Вы находитесь на странице: 1из 5

Send and receive mail from the Internet to Exchange 2007

1. On DCX20 second network card set up with the address 192.168.2.2, Default Gateway 192.168.2.1 Point'a of the Check and give DNS'y provider. They can be found from the line Check Point'a: Setup> Tools> Diagnostics> Primary & Secondary DNS Servers - 192.117.235.235 and 62.219.186.7 Note: This is, in fact, a controversial decision ... no less (or more!) A good solution - set the Preferred DNS address of the router - 192.168.2.1, and Alternate - himself 192.168.2.2 Important! On both NICs enable Ipv6. This will eliminate the error (Event ID: 2114 topology discovery failed) and solve the problem of constantly do not start the service Information Store. 2. Check the presence of MX records on a free service. So go on and on line http://freedns.ws/en/utilites/"Lookup domain or IP" is entered RetroTech.dtdns.net, and next in line "in NS" is entered dtdns.net, "type"> A (first) click on the>> bottom and get the correct IP, and then the "type"> MX>> and get an answer that such a record exists: Server: dtdns.net Address: 64.156.29.46 # 53 RetroTech.dtdns.net mail exchanger = 10 RetroTech.dtdns.net. 3. Configure Check Point. DHCP installation are located in Network>My Network>LAN>Edit. You can change the options. Clients DHCP, as well as other devices on the network can be viewed from the Reports> My Computers. Here is IP reservation by MAC. You can place a static address (sm.p.1) to a second network card to use DCX20 reservation. On DCX20 green (obtained from DHCP, blue - static)> Add> Single Computer> Next> IP Address> instead obtained from DHCP 192.168.2.224 enter 192.168.2.2> MAC check by double clicking on DCX20> LAN-2> Details> Physical Address> 00-15-5d-02-07-92> Next> Description Name> Exchange> Finish. Check that the Network> Network Objects, a new object - Exchange with IP: 192.168.2.2. Open ports. Security> Servers> mark the check boxes for: Telnet Server, Mail Server (POP3), Mail Server (SMTP) - all on the 192.168.2.2 Important! At Check Point (or any other router) to go from the virtual company - or the wrong MAC, with all the work ... nothing will happen. 4. On DCX20 set through Server Manager> Features> Add Features> Telnet Client and Telnet Server. It is necessary for the diagnosis of the Exchange.

5. Create a Send Connector from EMC> Organization Configuration> Hub Transport> Send Connector> RC> New Send Connector> Name> Internet> Select the ...> Internet> Next> Add> SMTP> Address: *> Include all subdomains> Cost: 1> OK > Next> upper left "Use domain name system ..." MX "records ..."> at the bottom mark "use the External DNS Lookup ..."> Next> Next> New> Finish. 6. There's also creating a new Accepted Domain>RC>New Accepted Domain>Name> dtdns.net>Accepted Domain>RetroTech.dtdns.net.>Leave the top button "Authoritative Domain"> New> Finish. 7. Adding a new policy. Here: E-mail Address Policies>RC>New E-mail Address Policy>Name>dtdns.net>All recipients types>Next>E-mail Addresses>Add>E-mail address local part: use alias (default is This option, while not touching)>Select accepted domain for e -mail addresses>Browse>dtdns.net(RetroTech.dtdns.net)>OK>OK>Next>Next>New 8. Adding permission to receive it. EMC>Server Configuration>Hub Transport>Receive Connector>Default DCX20>RC>Properties>Permission Groups>mark the top checkbox Anonymous users>Apply>OK 9. For OWA send two letters to himself and to DCX20Admin@retrotech.local DCX20Admin@retrotech.dtdns.net. Both came from. Send to any external e-mail, for example, walla.com, but only on dtdns.net - error 10. Check availability of the Internet a virtual machine with Exchange on port 25, enter from the CMD on a physical host: Telnet retrotech.dtdns.net 25 Returned: 220 DCX20.RetroTech.local Microsoft ESMTP MAIL Service ready at Sun, 20 Mar 2011 13:20:51 + 0200 11. Test your connection with other mail servers from CMD virtual machine: Telnet smtp.mail.ru 25 Returned: 220 smtp12.mail.ru ESMTP ready hello and call ourselves: EHLO (or HELO) mail.RetroTech.dtdns.net (and can not mail ) 250 smtp5.mail.ru MAIL FROM: DCX20Admin@retrotech.dtdns.net 250 2.0.0 OK RCPT TO: retro@mail.ru 550 not local sender over smtp 421 smtp2.mail.ru: SMTP command timeout - closing connection Some servers reject the connection immediately e-mail servers with dynamic names: Telnet smtp.pisem.net 25 220 mail.qip.ru ESMTP (22 792) EHLO mail.retrotech.dtdns.net 550 Spammers go home. Connection to host lost. 12. Checking through nettools.ru> did not let the user open the ports in the forced Check Point Security> Rules> Add Rule> Allow and Forward> Next> Standard Servic e> Mail Server (SMTP)> Next> Source> ANY> Destination> This Gateway> Next> Forward the connection to: Exchange (Network Object)> Next> Finish. All the same, and for the Mail Server (POP3), and for the IMAP Server.

