
Our ISP manages DNS for us - the MX record is set to the firewall. Sendmail
(on the firewall) is configured to masquerade as the domain, and forward all
non-local users email to the Exchange server. I do this with an entry in
/etc/hosts, there is no need, as far as I can see, to run BIND on the
firewall, our network is quite small.
So incoming email appears to work ok. It's outgoing, external email that
causes problems.
At first, I had the Exchange server running DNS, and attempting to send mail
via DNS. This appeared to cause some firewall-related problems - reverse
DNS lookups on a machine behind the firewall, perhaps. It was actually
pings getting caught, but I guess that could be part of some handshaking
procedure?
So I had the idea of setting Exchange to always forward outgoing mail to the
firewall, rather than use DNS to send. Then sendmail would send it, I
thought.
However, when I try this configuration, I get sendmail problems which crash
the whole Linux box! Unfortunately I don't have the exact message (form
/var/log/messages) here now, it definitely included something like
SMTP-MAIL: died on signal 11. I got this several times. The whole Linux
box slowed to a crawl, with many running sendmail processes. In the end, I
had to reboot it. This is consistent behaviour, and the Exchange outgoing
queue is just getting larger. :-(
So... Is this some kind of bug in sendmail on RH 7.0? My first thought is
to upgrade to 7.2. Maybe the Linux box is running out of resources? 32MB
isn't much, but it does have 128MB swap. I wouldn't expect such a grand
failure if that was the case.
Lastly, am I making this over-complicated? Could I (more easily) achieve
mail transfer to/from Exchange by ditching sendmail and using NAT, e.g.
configuring the firewall so that anything coming in from outside on port 25
just gets re-directed to the private Exchange box, and configuring Exchange
to use DNS to send mail? And if I can, and that is easier, how do I get
around the original problem I had with the firewall when trying to send
Exchange mail via DNS?
Hope this is fairly clear, if anyone can shed any light on this at all, I
would be ever so grateful...
--- Antony http://www.antgel.co.uk
- Next message: RTH: "kerio log---HELP"
- Previous message: Sven Tantau: "Re: Kerio Firewall; "System" listening to Ports 137-139"
- Next in thread: Erik: "Re: Exchange server behind firewall can't send outgoing"
- Reply: Erik: "Re: Exchange server behind firewall can't send outgoing"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
