GW 2014 and Exchange mail flow issues

Hi,

I have a fully functioning GW2014 Environment that I am integrating Exchange into.
We only need SMTP Mail to send between the systems and I have a shared domain (fakeschool.edu.au).

No user exists in both systems, and only test users exist in Exchange at this point.

Currently I have:
GW2014 Inbound via gateway firewall/proxy that is the internet visible SMTP server - Relay Host for outbound messages: is configured
GW2014 Outbound via gateway firewall/proxy - blocks outbound 25 and 53 etc
GW2014 to Exchange 2013 mail flow both ways
Exchange Outbound via gateway firewall/proxy
Exchange inbound via GW2014 via gateway firewall/proxy fails

After some investigation it appears that I need to set Forward Undeliverable Inbound Messages to Host: to [Ex.ch.ang.eIP]

However when I configure, press save, restart service I see (sample, happens to ALL domains).

13:21:10 60C4 MSG 619958 Sender: me@fakeschool.edu.au
13:21:10 60C4 MSG 619958 Building message: s559e746.531
13:21:10 60C4 MSG 619958 Recipient: mehome@netspace.net.au
13:21:20 5384 MSG 619958 Analyzing result file: \\SRV-GW01\GRPWISE\DOMAIN\wpgate\gwia\result\r559e746.531
13:21:20 5384 MSG 619958 Detected error on SMTP command
13:21:20 5384 MSG 619958 Command: netspace.net.au
13:21:20 5384 MSG 619958 Response: 450 Host down (netspace.net.au)

When I clear that setting and restart service, everything works.

So my questions:

1: Why - what am I missing?
2: How do I make this work?

Thanks
Matt
Parents
  • Hi.

    On 18.05.2015 07:26, retsef wrote:
    > GW2014 Inbound via gateway firewall/proxy


    That is unclear. Please elaborate. A Firewall isn't a proxy isn't a gateway.

    > After some investigation it appears that I need to set *Forward
    > Undeliverable Inbound Messages to Host:* to [Ex.ch.ang.eIP]


    That's a pretty bad idea ll around, depending on the answer above. No,
    actually it's a bad idea, because it means you accept *all* mails.

    > However when I configure, press save, restart service I see (sample,
    > happens to ALL domains).
    >
    > 13:21:10 60C4 MSG 619958 Sender: me@fakeschool.edu.au
    > 13:21:10 60C4 MSG 619958 Building message: s559e746.531
    > 13:21:10 60C4 MSG 619958 Recipient: mehome@netspace.net.au
    > 13:21:20 5384 MSG 619958 Analyzing result file:
    > \\SRV-GW01\GRPWISE\DOMAIN\wpgate\gwia\result\r559e746.531
    > 13:21:20 5384 MSG 619958 Detected error on SMTP command
    > 13:21:20 5384 MSG 619958 Command: netspace.net.au
    > 13:21:20 5384 MSG 619958 Response: 450 Host down (netspace.net.au)


    Didn't you state that port 25 outbound from your GWIA is blocked? Well,
    seems liek that works. <g>

    >
    > 1: Why - what am I missing?


    See above. Your own firewall config not allowing GWIA to do as it's told
    to do.

    > 2: How do I make this work?


    Best by having a smart host in front of your whole setup *incoming*.

    CU,
    --
    Massimo Rosen
    Novell Knowledge Partner
    No emails please!
    http://www.cfc-it.de
  • Hi Massimo,

    Our internet edge device actually is: a Firewall, a web proxy, a web filter, a mail filter, a DNS server, an SMTP smart host outbound and I think inbound. This is a single device that does all of these roles, so while you are correct that a firewall is not a proxy, in our case it most definitely is.

    Our edge device also disallows delivery for all non fakeschool.edu.au emails, meaning that the GW mail server only sees emails destined for the correct domain.

