My company uses an Exchange 2000 Server cluster, and our firewall accepts inbound SMTP traffic on port 25 to the cluster's virtual server IP address. However, outbound SMTP traffic always appears with the node's physical IP address. Why is this, and how can we fix it?
The IP address on your outbound SMTP traffic appears by design. When the Exchange Server SMTP engine has more than one IP address to choose from, the engine picks the best IP address. In your case, the "best" address happens to be the node's physical IP address. Requiring the virtual server to use one IP address might unexpectedly stop mail from flowing if something happens to that IP address's connectivity. As a result, Microsoft designed the SMTP server to use any available IP address so that the Exchange routing engine can work around temporary connectivity and hardware failures. Therefore, you can't fix this behavior; you have to configure your firewall to pass traffic from the second IP address.