To find the mail server of any company must make a request via nslookup, for example: C: \Users\Administrator>nslookup-type=MX bezeqint.net Server: my.firewall Address: 192.168.2.1 Non-authoritative answer: Bezeqint.net MX preference=1, mail exchanger=mailmx.bezeqint.net And, further, to know his IP: C:\Users\Administrator>ping mailmx.bezeqint.net Pinging mailmx.bezeqint.net [192.115.106.58] with 32 bytes of data: Reply from 192.115.106.58: bytes = 32 time = 19ms TTL = 246 Reply from 192.115.106.58: bytes = 32 time = 21ms TTL = 246 Reply from 192.115.106.58: bytes = 32 time = 24ms TTL = 246 Reply from 192.115.106.58: bytes = 32 time = 29ms TTL = 246 Ping statistics for 192.115.106.58: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 19ms, Maximum = 29ms, Average = 23ms Another subtlety. If, after the nslookup command to add at the end of 8.8.8.8, it will check that this server does not see our Exchange, and mail server, Google (highlighted in blue difference) C:\Users\Administrator>nslookup-type=MX bezeqint.net 8.8.8.8 Server: google-public-dns-a.google.com Address: 8.8.8.8 Non-authoritative answer: Bezeqint.net MX preference=1,mail exchanger=mailmx.bezeqint.net Do the same with all our domain: C:\Users\Administrator>nslookup-type=MX retrotech.dtdns.net Server: my.firewall Address: 192.168.2.1 Non-authoritative answer: Retrotech.dtdns.net MX preference=10, mail exchanger=retrotech.dtdns.net C: \Users\Administrator>nslookup-type=MX retrotech.dtdns.net 8.8.8.8 Server: google-public-dns-a.google.com Address: 8.8.8.8 Non-authoritative answer:

Retrotech.dtdns.net MX preference = 10, mail exchanger = retrotech.dtdns.net Ie not only ourselves, but Google knows about the existence of our domain. In the first case, the request comes from Check Point (my.firewall 192.168.2.1), and the second from (google-public-dns-a.google.com 8.8.8.8) Check availability through nettools.ru When the check box is unchecked Anonymous Users test for accessibility - E_Mail Valid looks like this: Check availability E_Mail Address: DCX20Admin@RetroTech.dtdns.net Domain: RetroTech.dtdns.net Mail server domain RetroTech.dtdns.net RetroTech.dtdns.net. [Priority 10] --------------- Mail Server: RetroTech.dtdns.net. (84.111.142.73) [Priority 10] -------------Connecting ... OK <= 220 DCX20.RetroTech.local Microsoft ESMTP MAIL Service ready at Mon, 21 Mar 2011 14:55:41 0200 => HELO mailvalid.nettools.ru <= 250 DCX20.RetroTech.local Hello [77.246.230.9] => MAIL FROM: <mailvalid@nettools.ru> <= 530 5.7.1 Client was not authenticated *** User with such E_Mail not available on the server *** When checked, as follows: Check availability E_Mail Address: DCX20Admin@RetroTech.dtdns.net Domain: RetroTech.dtdns.net Mail server domain RetroTech.dtdns.net RetroTech.dtdns.net. [Priority 10] --------------- Mail Server: RetroTech.dtdns.net. (84.111.142.73) [Priority 10] -------------Connecting ... OK <= 220 DCX20.RetroTech.local Microsoft ESMTP MAIL Service ready at Mon, 21 Mar 2011 14:58:34 0200 => HELO mailvalid.nettools.ru <= 250 DCX20.RetroTech.local Hello [77.246.230.9] => MAIL FROM: <mailvalid@nettools.ru> <= 250 2.1.0 Sender OK => RCPT TO: <DCX20Admin@RetroTech.dtdns.net> <= 250 2.1.5 Recipient OK *** The server is a mail forwarder and receives all messages *** Begin to send letters that are stuck in the Queue (see in EMC> Tools> Queue Viewer). They can be removed by RC from sending NDR. By NDR error number, you can determine what is missing e-mail servers to communicate with our server. Open the letter and immediately encountered the error code, in this case 550 4.3.2 Start the Mail Flow Troubleshooter (in the same Tools), specify the Label problem

(best title of the letter that never came, TEST-001)> Next> specifies the server name and GC Exchange> Next> everything is OK> Next> enter the error code> 550> Next> check DNS> OK> Check DNS Records> no reverse zone (No "Pointer" record (s) found for IP Address 100.100 .100.100 and 192.168.2.2). At the same time the letter came as a Gmail.com, and with Walla.com. But not sent back. At this save the state DCX20. Certificates and input format in OWA. 1. To not receive a red band with a warning, create a certificate for a domain NetBIOS Name for internal use: DCX20> Friendly Name> WEB-NetBIOS Name Inquire with the CA for the user (?) And immediately go to OWA. Note: This is it and do not necessarily do - even without the user enters a personal certificate for https. Sufficiently binding site on a domain certificate. 2. Format the authentication entry in the console by default OWA to Use forms -based authentication: >Domain\user name to change the note below the checkbox User principal name (UPN)>OK. After that restart is required Web site: Cmd>IISReset / NoForce now, in addition format RetroTech\DCX20Admin, possible visit to DCX20Admin@retrotech.local 3. To enter a user name only to note the bottom button User name only> Logon domain:> Browse>RetroTech.local>OK>CMD>IISReset / NoForce - result: in addition to the two previous forms of entry appeared to just enter the user name and password. 4. Change the authentication method at the very top option Use one or more standard authentication methods: and, further,> (X) Integrated Windows authentication> CMD> IISReset / NoForce - will provide an opportunity to go to OWA at all without entering the password and name. Other settings are not relevant.