retsef Absent Member.
Absent Member.
2772 views

GW 2014 and Exchange mail flow issues

Hi,

I have a fully functioning GW2014 Environment that I am integrating Exchange into.
We only need SMTP Mail to send between the systems and I have a shared domain (fakeschool.edu.au).

No user exists in both systems, and only test users exist in Exchange at this point.

Currently I have:
GW2014 Inbound via gateway firewall/proxy that is the internet visible SMTP server - Relay Host for outbound messages: is configured
GW2014 Outbound via gateway firewall/proxy - blocks outbound 25 and 53 etc
GW2014 to Exchange 2013 mail flow both ways
Exchange Outbound via gateway firewall/proxy
Exchange inbound via GW2014 via gateway firewall/proxy fails

After some investigation it appears that I need to set Forward Undeliverable Inbound Messages to Host: to [Ex.ch.ang.eIP]

However when I configure, press save, restart service I see (sample, happens to ALL domains).

13:21:10 60C4 MSG 619958 Sender: me@fakeschool.edu.au
13:21:10 60C4 MSG 619958 Building message: s559e746.531
13:21:10 60C4 MSG 619958 Recipient: mehome@netspace.net.au
13:21:20 5384 MSG 619958 Analyzing result file: \\SRV-GW01\GRPWISE\DOMAIN\wpgate\gwia\result\r559e746.531
13:21:20 5384 MSG 619958 Detected error on SMTP command
13:21:20 5384 MSG 619958 Command: netspace.net.au
13:21:20 5384 MSG 619958 Response: 450 Host down (netspace.net.au)

When I clear that setting and restart service, everything works.

So my questions:

1: Why - what am I missing?
2: How do I make this work?

Thanks
Matt
Labels (1)
0 Likes
10 Replies
Knowledge Partner
Knowledge Partner

Re: GW 2014 and Exchange mail flow issues

Hi.

On 18.05.2015 07:26, retsef wrote:
> GW2014 Inbound via gateway firewall/proxy


That is unclear. Please elaborate. A Firewall isn't a proxy isn't a gateway.

> After some investigation it appears that I need to set *Forward
> Undeliverable Inbound Messages to Host:* to [Ex.ch.ang.eIP]


That's a pretty bad idea ll around, depending on the answer above. No,
actually it's a bad idea, because it means you accept *all* mails.

> However when I configure, press save, restart service I see (sample,
> happens to ALL domains).
>
> 13:21:10 60C4 MSG 619958 Sender: me@fakeschool.edu.au
> 13:21:10 60C4 MSG 619958 Building message: s559e746.531
> 13:21:10 60C4 MSG 619958 Recipient: mehome@netspace.net.au
> 13:21:20 5384 MSG 619958 Analyzing result file:
> \\SRV-GW01\GRPWISE\DOMAIN\wpgate\gwia\result\r559e746.531
> 13:21:20 5384 MSG 619958 Detected error on SMTP command
> 13:21:20 5384 MSG 619958 Command: netspace.net.au
> 13:21:20 5384 MSG 619958 Response: 450 Host down (netspace.net.au)


Didn't you state that port 25 outbound from your GWIA is blocked? Well,
seems liek that works. <g>

>
> 1: Why - what am I missing?


See above. Your own firewall config not allowing GWIA to do as it's told
to do.

> 2: How do I make this work?


Best by having a smart host in front of your whole setup *incoming*.

CU,
--
Massimo Rosen
Novell Knowledge Partner
No emails please!
http://www.cfc-it.de
CU,
--
Massimo Rosen
Micro Focus Knowledge Partner
No emails please!
http://www.cfc-it.de
0 Likes
retsef Absent Member.
Absent Member.

Re: GW 2014 and Exchange mail flow issues

Hi Massimo,

Our internet edge device actually is: a Firewall, a web proxy, a web filter, a mail filter, a DNS server, an SMTP smart host outbound and I think inbound. This is a single device that does all of these roles, so while you are correct that a firewall is not a proxy, in our case it most definitely is.

Our edge device also disallows delivery for all non fakeschool.edu.au emails, meaning that the GW mail server only sees emails destined for the correct domain.

"Your own firewall config not allowing GWIA to do as it's told to do."
What I THOUGHT I configured was for GW to send all incoming emails to unknown @fakeschool.net.au addresses to the (same internal vlan) Exchange Server.

Obviously I missed something here?

