In this article we will look at the steps to create and identify the list of public Ip’s used by exchange
In this article we will have a look at the steps to set all Outgoing SMTP from 1 IP address and to see all the ip address from the Exchange server.
First you have to run Get-SendConnector SourceIPAddress x.x.x.x from the EMS in order to see the source IP address of the exchange server
By default this value will be set only to 0.0.0.0 and exchange hub will take its default assigned ip to send emails to the smart host (firewall/spam filter/Spam cloud). However you can check this if there is any value set to be on the safer side.
Now how the mail flow will go from your Exchange server
From your Exchange – to your firewall – then its gets NAT’ed from local ip to public ip and to internet
We need to NAT our local IP to one public IP.
Inorder to do that Follow the below steps:
Now you need to accomplish this with a router/firewall with a feature called Policy Based Routing.
1) Create a firewall/NAT rule to NAT outbound traffic from exchange ip address to your preferred public ip address.
2) With this you could make a rule like: When traffic is coming from my mail server AND the destination port is 25, send the traffic through your ISP from one of your public IP.
To be more precise you will have to do many to one NAT in your firewall as below:
For Example below is your server
Server name Private IP (Server) (Public IP on firewall) Port
Server1: 192.168.0.1 –> 188.8.131.52 Port 25
Server2: 192.168.0.2 –> 184.108.40.206 Port 25
If your servers configured as above your source public will be 220.127.116.11 from both the servers.
Also you should have PTR created for your external IP. If not please inform your ISP to create PTR for your external IP’s.
How to identify which Public IP your exchange services are using
There are multiple ways to identify the public ip address used by exchange server
The easiest way to identify them is through MX lookup
You can query all the Exchange url’s through nslookup to see the results
Things you need to query through nslookup:
1) Query external autodiscover url
2) Query webmail external url
3) Query outlook anywhere external url
Below is an example of mxlookup for Microsoft records
This steps can be useful during the migration scenarios of exchange servers as well as firewall.
Tagged: exchange server, public Ip
Leave a Reply