    "Your own firewall config not allowing GWIA to do as it's told to do."
    What I THOUGHT I configured was for GW to send all incoming emails to unknown @fakeschool.net.au addresses to the (same internal vlan) Exchange Server.

    Obviously I missed something here?

    Without the Forward Undeliverable Inbound Messages to Host: [10.1.1.20] configured, internet destined mail-flow works, but when it is configured internet mail does not work.


    I will look into the incoming smart host option.
  • Hi.

    Am 18.05.2015 um 23:06 schrieb retsef:

    > Our edge device also disallows delivery for all non fakeschool.edu.au
    > emails, meaning that the GW mail server only sees emails destined for
    > the correct domain.


    Still you incorrectly accept all mail for your domain(s), even when the
    user doesn't exist. You'll either end up with a system where somoene
    that mistypes an address never gets to know it, or you'll end up on
    blacklist within minutes. Both, in this day and age, doesn't qualify as
    acceptable.

    > "Your own firewall config not allowing GWIA to do as it's told to do."
    > What I THOUGHT I configured was for GW to send all incoming emails to
    > unknown @fakeschool.net.au addresses to the (same internal vlan)
    > Exchange Server.


    I don't know what you configured, nor in which vlan which server is.

    What I see is your GWIA attempting to connect via port 25 to a server
    that I don't know, and you said before that your firewall doesn't allow
    that.

    The /fut switch should have no influence here, but IMHO that's academic,
    as your setup will prove itself not useable that way for the reasons I
    outlined above.

    CU,
    --
    Massimo Rosen
    Novell Knowledge Partner
    No emails please!
    http://www.cfc-it.de
  • Okay, let me try explaining myself again.

    Everything works in my current setup except internet sourced inbound mail destined for the exchange server - which is first delivered to the GroupWise server as it was the first existing server.
    I can mail from GW -> Internet.
    I can mail from GW -> Exchange based user.
    I can mail from Exchange -> GW based user.
    I can mail from Exchange -> Internet based user.
    I can mail from Internet -> GW
    I can craft a message (telnet, SMTP, helo, mail from:, etc) to pretend to be "internet" -> Exchange -> GW (using a recipient that exists only in GW)

    I cannot go Internet -> GW -> Exchange (using a recipient that exists only in Exchange)

    I somehow need to fix this.

    I assumed based on research that unlike in Exchange, where I can configure a Send Connector to route unknown addresses for the fakeschool.edu.au address, I needed to configure the "Forward Undeliverable Inbound Messages to Host" setting.

    At this point I am considering swapping the mail delivery from the Firewall to land on Exchange and let it route the mail internally and be done with it.
    Once inside the firewall both mail servers are on the same network, vlan, ip range, have full communication etc.

    I'd dearly like to know how to get GW to behave like this or if it is simply not possible.
  • Hi,

    Just to add my thoughts here.... GWIA accepts mail for inbound and uses the MTA to do an address lookup. If the lookup fails then the mail will be rejected. What we did when we split a system into GroupWise and Exchange was setup the Exchange users on a different internet domain. Then using a route.cfg file you can re-route all mail for that internet domain directly to the IP address of your Exchange server. Sharing an internet domain name with GWIA as your "accepting SMTP gateway" is probably not going to work.

    Another idea that I've had, which may or may not work, is to setup your Exchange users and external users in your GroupWise system.

    Just my two cents worth.

    Cheers,
Reply
  • Hi,

    Just to add my thoughts here.... GWIA accepts mail for inbound and uses the MTA to do an address lookup. If the lookup fails then the mail will be rejected. What we did when we split a system into GroupWise and Exchange was setup the Exchange users on a different internet domain. Then using a route.cfg file you can re-route all mail for that internet domain directly to the IP address of your Exchange server. Sharing an internet domain name with GWIA as your "accepting SMTP gateway" is probably not going to work.

    Another idea that I've had, which may or may not work, is to setup your Exchange users and external users in your GroupWise system.

    Just my two cents worth.

    Cheers,
Children
No Data