Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » I have a Problem con MS Exchange 2003
  •  
nervill

Messages: 5

Karma: 0
Send a private message to this user
I have a problem in my network office, i have a windows 2003 domain this it is Domain controller and MS exchange server 2003, when try send a internal mail by IPS smtp cant send.

I sorry my english,

continue text in spanish..

Tengo un servidor windows 2003 el mismo es un controlador de dominio y un servidor de correo con MS exchange 2003 le instale el kerio winroute alli mimso y desde entonces no pueden enviar mis usuarios internos correos a internet que puedo hacer?
  •  
feite

Messages: 523
Karma: 0
Send a private message to this user
Did you create a traffic rule for the e-mail?

If your domain controller / Exchange server is the firewall use these two rules:

name: SMTP out (sending mail)
source: firewall
dest: internet NIC
service: SMTP

name: SMTP in (receiving mail)
source: internet NIC
dest: firewall
service: SMTP

If your domain controller / Exchange server is inside the LAN use these two rules:

name: SMTP out (sending mail)
source: exchange server ip address
dest: internet NIC
service: SMTP
NAT: default outgoing interface

name: SMTP in (receiving mail)
source: internet NIC
dest: firewall
service: SMTP
map: ip address of exchange server
  •  
nervill

Messages: 5

Karma: 0
Send a private message to this user
Sorry Bro, thanks for your help, but I still have the problem,

My emails still on exchange server's 2003 queue.

Everything else is working perfect at my setup, but I can´t figure out What happended. I evaluated ISA Server 2004, and was harder to put on works, but It works.

I don´t know if is a bug or I'm doing something wrong, this software looks great, but I need some help, thanks.

----------------

Here is my setup and some logs:

Server:
LAN NIC: 192.168.0.1
Internet NIC: 200.x.x.x
Kerio Winrount Firewall
Microsoft Windows 2003 Domain Controller
Exchange Server 2003

I try with all the options you gave it to me.

I have disabled the DNS Forwarding, because, if I enable i get an error: "DNS forwarder is in conflict with Windows DNS Services" since I have a DC.

Here is a copy of logs:
[27/Nov/2004 14:01:53] [ID] 55621 [Rule] SMPT OUT NAT [Service] SMTP [User] username [Connection] TCP 192.168.0.6:4009 -> 64.x.x.x:25 [Duration] 81 sec [Bytes] 0/48/48 [Packets] 0/1/1
[27/Nov/2004 14:07:28] [ID] 55858 [Rule] SMTP OUT (EMail OUT) [Service] SMTP [User] username [Connection] TCP DOMAINCONTROLLER:8567 -> 206.x.x.x:25 [Duration] 81 sec [Bytes] 0/48/48 [Packets] 0/1/1

I got this errors on error logs:
[27/Nov/2004 14:08:32] (5002) Failed to start service "DNS" bound to address 192.168.0.1.
[27/Nov/2004 14:08:32] (4103:10048) Socket error: Unable to bind socket for service to port 53.
[27/Nov/2004 14:08:32] (5002) Failed to start service "DNS" bound to address 200.75.140.85.

And in filter logs I get this:
[27/Nov/2004 14:05:37] PERMIT "SMPT OUT NAT" packet from LAN - Office, proto:TCP, len:40, ip/port:192.168.0.6:4077 -> 64.x.x.x:25, flags: ACK , seq:588345953 ack:2767974187, win:64512, tcplen:0
[27/Nov/2004 14:06:38] PERMIT "SMPT OUT NAT" packet from LAN - Office, proto:TCP, len:40, ip/port:192.168.0.6:4077 -> x.x.x.x:25, flags: FIN ACK , seq:588345953 ack:2767974187, win:64512, tcplen:0
[27/Nov/2004 14:06:38] PERMIT "SMPT OUT NAT" packet to LAN - Office, proto:TCP, len:40, ip/port:64.x.x.x:25 -> 192.168.0.6:4077, flags: ACK , seq:2767974187 ack:588345954, win:17520, tcplen:0

Warnings Logs:
[27/Nov/2004 14:08:45] (1005) DNS Server system service detected. This service is in conflict with DNS forwarder in WinRoute.



  •  
feite

Messages: 523
Karma: 0
Send a private message to this user
KWF is running on your domain controller (windows 2003 active directory server). In that case do not use the DNS of KWF but use the DNS of W2003. -> disable the DNS service in KWF. To do so go to the administration console and select 'DNS Forwarder'. De-select the 'Enable DNS forwarding'. After that you have only one DNS service running and thats the DNS service of windows 2003.

[27/Nov/2004 14:01:53] [ID] 55621 [Rule] SMPT OUT NAT [Service] SMTP [User] username [Connection] TCP 192.168.0.6:4009 -> 64.x.x.x:25 [Duration] 81 sec [Bytes] 0/48/48 [Packets] 0/1/1

This log entry shows that a client pc from inside the LAN is trying to send an e-mail. Probably Outlook of Outlook Express is trying to send an e-mail to a SMTP server outside your line. If you are using an Exchange server and its installed on the domain controller than the client should be sending the mail to the exchange server, not to the outside mail server. The exchange server is the only one that should have access to the outside.

