Steps to create/identify the list of public Ip’s used by exchange services

In this article we will look at the steps to create and identify the list of public Ip’s used by exchange

In this article we will have a look at the steps to set all Outgoing SMTP from 1 IP address and to see all the ip address from the Exchange server.

First you have to run Get-SendConnector SourceIPAddress x.x.x.x from the EMS in order to see the source IP address of the exchange server

Note:

By default this value will be set only to 0.0.0.0 and exchange hub will take its default assigned ip to send emails to the smart host (firewall/spam filter/Spam cloud). However you can check this if there is any value set to be on the safer side.

Now how the mail flow will go from your Exchange server

From your Exchange – to your firewall – then its gets NAT’ed from local ip to public ip and to internet

We need to NAT our local IP to one public IP.

Inorder to do that Follow the below steps:

Now you need to accomplish this with a router/firewall with a feature called Policy Based Routing.

1)      Create a firewall/NAT rule to NAT outbound traffic from exchange ip address to your preferred public ip address.

2)      With this you could make a rule like: When traffic is coming from my mail server AND the destination port is 25, send the traffic through your ISP from one of your public IP.

To be more precise you will have to do many to one NAT in your firewall as below:

For Example below is your server

Server name      Private IP (Server)     (Public IP on firewall)               Port

Server1:               192.168.0.1          –> 65.55.33.118                           Port 25

Server2:               192.168.0.2          –> 65.55.33.118                           Port 25

If your servers configured as above your source public will be 65.55.33.118 from both the servers.

Also you should have PTR created for your external IP. If not please inform your ISP to create PTR for your external IP’s.

How to identify which Public IP your exchange services are using

There are multiple ways to identify the public ip address used by exchange server

The easiest way to identify them is through MX lookup

You can query all the Exchange url’s through nslookup to see the results

Things you need to query through nslookup:

1)      Query external autodiscover url

2)      Query webmail external url

3)      Query outlook anywhere external  url

Below is an example of mxlookup for Microsoft  records

This steps can be useful during the migration scenarios of exchange servers as well as firewall.

Thanks
Sathish Veerapandian

Tagged: ,

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: