Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Front End Server and Inbound/Outbound SMTP Relay

Posted on 2004-10-22
6
Medium Priority
?
1,322 Views
Last Modified: 2012-05-05
I have a front end Exchange server running Exchange 2000 and two back-end Exchange 2000 Servers.  I have configured the SMTP Virtual Server on my front end server with a smart host - the IP Address of one of the back-end Exchange servers (for Inbound mail). I would like to forward all outbound mail from my back end servers to the front end server.  Do I require another NIC card so that I can create a second SMTP Virtual Server with a different IP address so that I can relay mail outbound?  or is there a way to configure the front end mail relay to send both inbound and outbound mail with one NIC and IP address?
0
Comment
Question by:wmorlett
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 21

Expert Comment

by:marc_nivens
ID: 12387411
If the servers are all part of the same routing group you do not need to setup smart hosts at all.  First, remove that setting.  Then, create an SMTP connector and set the local bridgehead to be the front end server.  If you inbound mail comes to the front end, it will automatically be delivered to the back end.  And which server you set as the local bridgehead on the SMTP connector will be the one that all of the outbound mail is sent through.
0
 

Author Comment

by:wmorlett
ID: 12389282
This worked great.  Is there anything else you recommend doing to secure the relay so that it cannot be used by others to relay mail?  I only want to receive mail inbound for one domain (mine) and want my two exchange servers (back-end servers) to be able to relay to this front end server.
0
 
LVL 21

Accepted Solution

by:
marc_nivens earned 2000 total points
ID: 12389358
3 things you can do to secure relay:

1.  On the properties of the SMTP virtual server/2nd tab/relay - verify that only the list below is selected (and its empty) and the box is checked to allow authenticated users to relay
2.  On the properties of the SMTP connector, address space tab.  Make sure the box that says "allow relay to these domains" is unchecked for the * entry
3.  Make sure your admin users have strong passwords.  It's not uncommon for a spammer to try and crack the admin password so they can relay

If you do these things you will go a long ways toward preventing relay, and these steps will not affect mail flow from the back end servers to the internet or vice versa.
0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 

Author Comment

by:wmorlett
ID: 12389718
Thank you.  This was quit different from 5.5 and I was a little thrown as how to accomplish this.  You've been of great assistance.  Kudos!!

Will
0
 

Author Comment

by:wmorlett
ID: 12394041
I do not support IMAP4 or POP3 on either of my back end servers so I've turned the services off on both my back end and front end server(s).  Since I don't support IMAP4 or POP3 can I disable the Information Store on my front end server?  
0
 
LVL 21

Expert Comment

by:marc_nivens
ID: 12396550
No, the Information Store is required if mail is sent through that server (it does message conversion).  Also make sure you keep the mailbox store mounted as well.
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will help to fix the below error for MS Exchange server 2010 I. Out Of office not working II. Certificate error "name on the security certificate is invalid or does not match the name of the site" III. Make Internal URLs and External…
As much as Microsoft wants to kill off PST file support, just as they tried to do with public folders, there are still times when it is useful or downright necessary to export Exchange mailboxes to PST files. Thankfully, it is still possible to e…
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
how to add IIS SMTP to handle application/Scanner relays into office 365.
Suggested Courses

598 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question