Messaging Gateway

Dear all, I have problems with local delivery for unknown reason - SBG will not delives some messages to local Exchange 2003. When I check the Message Queue/Delivery, I see number of messages not delivered, addressed to domain which s local, and the error message is "421 4.4.0 [internal] no MXs for this domain could be reached at this time". Since this is a local domain, SBG should not look for it's MX, but simply deliver to local Exchange server. I am quite sure that I've specified it right. Any ideas? Thanks in advance, Ivo

What did you spec in your Protocols / Domain setup?  On the Delivery tab, have you selected Optionally route, supplied a destination host, specied a port, and unchecked MX?

Have you told Exchange to accept mail from your SBG ip addresses?

On each scanner, under SMTP, Advance, at the bottom in SMTP Delivery Bindings  selected an IP address instead of auto?  If you have multiple IPs, auto may change IPs it used for local delivery over time.

Yes, I did specify "Optionaly route", and I did not check MX.

Messages held in Delivery queue have the route "Domain:company.com" where "company.com" is a local domain.
When I mark or filter those mesages and reroute them to the IP of my Exchange server, they are delivered normaly.

The mistery is: Why is the local domain not recognized as "local delivery" and/or delivered normaly?

BR,

Ivo

Phhowe17,

I have checked SMTP Delivery Bindings, and those were probably wrong.

I've set SBG's internal address for "Local Messages"
I've set SBG's external address for "Non-local messages"

I did not know what to set for "Dynamicaly routed messages" so I've left it to "Auto"
I was not sure what to put for "Messages destined for the Control Center", so I left it on external address - probably wrong?!?

I.

Did you use company.com in the optionally route, or the host name of your exchange server?

From the GUI or command line, what does an NSLOOKUP of company.com return?   Does it return the IP address of your exchange server?

Is the scanner in a DMZ and is DMZ DNS the same as your internal DNS?

Let me fill you in on my topology - it's fairly simple:

There is an Exchange 2003 server on local network, behind the ISA firewall.
Brightmail device has two Ethernet adapters, one on the local network, and other on the internet (public address).

I want my mail to flow in and out through Brightmail appliance exclusively.


I have used the IP address of my Exchange server in "Optionally route" for all 4 domains I am hosting. DNS is OK.

----------------------

From what I see the system now works fine. The problem was that I have (at some point of despair) declared the external address of SBG for local delivery in SMTP Delivery Bindings.

Thanks for pinting me to it !!!

Now - if I may use this opportunity ... could you please comment on the purpose and right setting for "Dynamicaly routed messages" and "Messages destined for the Control Center" ?!?

BR,

Ivo

I have a similar environment, but both legs are in a DMZ between two firewalls.  Nothing gets a leg inside our environment if the other leg is in a DMZ (except firewalls)..

Message destined for control center should be bound to the interface that can see your CC.   My CC is completely inside, so in my case this is the inside interface of the Scanner.

Dynamically routed - would happen if you are using AD to generate routing of messages In 8.x this would be enabled using a LDAP connector with routing enabled.  This allows you to use an attribute of the recipients AD entry to determine a next-hop server (e.g. Exchange_west vs Exchange_East, division, etc).

Thanks for the explanation. My CC is on the (only) scanner, so I guess "Auto" should do since both nterfaces can see CC.

I am monitoring the message queue while waiting for your answers, and the only message stucked there since I've changed  the binding is one from MAILER-DAEMON sent to some external address, routed as "Default-Non-Local-Route" and with empty "Message" field.
Maybe it is a non-delivery answer to some faked mail address? Doesn't SBG drop messages which are not addressed to one of my domains?

I.

You must be on 9.0.

My 8.0 boxes have hundreds on undeliverable, outbound NDRs.