Without the Forward Undeliverable Inbound Messages to Host: [10.1.1.20] configured, internet destined mail-flow works, but when it is configured internet mail does not work.


I will look into the incoming smart host option.
0 Likes
Knowledge Partner
Knowledge Partner

Re: GW 2014 and Exchange mail flow issues

Hi.

Am 18.05.2015 um 23:06 schrieb retsef:

> Our edge device also disallows delivery for all non fakeschool.edu.au
> emails, meaning that the GW mail server only sees emails destined for
> the correct domain.


Still you incorrectly accept all mail for your domain(s), even when the
user doesn't exist. You'll either end up with a system where somoene
that mistypes an address never gets to know it, or you'll end up on
blacklist within minutes. Both, in this day and age, doesn't qualify as
acceptable.

> "Your own firewall config not allowing GWIA to do as it's told to do."
> What I THOUGHT I configured was for GW to send all incoming emails to
> unknown @fakeschool.net.au addresses to the (same internal vlan)
> Exchange Server.


I don't know what you configured, nor in which vlan which server is.

What I see is your GWIA attempting to connect via port 25 to a server
that I don't know, and you said before that your firewall doesn't allow
that.

The /fut switch should have no influence here, but IMHO that's academic,
as your setup will prove itself not useable that way for the reasons I
outlined above.

CU,
--
Massimo Rosen
Novell Knowledge Partner
No emails please!
http://www.cfc-it.de
CU,
--
Massimo Rosen
Micro Focus Knowledge Partner
No emails please!
http://www.cfc-it.de
0 Likes
retsef Absent Member.
Absent Member.

Re: GW 2014 and Exchange mail flow issues

Okay, let me try explaining myself again.

Everything works in my current setup except internet sourced inbound mail destined for the exchange server - which is first delivered to the GroupWise server as it was the first existing server.
I can mail from GW -> Internet.
I can mail from GW -> Exchange based user.
I can mail from Exchange -> GW based user.
I can mail from Exchange -> Internet based user.
I can mail from Internet -> GW
I can craft a message (telnet, SMTP, helo, mail from:, etc) to pretend to be "internet" -> Exchange -> GW (using a recipient that exists only in GW)

I cannot go Internet -> GW -> Exchange (using a recipient that exists only in Exchange)

I somehow need to fix this.

I assumed based on research that unlike in Exchange, where I can configure a Send Connector to route unknown addresses for the fakeschool.edu.au address, I needed to configure the "Forward Undeliverable Inbound Messages to Host" setting.

At this point I am considering swapping the mail delivery from the Firewall to land on Exchange and let it route the mail internally and be done with it.
Once inside the firewall both mail servers are on the same network, vlan, ip range, have full communication etc.

I'd dearly like to know how to get GW to behave like this or if it is simply not possible.
0 Likes
Micro Focus Expert
Micro Focus Expert

Re: GW 2014 and Exchange mail flow issues

Hi,

Just to add my thoughts here.... GWIA accepts mail for inbound and uses the MTA to do an address lookup. If the lookup fails then the mail will be rejected. What we did when we split a system into GroupWise and Exchange was setup the Exchange users on a different internet domain. Then using a route.cfg file you can re-route all mail for that internet domain directly to the IP address of your Exchange server. Sharing an internet domain name with GWIA as your "accepting SMTP gateway" is probably not going to work.

Another idea that I've had, which may or may not work, is to setup your Exchange users and external users in your GroupWise system.

Just my two cents worth.

Cheers,
Laura Buckley

Views/comments expressed here are entirely my own.
If you find this post helpful, please show your appreciation and click on "Like" below...
0 Likes
Knowledge Partner
Knowledge Partner

Re: GW 2014 and Exchange mail flow issues

Am 19.05.2015 um 07:06 schrieb retsef:
>
> Okay, let me try explaining myself again.
>
> Everything works in my current setup except internet sourced inbound
> mail destined for the exchange server - which is first delivered to the
> GroupWise server as it was the first existing server.


I understand that part, and also how you got to the conclusion you could
solve that using /fut. Yes, you can, *but* as a end result you will
accept al mail to that domain without a chance to let a sender know when
he sent to a non-existing address.

> I can mail from GW -> Internet.


Via a relay host if I understand your setup properly.

> I can mail from GW -> Exchange based user.


Which we here don't know why this works. Without additional
configuration tellign groupwise to send mail you yourdomain.com to the
exchnage box, this wouldn't work "automatically".

