Messaging Gateway

New install of SMS SMTP 5.0.1 with patch 187 deployed on a Windows 2003 Standard R2 SP2 with one NIC and two IP addresses, both in a DMZ.  I have installed both the Scanner and the Control Center on this box.  SMS will handle both inbound and outbound mail filtering and will serve as the outside MX for our domain.  Outside inbound mail will be scanned/filtered and then relayed to an Exchange server farm on my inside network.  The reverse will happen for outbound mail: SMTP will relay the mail to SMS which will then scan/filter it and send it out on the Internets.

The two DMZ IP addresses are on the same subnet and have the same gateway address.  I'm statically NATing two outside IP addresses to the two IP addresses in the DMZ.  For example, 1.2.3.4 NATs to 10.1.1.4 and 1.2.3.5 NATs to 10.1.1.5.  The 1.2.3.4 to 10.1.1.4 NAT is for a website (actually, Citrix Secure Gateway and Web Interface), and the 1.2.3.5 to 10.1.1.5 NAT is for SMS/MX.

I have configured SMS to listen on port 10.1.1.5 port 25 for inbound mail, and port 26 for outbound mail (from my exchange servers).  I can receive mail just fine on both of those ports and IP addresses.  However, here's the problem:

In Windows, 10.1.1.4 is the "default" IP address; that is, it is the first IP address listed in the advanced TCP/IP properties.  As such, when SMS goes to build a connection either to the Internet or to my Exchange servers, it uses that address, rather than the 10.1.1.5.  As you can imagine, this creates numerous issues with my public MX records and firewall configurations.

I can't make the 10.1.1.5 the "default" IP address, as this breaks my Citrix site.  Shouldn't SMS use the 10.1.1.5 address since it is specified in both the inbound and outbound mail settings section of the SMTP configuration in SMS?  Why is it trying to use the "default" IP address rather than the IP address I specified?  I'm hoping to avoid putting additional NICs in this box if possible.

Thanks!

This post is getting no attention, so I'm replying to move it to the top :)

Sure, that was always an option.  I was hoping to avoid having to change my config to accommodate the application.  I have since abandoned SMS and moved on to another product, for the reasons raised in this post as well as many others.

ive got the same issue as the original poster of this message, before i used 1 NIC and wasting my almsot 2 months of configuration that even Symantec Engr don't know what to do. anyways, recently i went back  the drawing board, study carefull, search everything in this SMSSMTP 5, because our company implement "branded" Symantec Security i have no choice but to pattern all security features of Symantec in my implementations/projects.

going back to SMS SMTP, i tried using 2 NIC. i have firewall appliance now here's what i did:

1. have 2 NIC, 1 is in internal network (trusted), the other 1 is in DMZ
2. internal NIC has private IP that i used for outbound email, NIC in DMZ has also private IP and is use for inbound
3. i configure both with port 25
4. i configure my Exchange 2003 Server Connectors under Routing Groups, you may use this link how to do that http://support.microsoft.com/kb/265293 and http://support.microsoft.com/default.aspx?scid=kb;en-us;314961

5. under "Forward all mail through this connector to the following smart hosts" specify the IP of the outbound IP address in brackets like this one [192.168.1.1]

6. refresh the Exchange Server and test it.

7. as for inbound, make sure that your DMZ and Exchange meets, and make sure that you set that when SMS SMTP receives it forwards to your Exchange server which is in your trusted network

Now my outbound and inbound connection is working for me, my tears and sweat comes out before i figure it out.

Thanks to myself.