On 15 October 2009 Cisco said:
> The company I'm doing support work for has an odd setup -
>
> (I'll make up some fictitious names since there may be security
> problems)
>
> Their SHARK server hosts domains www.thecompany.com, and
> www.thesupportsite.com
>
> They want to have people who have email accounts at @supportsite.com
> to be able to send emails to people at @thecompany.com
>
> But...
>
> www.thecompany.com, while hosted at the SHARK server, has its dns
> records at an older hosting service, OLDHOSTING.com That doesn't seem
> to cause any problems, people can get to the website fine, since it was
modified to point to the new server.
>
> the exchange mail server for mail.thecompany.com, however, is at a
> different server, INOFFICE server The MX settings are setup correctly
> for their dns, at OLDHOSTING.com, to point to "mail.thecompany.com",
> the exchange server at INOFFICE server
>
> The mail for www.thesupportsite.com is managed at the same server
> where its hosted, SHARK server.
>
> I setup the resolvers at the SHARK server to use the open dns ips. That
seems to work fine.
> Little slow, but works.
>
> I followed directions for setting up an external mail server with
> exim. I removed thecompany.com from etc/localdomains, and added it to
> etc/remotedomains
>
> doing a test on the SHARK server:
> > exim -bt test@???
> router = lookuphost, transport = remote_smtp
> host mail.thecompany.com [xxx.xxx.xxx.xxx] MX=10
> host mail2.thecompany.com [xxx.xxx.xxx.xxx] MX=20
>
> It seems to resolve correctly. It gets the correct ip address to the
> exchange server at the INOFFICE server.
> But, exim fails to deliver email to test@??? Error seems to be:
> 1 - test@??? R=lookuphost T=remote_smtp: retry time not
> reached for any host after a long failure period
>
> Why is it failing to reach the mail server? It gets the correct ip
> address. Its trying to deliver by remote_smtp. Email gets sent fine to
> xxx@??? from any other domain, such as gmail or yahoo.
>
> I'm about to tell them "I dunno. You'll have to hire a guru". This problem
has me baffled.
>
[Hmm, Didn't manage to send this to the list the first time...]
Does this company use the same IPs internally as externally?
I would expect not. Our setup here is that the mail server has an external
IP, and an internal IP. The firewall translates all connections to the
external IP to the internal IP as the packets cross it. The mail server
only knows the internal IP.
Internally we have DNS setup with all the internal IP addresses and MX
records, which everything inside the firewall uses. The DNS server also
serves a different zone file for the same domain to requests from outside
the network, but I guess "the company" wouldn't do that as they have
OLDHOSTING.com doing it for them.
If the internal server used the external MX records and address (which is
the normal case when sending mail to an external site), it would send the
packets to an external IP, so the packets would go to the firewall to be
sent to the internet, at which point the firewall will see that the internet
address is one of its own, then it really depends on exactly how the
firewall is setup as to if works or not.
I think you need to make sure the MX records are correct as seen from inside
their network...
Bryn
--
Network Administrator
Parrs Wood High School
