• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 651
  • Last Modified:

Front End Exchange - mounted mailbox store or not?

I could use some help with clarification of the following :

A MS whitepaper on FE/BE Exchange topology states - "...if you are using SMTP (on a front end server), a mailbox store is required, but the mailbox store must not contain any mailboxes"  The reason for this is that SMTP requires a mail store for routing of NDRs.  

***What is the exact configuration of the front-end server where a private store is mounted but has no mailboxes?***

I was under the impression you HAD to use SMTP on the front end for the whole FE/BE thing to work.  What I need is to generate NDR's and support SMTP/IMAP/HTTP (OWA) clients.

Thanks for any insight!
0
davis
Asked:
davis
  • 6
  • 5
1 Solution
 
JasonBighamCommented:
First, you have to have the Enterprise version of Exchange.

Once you set the server in front end mode, the rest is automatic. You don't ahve to worry about the above, there will bea  store, but you won't be able to add mailboxes to it... nor do you need to (it's a front end server)
0
 
OneHumpCommented:
For SMTP, you need a private store on your FE server, but you don't want to put any user mailboxes on it.  FE functionality is separate from SMTP.  FE supports IMAP, POP and OWA.  SMTP will work on an FE server, but you need a store configured on that server for it to work.  There are a couple of hidden mailboxes used by the store driver to route mail; That's why you need a store.  

OneHump
0
 
davisAuthor Commented:
I'm not really sure that I need SMTP working on the FE server.  

Why would I want this - is this the only way to reliably generate NDR's?  

From onehump - "There are a couple of hidden mailboxes used by the store driver to route mail; That's why you need a store. " - is this necessary (see below)

The original article from MS i found on configuring the FE server stated :  "Dismount and delete public and mailbox stores"
...the article is entitled "Microsoft Exchange 2000 Server Front-End and Back-End topology"

Thanks for helping clear up this confusion.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
OneHumpCommented:
No, you would need SMTP if you want to use your SMTP server as a bridgehead.  A bridgehead would be used to route email to other routing groups or to the Internet.  You could also configure SMTP on an FE server if you want POP/IMAP clients to use that server as their SMTP server.

For an FE server without SMTP, you may delete your stores, that is a good practice.  If you are going to use SMTP, you'll need a private store, which means you may delete your public store, but leave your private store.

OneHump
0
 
davisAuthor Commented:
great info!  couple questions that I have still :

1- Would I need the FE server to run SMTP to route mail to other routing groups or distributed BE mailbox servers?  I have not specified a bridgehead but there may be a defalt bridgehead at the first server in the Exchange Org by default....
Currently, I have the Microsoft Information store 'disabled' in Services on the FE server  - things seem to work fine with OWA.  
As well, I thought it was an AD lookup to find the server with the correct user mailbox...

2- Since both FE and BE servers are behind the firewall, I may not want POP/IMAP clients to use that server as their SMTP server.  What is a best practice here?
I am mainly using the FE server for OWA.

thanks!
0
 
OneHumpCommented:
Here you go:

1.  You don't need it unless you want it.  If you arent overloaded, it's fine to use an FE server as a bridgehead.  You can use it as an IM server/router as well.

2.  I would not recommend allowing POP/IMAP from outside.  Big security risks there.  Also, OWA without SSL and two factor authentication is a big risk.  I would keep that stuff inside and use VPN for remote access.

If you do need to allow POP/IMAP or OWA, then you would want that server isolated.  You could either create a VPN tunnel from your dirty network to the network where your VPN is located, or you could simply open port 80/443 on the firewall between the FE and BE.  You could also dual home NICs, but I probably wouldnt do that unless you have firewalls protecting both exposed subnets. There are many, many ways to do this.

Keep asking questions if you have them.  It's not a problem.

OneHump
0
 
davisAuthor Commented:
gotcha -

..back to 1 - do I want it if I am really only using it for OWA?

..back to 2 - good point on the security.  We are using VPN to access the network.  As well, we are quarantining the OWA to an SSL VPN over web interface using the following product - http://www.netilla.com/   So, no ports open to the outside, other than port 25

So, we've isolated both servers FE & BE from outside.  With this cfg, do you have a recommendation for using or NOT using SMTP (deleting private store)on the FE?

thanks!
0
 
OneHumpCommented:
1.  No, you don't need SMTP or a store if you are doing OWA.  

You can use SMTP if you need it to connect to the Internet.  If you need it, use it, but if you just want OWA, then forget it.  :)

OneHump
0
 
davisAuthor Commented:
one more thing -

I can add a store back later, after deleting,  if SMTP is needed on the FE server?
0
 
OneHumpCommented:
Absolutely.  You just right-click on the storage group and create a new store.

OneHump
0
 
davisAuthor Commented:
thanks again!
0
 
OneHumpCommented:
My pleasure.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

  • 6
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now