> I can mail from Exchange -> GW based user.


We again don't know why (possibly through the relay), but it also
doesn't matter too much yet.

> I can mail from Exchange -> Internet based user.


See above.

> I can mail from Internet -> GW


That we all hope. 😉

> I can craft a message (telnet, SMTP, helo, mail from:, etc) to pretend
> to be "internet" -> Exchange -> GW (using a recipient that exists only
> in GW)
>
> I cannot go Internet -> GW -> Exchange (using a recipient that exists
> only in Exchange)


No, because groupwise denies email to email addresses it doesn't know.
Unless you configure /fut....


> I somehow need to fix this.


And I'm trying to tell you that you for all reality that matters can't
fix that *in groupwise* theway you're trying to. You need to fix that in
your point of entry (so probably your gateway/firewall/proxy, aka
whatever is the first SMTP server external senders connect to. That box
needs to know your valid email addresses, and it needs to know to which
server it needs to connect for every address.

> I assumed based on research that unlike in Exchange, where I can
> configure a Send Connector to route unknown addresses for the
> fakeschool.edu.au address, I needed to configure the "Forward
> Undeliverable Inbound Messages to Host" setting.


We're running in circles. Yes, that should work for that matter. No,
that setup will not be useable in real life for the reasons I repeated
several times now.

> At this point I am considering swapping the mail delivery from the
> Firewall to land on Exchange and let it route the mail internally and be
> done with it.


Same problem.

> I'd dearly like to know how to get GW to behave like this or if it is
> simply not possible.


It *is* possible. But not usable in production. You *must* deny
non-existing addresses at your first point of SMTP entry.

CU,
--
Massimo Rosen
Novell Knowledge Partner
No emails please!
http://www.cfc-it.de
CU,
--
Massimo Rosen
Micro Focus Knowledge Partner
No emails please!
http://www.cfc-it.de
0 Likes
retsef Absent Member.
Absent Member.

Re: GW 2014 and Exchange mail flow issues

For anyone that comes along and finds this in google going forward, this is how I solved the issue.

Changed inbound mail to deliver to Exchange.
Exchange has fakeschool.edu.au configured as Accepted Domain, "Internal relay" type.
Exchange Send Connector - (SMTP, fakeschool.edu.au,1) smart hosted to GroupWise
Exchange Send Connector - (SMTP,*,10) smart hosted to my gateway to the internet.
GroupWise has outbound smart hosted to my gateway to the internet.
GroupWise has a route.cfg to point to my exchange box - (fakeschool.edu.au [10.x.x.x])

So it behaves as: email comes into org with @fakeschool.edu.au address, delivers to Exchange. If Exchange knows about that address it puts the email in the mailbox, if not it forwards to GroupWise.
If GroupWise has that mailbox in its PO's it delivers the mail. If it doesn't exist, GroupWise responds to exchange with 550 NDR's and exchange sends an NDR back to the originator.
0 Likes
Micro Focus Expert
Micro Focus Expert

Re: GW 2014 and Exchange mail flow issues

Hi,

So glad that you got it working. Thank you very much for posting your solution - that way we all learn 🙂

Cheers,
Laura Buckley

Views/comments expressed here are entirely my own.
If you find this post helpful, please show your appreciation and click on "Like" below...
0 Likes
Knowledge Partner
Knowledge Partner

Re: GW 2014 and Exchange mail flow issues

Am 21.05.2015 um 00:56 schrieb retsef:

> exchange sends an NDR back to the originator.


And that will get you on internet blacklists sooner or later, because
you send back NDRs to spam mails with faked sender addresses.

I tried, I really tried...

CU,
--
Massimo Rosen
Novell Knowledge Partner
No emails please!
http://www.cfc-it.de
CU,
--
Massimo Rosen
Micro Focus Knowledge Partner
No emails please!
http://www.cfc-it.de
0 Likes
Knowledge Partner
Knowledge Partner

Re: GW 2014 and Exchange mail flow issues

Am 21.05.2015 um 08:06 schrieb laurabuckley:
>
> Hi,
>
> So glad that you got it working. Thank you very much for posting your
> solution - that way we all learn 🙂


But it isn't a solution Laura.

CU,
--
Massimo Rosen
Novell Knowledge Partner
No emails please!
http://www.cfc-it.de
CU,
--
Massimo Rosen
Micro Focus Knowledge Partner
No emails please!
http://www.cfc-it.de
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.