Can't send mail to own domain behind BorderManager
(Last modified: 15Jan2003)
This document (10014421) is provided subject to the disclaimer at the end of this document.
goal
Can't send mail to own domain behind BorderManager
How to configure GWIA for loopback messages running behind a Border Manager server using NAT (Network Address Translation).
fact
Formerly TID 2944215.
symptom
Cannot send mail to address of local mail domain behind NAT.
Unable to send loopback mail using NAT.
cause
With GWIA running behind a Border Manager firewall using NAT, loopback messages will not work. There are a couple of ways to work around this limitation.
fix
1) The first is to run GWIA on the Border Manager server against the public interface. When this is the case NAT will not come into play. If this solution is chosen, the SET NAT DYNAMIC MODE TO PASS THRU=ON parameter must be set on the Border Manager server.
2) The second method which is certainly the easiest (But not necessarily the best), is to have whomever is hosting your DNS to add another MX record that uses your INTERNAL PRIVATE IP address as the exchange, and give it a LOWER precedence (Which is a HIGHER number). Then when your Gateway tries to locate an MX record for your domain, it will get back 2 (or more) records, the first one that it will try is the one with the highest precedence (lowest number), which will be your public NAT LOOPBACK address, this WILL fail, THEN your server will attempt communication with the next in line, precedence-wise, MX server, which will resolve to your internal address, which the server will/should be able to contact with no problem.
3) Another method involves setting up a file in the Domain\wpgate\GWIA directory called route.cfg
To use route.cfg, create a file in the Domain\wpgate\GWIA directory called route.cfg. The file should look like this:
Hostname [space] IPAddress (square brackets should be used if we don't want GWIA to query DNS)
Here is an example:
novell.com [192.168.1.2] (Scenario 1)
unixbox 123.1.2.3 (Scenario 2)
smtpmachine 192.168.1.3 (Scenario 3)
With the first Address (novell.com), Gwia will not query DNS for novell.com but send mail to 192.168.1.2. With the second Address (unixbox) GWIA will send mail addressed to user@unixbox to 123.1.2.3. The third one is if you want email destined to one particular host to pass through a separate SMTP server. This may be because of Virus checking or to create copies of all email messages going to CERTAIN locations (in this case smtpmachine). [This configuration was tested with GWIA 5.5 1]
4) The last method that could be used is to set up an internal DNS server with an MX record that resolves to the loopback internal, non-routable IP address where GWIA is running. The RESOLV.CFG file will have to be modified to use this internal DNS server as the primary nameserver. This way, when a loopback message is sent, the DNS query never leaves the private segment and NAT is taken out of the picture.
The internal DNS server will need to have a link to a secondary DNS server set so that other messages besides loopback can be resolved. This secondary DNS server can be an external DNS server. To create this secondary DNS server load UNICON at the Internal DNS server console screen. Go to manage services, choose DNS and then administer DNS. Then choose link to existing DNS hierarchy, link indirect via forwarders. You can then put in any IP address to other DNS servers. When a message cannot be resolved using the internal DNS server, the servers you specified on the previously mentioned screen will be used to resolve the address.
Note: Patches NDB405.EXE and DNS401C.EXE or later should be applied on the internal DNS server for this to work.
document
| Document Title: | Can't send mail to own domain behind BorderManager |
| Document ID: | 10014421 |
| Solution ID: | 4.0.24571452.2279985 |
| Creation Date: | 17Aug1999 |
| Modified Date: | 15Jan2003 |
| Novell Product Class: | Connectivity Products Groupware Novell BorderManager Services |
disclaimer
The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information.
Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.