Maybe the Exchange service can not send the mail because troubles with DNS. After disabling DNS try again.

Let me know if it works or not.

Feite
  •  
nervill

Messages: 5

Karma: 0
Send a private message to this user
Place the option as it mentions but continuous the problem, that can be made in this case as I can solve this.

Nonprofit the exit of email with anything program within my
network.

A solution to this problem exists or that I must make.

Regards,
  •  
feite

Messages: 523
Karma: 0
Send a private message to this user
I can not follow you. You did disable the DNS forwarder in KWF?

If yes. Can you resolve an url to an ip address?

try this on the firewall in a cmd box (Start / Run 'cmd.exe')

ping www.kerio.com

You should see the ip address. If this happens DNS is working.

After that we need to check your exchange settings.
  •  
nervill

Messages: 5

Karma: 0
Send a private message to this user
I can not follow you. You did disable the DNS forwarder in KWF?
Nervill: yes, If one is disable.

If yes. Can you resolve an url to an ip address?
try this on the firewall in a cmd box (Start / Run 'cmd.exe')
ping www.kerio.com
Nervill: Yes i can. www.kerio.com ip is 128.242.106.66

You should see the ip address. If this happens DNS is working.
Nervill: yes i see.

After that we need to check your exchange settings.
Nervill: the configuration of the server this good. when I stop the service of kerio immediately leaves the emails.

of all ways, it tell me if your you know some configuration that must use in the MS Exchange 2003 for kerio.

I need to solve this problem


regards,
  •  
feite

Messages: 523
Karma: 0
Send a private message to this user
I have a MS Server 2003 + Exchange 2003 running on a machine inside the LAN, not on the firewall itself. All works fine. I use KWF version 6.0.8. If you do not have 6.0.8 installed please update.

For sending mail I have 2 other sugestions for you:

1)
go to the traffic rules

go to the traffic rule for outgoing SMPT from firewall to LAN and select the column 'Protocol Inspector'. Change the setting to 'None'. If the column is not visible make it visible by right clicking a column title and select 'Modify Columns...'

By doing so you KWF is no longer inspection the SMTP messages.

Try option 1) if it does not work try option 2

2)
go to the traffic rules

add a new rule above all rules (on top of)

name: Firewall out
source: Firewall
dest: any
service: any
action: allow
log: packet and connection
protocol inspector: none
translation: no translation

If this does not work please upload a printscreen of the traffic rules.

Feite
  •  
nervill

Messages: 5

Karma: 0
Send a private message to this user
Thanks my friend for your help.

Here is what I did.

I setup a new computer with Windows 2003 Server for this Kerio Test.

I made this PC the firewall PC. Now my networks is:

Firewall:
Win2003 + Kerio WinRout Firewall Latest Build
LAN: 192.168.0.2
Internet: 200.x.x.x

Domain Controller:
Windows 2003 + Exchange Server
LAN: 192.168.0.1

By now everything is the working good, but no SMTP from every computer.

1.000.000 times Thanks for your help!

  •  
feite

Messages: 523
Karma: 0
Send a private message to this user
Nice to hear its working. You could look to your traffic rules if there is not something that could be removed. Example: do you want people from the internet to ping your machine? Is an FTP server needed (security risc). I do not see a service called SMTP. Your mailserver is not visible from the internet and will not receive mail.

Now its working you can try to secure a rule bit more. If is fails you undo the change.

Good luck

Feite
  •  
Purroy

Messages: 2

Karma: 0
Send a private message to this user
Saludos.

Actualmente he leido todas las sugerencias que has dado en el foro, referente a la las reglas que hay que establecer en el KWF para poder enviar y recibir correos...

En mi red, puedo recibir correos (POP3) sin problemas. Mas sin embargo no puedo enviar ningun correo.

Para el envio de correos, poseo actualmente las siguientes reglas:

//////////////////////////////////////////////////////////// ///
Rule to allow firewall to access mailserver (of ISP) on the internet
name: Mail
source: firewall
dest: internet
service: SMTP
action: allow
log: none
translation: none
protocol inspector: default

Rule to allow client from LAN to access mailserver (of ISP) on the internet
name: Mail LAN
source: LAN
dest: internet
service: SMTP
action: allow
log: none
translation: NAT default outgoing interface
protocol inspector: default
//////////////////////////////////////////////////////////// /
Pero de igual forma no puedo enviar correos..
PLEASE, I NEED HELP "" URGENT ""

Adjunto les envio un PrintScreen de las reglas que tengo en el firewall


  • Attachment: Rules KWF.JPG
    (Size: 63.79KB, Downloaded 755 times)
Previous Topic: McAfee anti virus on KWF via plugin possible?
Next Topic: can winroute work with mailserver together?
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sat Nov 18 20:46:19 CET 2017

Total time taken to generate the page: 0.00599 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.